oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-10 19:32:02 +00:00
Code Wiki Activity

[v11.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9089)

Browse source 
**Backport: https://codeberg.org/forgejo/forgejo/pulls/9072**

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9089
This commit is contained in:
Earl Warren 2025-08-30 18:52:43 +02:00
parent 3de4b351a2
commit a040ef4b0d
18 changed files with 252 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

5
services/context/org.go
View file

@ -15,6 +15,7 @@ import (
"forgejo.org/modules/markup/markdown"
"forgejo.org/modules/setting"
"forgejo.org/modules/structs"
redirect_service "forgejo.org/services/redirect"
)
// Organization contains organization context
@ -47,13 +48,13 @@ func GetOrganizationByParams(ctx *Context) {
ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
if err != nil {
if organization.IsErrOrgNotExist(err) {
redirectUserID, err := user_model.LookupUserRedirect(ctx, orgName)
redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, orgName)
if err == nil {
RedirectToUser(ctx.Base, orgName, redirectUserID)
} else if user_model.IsErrUserRedirectNotExist(err) {
ctx.NotFound("GetUserByName", err)
} else {
ctx.ServerError("LookupUserRedirect", err)
ctx.ServerError("LookupRedirect", err)
}
} else {
ctx.ServerError("GetUserByName", err)