Allow repo admins too to delete the repo (#23940)

Fixes https://github.com/go-gitea/gitea/issues/23934

We need to check `AccessModeAdmin` in `CanUserDelete` instead of
`AccessModeOwner`
This commit is contained in:
yp05327 2023-04-08 00:21:02 +09:00 committed by GitHub
parent 36c0840cf1
commit 26a0cd7143
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 2 deletions

@ -100,6 +100,11 @@ func (org *Organization) IsOwnedBy(uid int64) (bool, error) {
return IsOrganizationOwner(db.DefaultContext, org.ID, uid)
}
// IsOrgAdmin returns true if given user is in the owner team or an admin team.
func (org *Organization) IsOrgAdmin(uid int64) (bool, error) {
return IsOrganizationAdmin(db.DefaultContext, org.ID, uid)
}
// IsOrgMember returns true if given user is member of organization.
func (org *Organization) IsOrgMember(uid int64) (bool, error) {
return IsOrganizationMember(db.DefaultContext, org.ID, uid)

@ -8,6 +8,7 @@ import (
"fmt"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
@ -53,6 +54,20 @@ func IsOrganizationOwner(ctx context.Context, orgID, uid int64) (bool, error) {
return IsTeamMember(ctx, orgID, ownerTeam.ID, uid)
}
// IsOrganizationAdmin returns true if given user is in the owner team or an admin team.
func IsOrganizationAdmin(ctx context.Context, orgID, uid int64) (bool, error) {
teams, err := GetUserOrgTeams(ctx, orgID, uid)
if err != nil {
return false, err
}
for _, t := range teams {
if t.AccessMode >= perm.AccessModeAdmin {
return true, nil
}
}
return false, nil
}
// IsOrganizationMember returns true if given user is member of organization.
func IsOrganizationMember(ctx context.Context, orgID, uid int64) (bool, error) {
return db.GetEngine(ctx).

@ -21,11 +21,11 @@ func CanUserDelete(repo *repo_model.Repository, user *user_model.User) (bool, er
}
if repo.Owner.IsOrganization() {
isOwner, err := organization.OrgFromUser(repo.Owner).IsOwnedBy(user.ID)
isAdmin, err := organization.OrgFromUser(repo.Owner).IsOrgAdmin(user.ID)
if err != nil {
return false, err
}
return isOwner, nil
return isAdmin, nil
}
return false, nil