From 26a0cd7143cc933cee37ac87696eeda46b1ea437 Mon Sep 17 00:00:00 2001 From: yp05327 <576951401@qq.com> Date: Sat, 8 Apr 2023 00:21:02 +0900 Subject: [PATCH] Allow repo admins too to delete the repo (#23940) Fixes https://github.com/go-gitea/gitea/issues/23934 We need to check `AccessModeAdmin` in `CanUserDelete` instead of `AccessModeOwner` --- models/organization/org.go | 5 +++++ models/organization/org_user.go | 15 +++++++++++++++ modules/repository/delete.go | 4 ++-- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/models/organization/org.go b/models/organization/org.go index fa2a604721..53b020d704 100644 --- a/models/organization/org.go +++ b/models/organization/org.go @@ -100,6 +100,11 @@ func (org *Organization) IsOwnedBy(uid int64) (bool, error) { return IsOrganizationOwner(db.DefaultContext, org.ID, uid) } +// IsOrgAdmin returns true if given user is in the owner team or an admin team. +func (org *Organization) IsOrgAdmin(uid int64) (bool, error) { + return IsOrganizationAdmin(db.DefaultContext, org.ID, uid) +} + // IsOrgMember returns true if given user is member of organization. func (org *Organization) IsOrgMember(uid int64) (bool, error) { return IsOrganizationMember(db.DefaultContext, org.ID, uid) diff --git a/models/organization/org_user.go b/models/organization/org_user.go index e5cbfe6c0f..d0598ab5d1 100644 --- a/models/organization/org_user.go +++ b/models/organization/org_user.go @@ -8,6 +8,7 @@ import ( "fmt" "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/models/perm" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/log" @@ -53,6 +54,20 @@ func IsOrganizationOwner(ctx context.Context, orgID, uid int64) (bool, error) { return IsTeamMember(ctx, orgID, ownerTeam.ID, uid) } +// IsOrganizationAdmin returns true if given user is in the owner team or an admin team. +func IsOrganizationAdmin(ctx context.Context, orgID, uid int64) (bool, error) { + teams, err := GetUserOrgTeams(ctx, orgID, uid) + if err != nil { + return false, err + } + for _, t := range teams { + if t.AccessMode >= perm.AccessModeAdmin { + return true, nil + } + } + return false, nil +} + // IsOrganizationMember returns true if given user is member of organization. func IsOrganizationMember(ctx context.Context, orgID, uid int64) (bool, error) { return db.GetEngine(ctx). diff --git a/modules/repository/delete.go b/modules/repository/delete.go index 01674db4a1..72c0dc9135 100644 --- a/modules/repository/delete.go +++ b/modules/repository/delete.go @@ -21,11 +21,11 @@ func CanUserDelete(repo *repo_model.Repository, user *user_model.User) (bool, er } if repo.Owner.IsOrganization() { - isOwner, err := organization.OrgFromUser(repo.Owner).IsOwnedBy(user.ID) + isAdmin, err := organization.OrgFromUser(repo.Owner).IsOrgAdmin(user.ID) if err != nil { return false, err } - return isOwner, nil + return isAdmin, nil } return false, nil