mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
fix users being able bypass limits with repo transfers (#34031)
prevent user from being able to transfer repo to user who cannot have more repositories
This commit is contained in:
@@ -20,10 +20,22 @@ import (
|
||||
"code.gitea.io/gitea/modules/gitrepo"
|
||||
"code.gitea.io/gitea/modules/globallock"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
notify_service "code.gitea.io/gitea/services/notify"
|
||||
)
|
||||
|
||||
type LimitReachedError struct{ Limit int }
|
||||
|
||||
func (LimitReachedError) Error() string {
|
||||
return "Repository limit has been reached"
|
||||
}
|
||||
|
||||
func IsRepositoryLimitReached(err error) bool {
|
||||
_, ok := err.(LimitReachedError)
|
||||
return ok
|
||||
}
|
||||
|
||||
func getRepoWorkingLockKey(repoID int64) string {
|
||||
return fmt.Sprintf("repo_working_%d", repoID)
|
||||
}
|
||||
@@ -49,6 +61,11 @@ func AcceptTransferOwnership(ctx context.Context, repo *repo_model.Repository, d
|
||||
return err
|
||||
}
|
||||
|
||||
if !doer.IsAdmin && !repoTransfer.Recipient.CanCreateRepo() {
|
||||
limit := util.Iif(repoTransfer.Recipient.MaxRepoCreation >= 0, repoTransfer.Recipient.MaxRepoCreation, setting.Repository.MaxCreationLimit)
|
||||
return LimitReachedError{Limit: limit}
|
||||
}
|
||||
|
||||
if !repoTransfer.CanUserAcceptOrRejectTransfer(ctx, doer) {
|
||||
return util.ErrPermissionDenied
|
||||
}
|
||||
@@ -399,6 +416,11 @@ func StartRepositoryTransfer(ctx context.Context, doer, newOwner *user_model.Use
|
||||
return err
|
||||
}
|
||||
|
||||
if !doer.IsAdmin && !newOwner.CanCreateRepo() {
|
||||
limit := util.Iif(newOwner.MaxRepoCreation >= 0, newOwner.MaxRepoCreation, setting.Repository.MaxCreationLimit)
|
||||
return LimitReachedError{Limit: limit}
|
||||
}
|
||||
|
||||
var isDirectTransfer bool
|
||||
oldOwnerName := repo.OwnerName
|
||||
|
||||
|
Reference in New Issue
Block a user