Skip to content

Fix team member access check#35899

Merged
wxiaoguang merged 2 commits intogo-gitea:mainfrom
wxiaoguang:fix-team-user-access
Nov 9, 2025
Merged

Fix team member access check#35899
wxiaoguang merged 2 commits intogo-gitea:mainfrom
wxiaoguang:fix-team-user-access

Conversation

@wxiaoguang
Copy link
Copy Markdown
Contributor

@wxiaoguang wxiaoguang commented Nov 8, 2025

Fix #35499

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 8, 2025
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Nov 8, 2025
@wxiaoguang wxiaoguang mentioned this pull request Nov 8, 2025
Closed
@wxiaoguang
Copy link
Copy Markdown
Contributor Author

wxiaoguang commented Nov 8, 2025

image image image

@wxiaoguang wxiaoguang force-pushed the fix-team-user-access branch from 22cd27d to 3d909f8 Compare November 8, 2025 12:59
@wxiaoguang wxiaoguang added type/bug backport/v1.25 This PR should be backported to Gitea 1.25 labels Nov 8, 2025
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 8, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 9, 2025
@wxiaoguang wxiaoguang enabled auto-merge (squash) November 9, 2025 02:47
@wxiaoguang wxiaoguang merged commit 050c948 into go-gitea:main Nov 9, 2025
25 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Nov 9, 2025
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Nov 9, 2025
@wxiaoguang @GiteaBot
Fix team member access check (go-gitea#35899)
208be96 
Fix go-gitea#35499
@GiteaBot GiteaBot mentioned this pull request Nov 9, 2025
Merged
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Nov 9, 2025
@wxiaoguang wxiaoguang deleted the fix-team-user-access branch November 9, 2025 03:14
wxiaoguang added a commit that referenced this pull request Nov 9, 2025
@GiteaBot @wxiaoguang
Fix team member access check (#35899) (#35905)
1ca4fef 
Backport #35899 by wxiaoguang

Fix #35499

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 10, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
079ad07 
* giteaofficial/main:
  Allow to display embed images/pdfs when SERVE_DIRECT was enabled on MinIO storage (go-gitea#35882)
  Add proper page title for project pages (go-gitea#35773)
  Use correct form field for allowed force push users in branch protection API (go-gitea#35894)
  Fix team member access check (go-gitea#35899)
  Add ability for local makefile with personal customizations that wouldnt affect remote repo (go-gitea#35836)
  Add toolchain directive to go.mod (go-gitea#35901)
  Display source code downloads last for release attachments (go-gitea#35897)
  Fix conda null depend issue (go-gitea#35900)
  Fix avatar upload error handling (go-gitea#35887)
  Move `gitea-vet` to use `go tool` (go-gitea#35878)
  Contribution heatmap improvements (go-gitea#35876)
  Update to go 1.25.4 (go-gitea#35877)
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 24, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/release/v1.25'
0a09b13 
* giteaofficial/release/v1.25: (77 commits)
  Add "site admin" back to profile menu (go-gitea#36010) (go-gitea#36013)
  release notes for 1.25.2 (go-gitea#35986)
  Allow empty commit when merging pull request with squash style (go-gitea#35989) (go-gitea#36003)
  Fix various permission & login related bugs (go-gitea#36002) (go-gitea#36004)
  upgrade golang.org/x/crypto to 0.45.0 (go-gitea#35988)
  Change project default column icon to 'star' (go-gitea#35967) (go-gitea#35979)
  Misc CSS fixes (go-gitea#35888) (go-gitea#35981)
  Fix container push tag overwriting (go-gitea#35936) (go-gitea#35954)
  Fix corrupted external render content (go-gitea#35946) (go-gitea#35950)
  Don't show unnecessary error message to end users for DeleteBranchAfterMerge (go-gitea#35937) (go-gitea#35941)
  Limit read bytes instead of ReadAll (go-gitea#35928) (go-gitea#35934)
  Load jQuery as early as possible to support custom scripts (go-gitea#35926) (go-gitea#35929)
  Allow to display embed images/pdfs when SERVE_DIRECT was enabled on MinIO storage (go-gitea#35882) (go-gitea#35917)
  Use correct form field for allowed force push users in branch protection API (go-gitea#35894) (go-gitea#35908)
  Make OAuth2 issuer configurable (go-gitea#35915) (go-gitea#35916)
  Fix go-gitea#35763: Add proper page title for project pages (go-gitea#35773) (go-gitea#35909)
  Display source code downloads last for release attachments (go-gitea#35897) (go-gitea#35903)
  Fix team member access check (go-gitea#35899) (go-gitea#35905)
  Fix conda null depend issue (go-gitea#35900) (go-gitea#35902)
  Fix avatar upload error handling (go-gitea#35887) (go-gitea#35890)
  ...

# Conflicts:
#	go.mod
#	go.sum
#	models/actions/run_test.go
#	models/fixtures/action_run.yml
#	models/fixtures/action_run_job.yml
#	models/fixtures/action_task.yml
#	models/fixtures/branch.yml
#	models/fixtures/repo_unit.yml
#	modules/git/tree_entry_gogit.go
#	modules/git/tree_gogit.go
#	routers/web/repo/actions/view.go
#	routers/web/repo/issue_comment.go
#	services/actions/workflow.go
#	services/doctor/actions_test.go
#	services/pull/comment.go
#	services/pull/pull.go
#	services/pull/temp_repo.go
#	templates/base/head_navbar.tmpl
#	templates/swagger/v1_json.tmpl
#	tests/integration/actions_schedule_test.go
#	tests/integration/git_lfs_ssh_test.go
#	tests/integration/pull_create_test.go
#	tests/integration/pull_merge_test.go
#	tests/sqlite.ini.tmpl
#	web_src/js/components/ContextPopup.vue
@wxiaoguang wxiaoguang mentioned this pull request Dec 2, 2025
Closed
@xnox xnox mentioned this pull request Dec 7, 2025
Closed
pimpale added a commit to hud-evals/gitea that referenced this pull request Dec 13, 2025
@pimpale
Add comprehensive tests for team member access
93a6046 
Tests verify that:
1. Users in teams can access repos through team membership
2. Direct collaborator access still works (regression test)
3. Individual repo owners maintain access

On baseline: team members incorrectly denied access (only direct access checked)
On golden: team members correctly granted access via team membership

Related: PR go-gitea#35899
pimpale added a commit to hud-evals/gitea that referenced this pull request Dec 14, 2025
@pimpale
Fix team member access check
9f1f9de 
Add team members to repository access checks for organization-owned repos.

Changes:
- Added GetUserIDsWithUnitAccess() to collect user IDs including team members
- Added GetUsersWithUnitAccess() to get users with unit access
- Modified logic to call organization.GetTeamUserIDsWithAccessToAnyRepoUnit()
  when repo owner is an organization

This fixes the bug where users in teams with repo access were incorrectly
denied access because only direct user access was checked.

Related: PR go-gitea#35899
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 8, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@delvh delvh delvh approved these changes

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/v1.25 This PR should be backported to Gitea 1.25 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code type/bug

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

Can't add User with "Owner" permissions on repo to branch protection rule

4 participants

@wxiaoguang @lunny @delvh @GiteaBot