github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

repo collaborator can access all repositories of an organisation #9346

New Issue
Closed
opened 2025-11-02 08:36:03 -06:00 by GiteaMirror · 8 comments
GiteaMirror commented 2025-11-02 08:36:03 -06:00
Owner
Copy Link

Originally created by @init-rz on GitHub (Aug 4, 2022).

Description

create a new user "guest"
(with no assignment to an organization)

in an organization with multiple repos create a new repo "test"

add guest as collaborator to test with "read" right.

logout
login as guest
guest can see all repositories of the org.

expected: guest should only be able to see the test repo.

Gitea Version

1.17.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

downloaded windows binaries

Database

PostgreSQL

Originally created by @init-rz on GitHub (Aug 4, 2022). ### Description create a new user "guest" (with no assignment to an organization) in an organization with multiple repos create a new repo "test" add guest as collaborator to test with "read" right. logout login as guest guest can see all repositories of the org. expected: guest should only be able to see the test repo. ### Gitea Version 1.17.0 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? downloaded windows binaries ### Database PostgreSQL
GiteaMirror added the issue/needs-feedbacktype/bug labels 2025-11-02 08:36:03 -06:00
GiteaMirror commented 2025-11-02 08:36:04 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Aug 7, 2022):

What's the organization's visibility? What's your other repositories' visibility?

@lunny commented on GitHub (Aug 7, 2022): What's the organization's visibility? What's your other repositories' visibility?
GiteaMirror commented 2025-11-02 08:36:04 -06:00
Author
Owner
Copy Link

@init-rz commented on GitHub (Aug 8, 2022):

organisation: public

repositories: public

@init-rz commented on GitHub (Aug 8, 2022): organisation: public repositories: public
GiteaMirror commented 2025-11-02 08:36:05 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Aug 8, 2022):

public repository of public organization could be read by any user from that site.

@lunny commented on GitHub (Aug 8, 2022): public repository of public organization could be read by any user from that site.
GiteaMirror commented 2025-11-02 08:36:05 -06:00
Author
Owner
Copy Link

@init-rz commented on GitHub (Aug 9, 2022):

thank you for the information.
this a bit confusing. what do you mean by "site" ?
i created the user -> user does not see any repository.
i added the user to the repository, not the organization -> user can see all repositories.

if this is as intended, then pls close the ticket and perhaps add this use case to the documentation.

thanks for the project and the good support.

@init-rz commented on GitHub (Aug 9, 2022): thank you for the information. this a bit confusing. what do you mean by "site" ? i created the user -> user does not see any repository. i added the user to the repository, not the organization -> user can see all repositories. if this is as intended, then pls close the ticket and perhaps add this use case to the documentation. thanks for the project and the good support.
GiteaMirror commented 2025-11-02 08:36:05 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Aug 17, 2022):

What is the organisation visibility?

Is the Organisation PRIVATE, LIMITED or PUBLIC?

Is the User restricted?

@zeripath commented on GitHub (Aug 17, 2022): What is the organisation visibility? Is the Organisation PRIVATE, LIMITED or PUBLIC? Is the User `restricted`?
GiteaMirror commented 2025-11-02 08:36:05 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Sep 4, 2022):

@init-rz we need some more information about this in order to determine if this is working as intended or if there is a bug.

@zeripath commented on GitHub (Sep 4, 2022): @init-rz we need some more information about this in order to determine if this is working as intended or if there is a bug.
GiteaMirror commented 2025-11-02 08:36:06 -06:00
Author
Owner
Copy Link

@init-rz commented on GitHub (Sep 13, 2022):

sorry, for late reply.
yes everything was set to "public" (default when creating organization/repo)

@init-rz commented on GitHub (Sep 13, 2022): sorry, for late reply. yes everything was set to "public" (default when creating organization/repo)
GiteaMirror commented 2025-11-02 08:36:06 -06:00
Author
Owner
Copy Link

@GiteaBot commented on GitHub (Sep 8, 2023):

We close issues that need feedback from the author if there were no new comments for a month. 🍵

@GiteaBot commented on GitHub (Sep 8, 2023): We close issues that need feedback from the author if there were no new comments for a month. :tea:
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9346
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?