Implemente permission checks inside repo-groups dropdowns

Issue #468 resolved
Marcin Kuzminski
repo owner created an issue

When creating/forking a repo user can set it's group. Currently there is no permission check made there so user is able to create a repo inside a group he doesn't have permission to, and then later he will no be able to access this repo

Comments (7)

  1. Anonymous

    In fact it would be nice to add a permission that controls whether a user is allowed to make server side forks at all or not. Or alternatively make it fall under the existing permission to create repositories so that if a user is not allowed to create repositories he/she is not allowed to make forks either.

  2. Kyrodan

    Does this also cover the following issue, tested with 1.4.4: I create a repo and try to assign it to a group with read-only permission - this correctly fails. After creating this repository with no group and then changing the group again in options, it succeeds - no error message regarding wrong group permission appears.

  3. Log in to comment