Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error (HTTP 404) When Assigning Teams to Repos #20658

Closed
ghost opened this issue Aug 3, 2022 · 6 comments · Fixed by #31923
Closed

Error (HTTP 404) When Assigning Teams to Repos #20658

ghost opened this issue Aug 3, 2022 · 6 comments · Fixed by #31923
Labels
type/bug

Comments

@ghost
Copy link

ghost commented Aug 3, 2022

Description

Since Gitea 1.17.0, normal users cannot assign organization teams to organization repositories. This task can currently only be done by administrators.

Instead of search results, the search box shows the error message "There was an issue querying the server" (see attached screenshot). The web developer console shows that the query to /org/<organization>/teams/-/search?q=test returns HTTP 404.

I would expect to at least see all groups that I'm assigned to.

Gitea Version

1.17.0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

screenshot

Git Version

No response

Operating System

No response

How are you running Gitea?

Self-hosted.

Database

No response
@ghost ghost added the type/bug label Aug 3, 2022
@ghost
Copy link
Author

ghost commented Aug 3, 2022

The cause appears to a change introduced in #19318. More specifically, authorization checks for /{org}/teams/-/search (defined here) are tighter than they used to be with the /api/v1/... endpoint.

In this line Context.OrgAssignment(...) is called with the parameters requireMember and requireOwner. I'm not sure whether the original intention was "require membership OR ownership" or "require membership AND ownership", but normal members are sorted out in this line.

@lunny lunny added this to the 1.17.1 milestone Aug 5, 2022
@lunny
Copy link
Member

lunny commented Aug 7, 2022

What did you mean normal user? This interface should be visited only by orgniazation owner team members or repository's admin collobrators.

@ghost
Copy link
Author

ghost commented Aug 9, 2022

Sorry, I should have specified: With normal user I meant repository admin collaborators who are not organization owners.

@lunny
Copy link
Member

lunny commented Aug 17, 2022

Looks like it's a regression from #19318

@zeripath zeripath modified the milestones: 1.17.1, 1.17.2 Aug 17, 2022
@lunny
Copy link
Member

lunny commented Aug 18, 2022

The problem is should the admin permission collaborator of organization repositories can visit organization's users list. If this collaborator is not a member of this organization. I think it's difficult to say it could. But he can visit public users list.

@lunny lunny modified the milestones: 1.17.2, 1.17.3 Sep 5, 2022
@noerw noerw mentioned this issue Sep 15, 2022
Closed
@6543 6543 modified the milestones: 1.17.3, 1.17.4 Oct 13, 2022
@lunny lunny modified the milestones: 1.17.4, 1.17.5 Dec 15, 2022
@lunny lunny removed this from the 1.17.5 milestone Mar 20, 2023
@ghost
Copy link

ghost commented Apr 10, 2024

I have found the same issue with the version 1.21.10 of gitea.

I have checked this checkbox at the organisation settings.

image

user1 is not a member of the team owner.

user1 cannot use autocomplete to assign a team

image

user1 is able to assign any teams to the repository, which exists inside the organisation. user1 needs only to write the whole name of the team.

Is that a bug or a feature?

@lunny lunny mentioned this issue Aug 26, 2024
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Aug 29, 2024
@lunny @GiteaBot
Fix search team (go-gitea#31923)
2aeeed2 
Fix go-gitea#20658
@GiteaBot GiteaBot mentioned this issue Aug 29, 2024
Merged
lunny added a commit that referenced this issue Aug 29, 2024
@GiteaBot @lunny
Fix search team (#31923) (#31942)
1d98d4e 
Backport #31923 by @lunny

Fix #20658

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix search team lunny/gitea
3 participants
@lunny @zeripath @6543