GitFOSS

ethicdevs / gitfoss

38a3d25

Fork2

William Nemenchasecurity(git_server): do not allow strangers to push on ...

38a3d25 (parent 0969184)10/15/2022, 8:07:34 AM

security(git_server): do not allow strangers to push on unlisted repositories...

+ 3

- 4

app/services/gitServer/authorizationResolver.ts

+ 3

- 4

View file (current ref)View file ($master)

@@ -51,12 +51,11 @@ const makeAuthorizationResolver: ServiceMethodFactory<
       return false;
     }
 
-    if (
-      repo.visibility === ResourceVisibility.PUBLIC ||
-      repo.visibility === ResourceVisibility.UNLISTED
-    ) {
+    if (repo.visibility === ResourceVisibility.PUBLIC) {
       return true;
     } else {
+      // TODO:
+      // allow read-only for unlisted users without auth, but write behind auth.
       return !!(
         (org.ownerId === user.id ||
           org.memberships.find((m) => m.id === user.id)) &&

GitFOSS • v0.2.0 (#421408f) • MIT License