Fix ignored errors when checking if organization, team member (#3177)

2017-12-20 23:43:26 -08:00 · 2017-12-20 23:43:26 -08:00 · 515cdaa85d
commit 515cdaa85d
parent 529482135c
16 changed files with 281 additions and 144 deletions
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@ -74,10 +74,20 @@ func checkContextUser(ctx *context.Context, uid int64) *models.User {
 	}

 	// Check ownership of organization.
-	if !org.IsOrganization() || !(ctx.User.IsAdmin || org.IsOwnedBy(ctx.User.ID)) {
+	if !org.IsOrganization() {
 		ctx.Error(403)
 		return nil
 	}
+	if !ctx.User.IsAdmin {
+		isOwner, err := org.IsOwnedBy(ctx.User.ID)
+		if err != nil {
+			ctx.Handle(500, "IsOwnedBy", err)
+			return nil
+		} else if !isOwner {
+			ctx.Error(403)
+			return nil
+		}
+	}
 	return org
 }