domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Ensure DeleteUser is not allowed to Delete Orgs and visa versa (#10134)

Browse source 
* add check to DeleteUser

* add check to DeleteOrganization

* add Test

* remove redundancy (deleteOrg is only used in DeleteOrganization)

* Update models/org.go

Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
6543 2020-02-04 15:27:18 +01:00 committed by GitHub
parent b3c72a7c4a
commit d4096ab6a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
models/org.go
View file

@ -256,6 +256,10 @@ func CountOrganizations() int64 {
// DeleteOrganization completely and permanently deletes everything of organization.
func DeleteOrganization(org *User) (err error) {
if !org.IsOrganization() {
return fmt.Errorf("%s is a user not an organization", org.Name)
}
sess := x.NewSession()
defer sess.Close()
@ -275,10 +279,6 @@ func DeleteOrganization(org *User) (err error) {
}
func deleteOrg(e *xorm.Session, u *User) error {
if !u.IsOrganization() {
return fmt.Errorf("You can't delete none organization user: %s", u.Name)
}
// Check ownership of repository.
count, err := getRepositoryCount(e, u)
if err != nil {