domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)

Browse source 
Backport #28877 by @KN4CK3R

Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit b7c944b9e4)
This commit is contained in:
Giteabot 2024-01-22 01:44:38 +08:00 committed by Earl Warren
parent 80dfa56d2f
commit e2620642bd
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
3 changed files with 24 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/context/package.go
View file

@ -93,7 +93,7 @@ func packageAssignment(ctx *packageAssignmentCtx, errCb func(int, string, any))
}
func determineAccessMode(ctx *Base, pkg *Package, doer *user_model.User) (perm.AccessMode, error) {
if setting.Service.RequireSignInView && doer == nil {
if setting.Service.RequireSignInView && (doer == nil || doer.IsGhost()) {
return perm.AccessModeNone, nil
}