Description
Description
If a user happens to be a member of both,
- the team "owner" of an organization "org" and additionally
- a non-privileged team "non-priv" of the same org that gets populated via LDAP. This team does not have the flag "can-create-repository" checked.
Then the user can choose "org" when trying to create a repo. But they are prevented from actually creating the repository. Instead of a view of the newly created repo they get the word "forbidden" on an otherwise empty page. See screenshot.
Expected behavior: The user can create the repositories in the organization org. They are member of team owner, after all.
Since the bug involves group data pulled from an LDAP data base, I was not able to reproduce the bug on the demo site.
Excerpt of our gitea.log (same as gist)
Gitea Version
1.20.2
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/KaiMartin/92f92b85f224c94ecf2ef2dabbfaac50
Screenshots
Git Version
2.39.2
Operating System
debian 12 - bookworm/stable
How are you running Gitea?
Got gitea from https://dl.gitea.io ( https://dl.gitea.io/gitea/1.20.2/gitea-1.20.2-linux-amd64 )
We run gitea from systemd:
systemd --version
systemd 252 (252.12-1~deb12u1)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
Database
PostgreSQL