1 changed files with 5 additions and 5 deletions
Unified View
Diff Options
+ 5
- 5
routers/repo/attachment.go
View File
| @@ -152,15 +152,15 @@ func DownloadUserIsOrg(ctx *context.Context, attach *models.Attachment) bool { | |||||
| } else { | } else { | ||||
| repo.GetOwner() | repo.GetOwner() | ||||
| if repo.Owner.IsOrganization() { | if repo.Owner.IsOrganization() { | ||||
| log.Info("ower is org.") | |||||
| //log.Info("ower is org.") | |||||
| if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | ||||
| log.Info("user may be visit the attach.") | |||||
| return false | |||||
| log.Info("user may visit the attach.") | |||||
| return true | |||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| return true | |||||
| return false | |||||
| } | } | ||||
| // GetAttachment serve attachements | // GetAttachment serve attachements | ||||
| @@ -190,7 +190,7 @@ func GetAttachment(ctx *context.Context) { | |||||
| if repository == nil { //If not linked | if repository == nil { //If not linked | ||||
| //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | ||||
| if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && DownloadUserIsOrg(ctx, attach) { //We block if not the uploader | |||||
| if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && !DownloadUserIsOrg(ctx, attach) { //We block if not the uploader | |||||
| ctx.Error(http.StatusNotFound) | ctx.Error(http.StatusNotFound) | ||||
| return | return | ||||
| } | } | ||||