Skip to content

User profile page permission problems when user's visibility is private #32309

New issue
New issue
Open
Open
User profile page permission problems when user's visibility is private#32309
Labels
type/bug
@yp05327

Description

@yp05327
yp05327
opened on Oct 22, 2024

Description

Conditions:

  • User A's visibility is private
  • User A and User B is the member of an organization
  • The organization is private and has a private repo
  • User A has contributed in the private repo

Problems after User B access User A's profile page:

  • User B can see all internal repos, but he has no permission to access them, so should these repos be displayed in the profile page?
    image

  • User B can not access projects and packages unit, should it be displayed in the profile page?
    image

  • User B can access Public Activity page but nothing there, User B can also access the private repo with all read permission, so the activities in this repo should be displayed?
    image

  • If there's a private repo which User B can not access, but User A started it. Then you will see:
    image

Gitea Version

latest

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

build

Database

None

Metadata

Assignees

No one assigned

    Labels

    type/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions