Skip to content

Commit

Permalink
fix: restrict access to private repos unless admin or collab
Browse files Browse the repository at this point in the history 
don't override "config" repo private property
  • Loading branch information
@aymanbagabas
aymanbagabas committed Apr 7, 2022
1 parent 2260498 commit ca3dbb2
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions internal/config/git.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@ func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {

func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
private := cfg.isPrivate(repo)
if repo == "config" {
private = true
}
for _, u := range cfg.Users {
for _, k := range u.PublicKeys {
apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(strings.TrimSpace(k)))
Expand All @@ -80,7 +77,7 @@ func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
}
}
}
if private && (cfg.AnonAccess != "read-write") {
if private && len(cfg.Users) > 0 {
return gm.NoAccess
}
switch cfg.AnonAccess {
Expand Down

0 comments on commit ca3dbb2

Please sign in to comment.