From ca3dbb29300bfdb5161c2afeb948fabd42b83de2 Mon Sep 17 00:00:00 2001
From: Ayman Bagabas <ayman.bagabas@gmail.com>
Date: Tue, 5 Apr 2022 18:47:44 -0400
Subject: [PATCH] fix: restrict access to private repos unless admin or collab

don't override "config" repo private property
---
 internal/config/git.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/internal/config/git.go b/internal/config/git.go
index 9e6c89540..0d96f95db 100644
--- a/internal/config/git.go
+++ b/internal/config/git.go
@@ -55,9 +55,6 @@ func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {
 
 func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
 	private := cfg.isPrivate(repo)
-	if repo == "config" {
-		private = true
-	}
 	for _, u := range cfg.Users {
 		for _, k := range u.PublicKeys {
 			apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(strings.TrimSpace(k)))
@@ -80,7 +77,7 @@ func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
 			}
 		}
 	}
-	if private && (cfg.AnonAccess != "read-write") {
+	if private && len(cfg.Users) > 0 {
 		return gm.NoAccess
 	}
 	switch cfg.AnonAccess {