Skip to content

github: Explicit check for org admin in getRepoAffiliatedGroups

Administrator requested to merge ig/getrepoaffiliatedgroups into main

Created by: indradhanush

I stumbled upon this while writing a test case for #29325.

If canViewOrgRepos returns false we implicitly assume that the org membership details belong to an admin. This is not necessarily true in all cases. For example, if the user is not an admin and the OrgDetailsAndMembership.DefaultRepositoryPermissions is set to none1, the function call to canViewOrgRepos will return false and we will continue to call syncGroup assuming this is an admin. Which is not the correct behaviour.

Merge request reports

Loading