Skip to content

authz: always check config conflicts first

Created by: unknwon

Always perform config conflict check before the "len(repos) == 0" as explained in the code comments:

🚨 SECURITY: This "smart" check must happen after checking globals.PermissionsUserMapping().Enabled. Otherwise, we could leak the existence of repositories that a user has no access to by returning an error (resulted in 500), and returning nil (resulted in 404) for non-existent repositories.

Merge request reports

Loading