Skip to content

Allow admins and org owners to change org member public status #28294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Apr 13, 2025
Merged

Allow admins and org owners to change org member public status #28294

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d718e3f
Allow admins and org owners to change org member public status
zencak-ica Nov 29, 2023
f4b715c
Merge branch 'main' into main
Tomeamis Dec 6, 2023
0421028
Merge branch 'main' into main
Tomeamis Dec 19, 2023
a352455
Use ctx.Org.Organization.IsOwnedBy
zencak-ica Feb 1, 2024
754ce8e
Simplify, fix logic error
zencak-ica Feb 2, 2024
5229f60
Merge branch 'main' into main
Tomeamis Feb 2, 2024
046151e
Fix error string
zencak-ica Feb 2, 2024
e138973
Merge branch 'main' into fix-org-member-public
wxiaoguang Apr 13, 2025
6e9b8a9
fix
wxiaoguang Apr 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 10 additions & 14 deletions routers/api/v1/org/member.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,18 +236,16 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
allowed := userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin
if !allowed {
if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
return
}
allowed = isOwner
}
if !allowed {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
if err != nil {
Expand Down Expand Up @@ -287,18 +285,16 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
allowed := userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin
if !allowed {
if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
return
}
allowed = isOwner
}
if !allowed {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)
if err != nil {
Expand Down