Enforce that only admins can copy a repo to another user

ijaureguialzo · ijaureguialzo · commit 99bbd9986159 · 2021-07-15T12:21:55.000+02:00
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
@@ -387,6 +387,11 @@ func Generate(ctx *context.APIContext) {
 			return
 		}
 
+		if !ctx.User.IsAdmin && !ctxUser.IsOrganization() {
+			ctx.Error(http.StatusForbidden, "", "Only admin can generate repository for other user.")
+			return
+		}
+
 		if !ctx.User.IsAdmin {
 			canCreate, err := ctxUser.CanCreateOrgRepo(ctx.User.ID)
 			if err != nil {
