Gitea: admin could see content of private repository of the oteher users

Created on 1 Feb 2018  ·  2Comments  ·  Source: go-gitea/gitea
  • Gitea version (or commit ref): 1.3.2
  • Git version:
  • Operating system:

  • Database (use [x]):

  • Can you reproduce the bug at https://try.gitea.io:

    • [ ] Yes (provide example URL)
    • [ ] No
    • [X ] Not relevant

Description

Admin user could see content of the private repossitories of the other users

user part

  • login as a user
  • create private repo
  • add some content

admin part

  • login as a admin
  • enter Admin Panel menu
  • enter Repositories tab
  • choose private repository created by user /click on it/

If the repository is private even ADMIN could not see the content.

kinproposal
Source
picture hudecof
👍1

Most helpful comment

depends on the agreement between the provider and customer. I would like to have the possibility to be this configurable. I would not use this as thirtd pary service if I known this.

picture hudecof on 11 Apr 2018
👍2

All 2 comments

This is the intended behaviour as an administrator is legally liable for anything that's on the server. Also for checking abuse. And the administrator could just bring up a console and check the files directly 🤷‍♂️

bkcsoft picture bkcsoft on 10 Feb 2018
👍1

depends on the agreement between the provider and customer. I would like to have the possibility to be this configurable. I would not use this as thirtd pary service if I known this.

hudecof picture hudecof on 11 Apr 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mirhec picture mirhec  ·  3Comments
kifirkin picture kifirkin  ·  3Comments
jakimfett picture jakimfett  ·  3Comments
haytona picture haytona  ·  3Comments
lunny picture lunny  ·  3Comments