GitCaddy/GitCaddy Server
Limited
2
0
Fork 0
Code Issues Releases 4

fix(githttp): skip limited repo check for action tokens
Some checks failed
Build and Release / Create Release (push) Successful in 0s
Details
Build and Release / Unit Tests (push) Failing after 3m13s
Details
Build and Release / Lint (push) Failing after 3m42s
Details
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been skipped
Details
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been skipped
Details
Build and Release / Build Binary (linux/arm64) (push) Has been skipped
Details
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 4m12s
Details

Browse Source 
Action tokens have their access already validated earlier in the flow, so they should bypass the limited visibility repository check for clone/pull operations.
This commit is contained in:
David H. Friedel Jr.
2026-01-27 08:45:45 -05:00
parent 30417d1736
commit 8745968b83
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
routers/web/repo/githttp.go
View File

@@ -221,7 +221,8 @@ func httpBase(ctx *context.Context) *serviceHandler {
}
// Block clone/pull for limited visibility repos if user is not a collaborator
if repo.IsLimited && isPull && !isWiki {
// Skip this check for action tokens — their access was already validated above
if repo.IsLimited && isPull && !isWiki && ctx.Data["IsActionsToken"] != true {
allowed := ctx.Doer.IsAdmin || ctx.Doer.ID == repo.OwnerID
if !allowed {
if isCollab, _ := repo_model.IsCollaborator(ctx, repo.ID, ctx.Doer.ID); isCollab {