fix(licenses): restrict downloadsPublic to release/download paths only
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Universal: PR Check / Validate PR (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled

The downloadsPublic flag was granting LicensedReadOnly to all
routes including the main repo page, causing 404 on private repos.
Now only applies to paths containing /releases/ or /archive/.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
2026-06-02 15:30:23 -05:00
parent 01011f6115
commit 6405163e60
+10 -5
View File
@@ -448,12 +448,17 @@ func repoAssignmentLegacy(ctx *Context, data *repoAssignmentPrepareDataStruct) {
hasKey := ctx.FormString("dlid") != "" || ctx.FormString("key") != "" || ctx.FormString("download_key") != ""
// Check if downloads are set to public (download_gating=none means no key needed).
// Only apply to release/download paths, not the main repo page.
downloadsPublic := false
if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") {
downloadsPublic = true
}
if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") {
downloadsPublic = true
reqPath := ctx.Req.URL.Path
isDownloadPath := strings.Contains(reqPath, "/releases/") || strings.Contains(reqPath, "/archive/")
if isDownloadPath {
if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") {
downloadsPublic = true
}
if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") {
downloadsPublic = true
}
}
if ctx.IsSigned || hasKey || downloadsPublic {