2026-06-02 14:27:25 +00:00
1 changed files with 7 additions and 0 deletions
@@ -435,6 +435,13 @@ func repoAssignmentLegacy(ctx *Context, data *repoAssignmentPrepareDataStruct) {
 			EarlyResponseForGoGetMeta(ctx)
 			return
 		}
+		// For signed-in users, show "access denied" instead of 404
+		// so they know the repo exists but they lack permission.
+		// Anonymous users still get 404 to prevent repo enumeration.
+		if ctx.IsSigned {
+			ctx.HTTPError(http.StatusForbidden, "You do not have permission to access this repository")
+			return
+		}
 		ctx.NotFound(nil)
 		return
 	}