MokoConsulting/MokoGitea
1
0
Fork 0
Code Issues 143 Pull Requests Releases 96 Wiki Activity

fix(licenses): licensed private repos allow release viewing for signed-in users #422

Merged
jmiller merged 1 commits from dev into main 2026-06-02 14:52:35 +00:00
Conversation 0 Commits 1 Files Changed 2
+21 -6

1 Commits

Author SHA1 Message Date
Jonathan Miller 021a054348 fix(licenses): licensed private repos allow signed-in users to view releases
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
PR RC Release / Build RC Release (pull_request) Successful in 19s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details 
When licensing is enabled on a private repo, signed-in users who
are not repo members can now view the releases page (with downloads
hidden). The RepoAssignment permission check detects licensing and
grants read-only access instead of returning 403.

This enables the commercial pattern: private source code, but
release notes visible to any authenticated user. Download files
are gated by license key via HideReleaseDownloads.

Anonymous users still get 404 (no information leak).
Non-licensed private repos still return 403 for non-members.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-06-02 09:52:05 -05:00