repo collaborator can access all repositories of an organisation

[init-rz]

Description

create a new user "guest"
(with no assignment to an organization)

in an organization with multiple repos create a new repo "test"

add guest as collaborator to test with "read" right.

logout
login as guest
guest can see all repositories of the org.

expected: guest should only be able to see the test repo.

Gitea Version

1.17.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

downloaded windows binaries

Database

PostgreSQL

[lunny]

What's the organization's visibility? What's your other repositories' visibility?

[init-rz]

organisation: public

repositories: public

[lunny]

public repository of public organization could be read by any user from that site.

[init-rz]

thank you for the information.
this a bit confusing. what do you mean by "site" ?
i created the user -> user does not see any repository.
i added the user to the repository, not the organization -> user can see all repositories.

if this is as intended, then pls close the ticket and perhaps add this use case to the documentation.

thanks for the project and the good support.

[zeripath]

What is the organisation visibility?

Is the Organisation PRIVATE, LIMITED or PUBLIC?

Is the User restricted?

[zeripath]

@init-rz we need some more information about this in order to determine if this is working as intended or if there is a bug.

[init-rz]

sorry, for late reply.
yes everything was set to "public" (default when creating organization/repo)

[GiteaBot]

We close issues that need feedback from the author if there were no new comments for a month. 🍵