Admin cannot make org member visible via API #28372
Comments
wxiaoguang
added a commit
that referenced
this issue
Apr 13, 2025
Allows admins and org owners to change org member public status. Before, this would return `Error 403: Cannot publicize another member` despite the fact that the same user could make the same change through the GUI. Fixes #28372 --------- Co-authored-by: Tomáš Ženčák <[email protected]> Co-authored-by: wxiaoguang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When using the API endpoint
/orgs/{org}/public_members/{username}with the PUT or DELETE methods as an admin user, it returns error 403 with the messageCannot publicize another member. The same happens when authenticated as an owner of the organization. However, if I try to do the same action via the web API, it works. I would expect that the API would not forbid me from actions I can take without issue via the web interface.Gitea Version
b348424
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
The problem first occured on a binary downloaded from the official website, then confirmed on a binary self-built from the main branch.
Database
SQLite
The text was updated successfully, but these errors were encountered: