Skip to content

Team permissions on private repos are not merged correctly #35154

New issue
New issue
Open
Open
Team permissions on private repos are not merged correctly#35154
Labels
issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detailtype/bug
@KimonHoffmann

Description

@KimonHoffmann
KimonHoffmann
opened on Jul 24, 2025

Description

In releases prior to 1.24.0 any user who is a member of multiple teams with permissions on private repositories received the maximum permissions from all teams.

Since upgrading to 1.24.3 these users are limited by the limited permissions instead.

Example:

  • Team X: Write Access to PRs on all repos of an org
  • Team Y: No Access to PRs on all repos of an org
  • User A: Member of both X and Y

Effects:

  • User A can not see or access PRs (404).
  • User A is available as a reviewer on PRs in the dropdown list.
  • Attempts to assign user A as a reviewer results in no action being taken with the following message in the log:
.../web/repo/pull_review.go:434:UpdatePullReviewRequest() [W] UpdatePullReviewRequest: refusing to add invalid review request for <User USER_ID:USER_NAME> to <Repository REPO_ID:ORG/REPO>#18: Error: Reviewer can't read [...]

The most similar issue I found is #33456, which is supposed to be fixed in 1.24.3, but still might be related.

Gitea Version

1.24.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.49.1

Operating System

Linux (amd64)

How are you running Gitea?

Prebuilt official OCI image

Database

SQLite

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detailtype/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions