From e429c78d567cd5bc36105185b4f3e1a3b1073c99 Mon Sep 17 00:00:00 2001
From: Urban Rotnik <urban.rotnik@gmail.com>
Date: Mon, 10 Aug 2020 14:35:47 +0200
Subject: [PATCH] Fix permission check

---
 app/controllers/search_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index af71167f3..302cba1bb 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -263,7 +263,7 @@ class SearchController < ApplicationController
 
   def search_repository
     @repository = Repository.find_by_id(params[:repository])
-    render_403 unless can_read_repository?(@repository)
+    render_403 unless user.teams.include?(repository.team) || repository.private_shared_with?(user.teams)
     @repository_results = []
     if @repository_search_count_total > 0
       @repository_results =