From ed8ef7aa8f1450ee882f593bc87e494695249599 Mon Sep 17 00:00:00 2001
From: Anton Ignatov <aignatov@biosistemika.com>
Date: Tue, 20 Aug 2019 16:07:22 +0200
Subject: [PATCH] Fix permission check;

---
 app/controllers/repositories_controller.rb      | 7 ++++++-
 app/controllers/team_repositories_controller.rb | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 57cd235a0..5152867c6 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -9,7 +9,8 @@ class RepositoriesController < ApplicationController
   before_action :check_view_all_permissions, only: :index
   before_action :check_view_permissions, only: %i(export_repository show)
   before_action :check_manage_permissions, only:
-    %i(destroy destroy_modal rename_modal update share_modal)
+    %i(destroy destroy_modal rename_modal update)
+  before_action :check_share_permissions, only: :share_modal
   before_action :check_create_permissions, only:
     %i(create_modal create copy_modal copy)
   before_action :set_inline_name_editing, only: %i(show)
@@ -345,6 +346,10 @@ class RepositoriesController < ApplicationController
     render_403 unless can_manage_repository?(@repository)
   end
 
+  def check_share_permissions
+    render_403 unless can_share_repository?(@repository)
+  end
+
   def repository_params
     params.require(:repository).permit(:name)
   end
diff --git a/app/controllers/team_repositories_controller.rb b/app/controllers/team_repositories_controller.rb
index 229b67a74..12de39340 100644
--- a/app/controllers/team_repositories_controller.rb
+++ b/app/controllers/team_repositories_controller.rb
@@ -70,7 +70,7 @@ class TeamRepositoriesController < ApplicationController
   end
 
   def check_sharing_permissions
-    render_403 unless can_manage_repository?(@repository)
+    render_403 unless can_share_repository?(@repository)
   end
 
   def teams_to_share