From e963525c5e0a0b40825fde36e33ce31bf12df3c0 Mon Sep 17 00:00:00 2001
From: guillep2k <18600385+guillep2k@users.noreply.github.com>
Date: Thu, 21 May 2020 10:48:01 -0300
Subject: [PATCH] Prevent transferring repos to invisible orgs (#11517)

Co-authored-by: Guillermo Prandi <guillep2k@users.noreply.github.com>
---
 routers/repo/setting.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 7a2db88c1..dff13ff5b 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -22,6 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/validation"
 	"code.gitea.io/gitea/routers/utils"
@@ -379,6 +380,14 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 			return
 		}
 
+		if newOwner.Type == models.UserTypeOrganization {
+			if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !ctx.User.IsUserPartOfOrg(newOwner.ID) {
+				// The user shouldn't know about this organization
+				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), tplSettingsOptions, nil)
+				return
+			}
+		}
+
 		// Close the GitRepo if open
 		if ctx.Repo.GitRepo != nil {
 			ctx.Repo.GitRepo.Close()