API: team permissions are not properly set

[nblock]

• Gitea version (or commit ref): 1.3.3
• Git version: 2.11.0
• Operating system: Debian Stretch
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

We are using the Gitea API to manage teams, team members and team repositories. The workflow is as follows:

• Create users, organizations and organization repositories
• Create a new team for an organization with read permission
• Add existing users to the team
• Add existing repositories to the team

When we are done, the WebUI displays the team settings as expected and also lists team members as well as the team's repositories. However, if a team member with read permission wants to clone a team repository she gets a 'permission denied' error. When the user tries to view the repo in the WebUI a 404 error is shown.

It seems that the read permissions are not properly propagated internally when the API is used to manage teams.

We found the following workaround:

• Login as root
• Open https://gitea.example.com/org/MYORG/teams/MYTEAM/edit
• Do not modify anything in the forms
• Hit the Update Settings button

After the workaround team members can access their repository just as the permission system indicates.

We hit #3600 while trying to automate the workaround via the API.

[lunny]

should be fixed by #5314, feel free to reopen it.