go-gitea · zeripath · May 29, 2020 · May 28, 2020 · May 28, 2020 · May 28, 2020
diff --git a/routers/repo/http.go b/routers/repo/http.go
@@ -29,6 +29,7 @@ import (
  "code.gitea.io/gitea/modules/log"
  "code.gitea.io/gitea/modules/process"
  "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/structs"
  "code.gitea.io/gitea/modules/timeutil"
  repo_service "code.gitea.io/gitea/services/repository"
 )
@@ -125,8 +126,13 @@ func HTTP(ctx *context.Context) {
  return
  }
 
+ if err := repo.GetOwner(); err != nil {
+ ctx.ServerError("GetOwner", err)
+ return
+ }
+
  // Only public pull don't need auth.
- isPublicPull := repoExist && !repo.IsPrivate && isPull
+ isPublicPull := repoExist && !repo.IsPrivate && repo.Owner.Visibility == structs.VisibleTypePublic && isPull
  var (
  askAuth = !isPublicPull || setting.Service.RequireSignInView
  authUser *models.User