Skip to content

fix(git-provider): honor sharedWithOrganization in application/compose detail views#4320

Open
RezaRahemtola wants to merge 1 commit intoDokploy:canaryfrom
RezaRahemtola:fix/git-provider-shared-access-detail-views
Open

fix(git-provider): honor sharedWithOrganization in application/compose detail views#4320
RezaRahemtola wants to merge 1 commit intoDokploy:canaryfrom
RezaRahemtola:fix/git-provider-shared-access-detail-views

Conversation

@RezaRahemtola
Copy link
Copy Markdown

@RezaRahemtola RezaRahemtola commented Apr 28, 2026
edited
Loading

Summary

The application/compose detail pages still display "Repository connection through unauthorized provider" for git providers shared with the organization (or accessible via owner/admin role / Enterprise per-user assignment), even though the listing endpoints correctly grant access.

Root cause: application.one and compose.one compute hasGitProviderAccess with a hand-rolled check (gitProvider.userId !== ctx.session.userId) that pre-dates the sharing feature added in #4135. The other five call sites (git-provider.getAll, github.githubProviders, gitlab.gitlabProviders, bitbucket.bitbucketProviders, gitea.giteaProviders) all use getAccessibleGitProviderIds(ctx.session), which returns the full set of accessible provider ids (creator + sharedWithOrganization + owner/admin + per-user assignment).

This PR replaces the userId check in both application.one and compose.one with getAccessibleGitProviderIds, bringing the detail-view access check in line with every other call site.

The previous try/catch around findGitProviderById is no longer needed: a missing/orphaned provider simply isn't in the returned set, producing the same "no access" UI without an exception.

Reproduction

  1. As user A, connect a GitHub git provider and toggle "Share with organization" on.
  2. As user B, open any application or compose using that provider.
  3. Expected: form renders normally. Actual (before this PR): "Repository connection through unauthorized provider" banner.
image

Test plan

  • Manually reproduced the bug on v0.29.2 with a shared GitHub provider.
  • Patched bundle deployed to a self-hosted instance and verified the banner is gone for non-creator org members on a shared provider.
  • Biome check passes (no new warnings introduced).

Checklist

  • Branch is based on canary.
  • Read CONTRIBUTING.md.
  • Conventional Commits message.

Greptile Summary

This PR fixes a bug where application.one and compose.one used a hand-rolled gitProvider.userId !== ctx.session.userId check that predated the organization-sharing feature, causing shared/admin-accessible git providers to be incorrectly flagged as unauthorized. Both endpoints now call getAccessibleGitProviderIds(ctx.session), aligning them with the five other call sites that already use this helper.

Confidence Score: 5/5

Safe to merge — the fix is a targeted, correct replacement of a stale access check with the existing shared helper already used by all other call sites.

The change is minimal (two identical hunks), uses a well-tested existing function, correctly handles all access scenarios (owner/admin, sharedWithOrganization, per-user assignment, and missing providers), and introduces no new code paths. No P0 or P1 issues found.

No files require special attention.

Reviews (1): Last reviewed commit: "fix(git-provider): honor sharedWithOrgan..." | Re-trigger Greptile

@RezaRahemtola
fix(git-provider): honor sharedWithOrganization in application/compos…
38e5ca2 
…e detail views

The `application.one` and `compose.one` queries were checking
`gitProvider.userId !== ctx.session.userId` to compute
`hasGitProviderAccess`, ignoring the `sharedWithOrganization` flag and
org owner/admin role. As a result, providers shared with the
organization (or accessible via Enterprise per-user assignment) still
rendered the "Repository connection through unauthorized provider"
banner on the detail pages.

Replace the check with `getAccessibleGitProviderIds(ctx.session)`, which
already drives the listing endpoints (`git-provider.getAll`,
`github.githubProviders`, `gitlab.gitlabProviders`,
`bitbucket.bitbucketProviders`, `gitea.giteaProviders`). This brings the
per-service access check in line with the rest of the codebase and
covers all four access paths: creator, sharedWithOrganization,
owner/admin role, and per-user assignment.

The previous try/catch around `findGitProviderById` is no longer needed:
a missing/orphaned provider simply isn't in the returned set, yielding
the same "no access" UI without an exception.
@dosubot dosubot Bot added size:S This PR changes 10-29 lines, ignoring generated files. bug Something isn't working labels Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Siumauricio Siumauricio Awaiting requested review from Siumauricio Siumauricio is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug Something isn't working size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RezaRahemtola