From fc14e052bd72f9cbd9f13e72fa33e7d221b5e7be Mon Sep 17 00:00:00 2001
From: 7FM <gitea@fake.local>
Date: Mon, 21 Oct 2019 22:52:34 +0200
Subject: [PATCH] Fixed race condition when a user A shares a private
 repository to another user B (non admin). B does not see this repository via
 a API call because he is neither owner nor admin

---
 routers/api/v1/user/repo.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 5848169088a89..99839b020aa99 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -52,7 +52,7 @@ func ListUserRepos(ctx *context.APIContext) {
 	if ctx.Written() {
 		return
 	}
-	private := ctx.IsSigned && (ctx.User.ID == user.ID || ctx.User.IsAdmin)
+	private := ctx.IsSigned
 	listUserRepos(ctx, user, private)
 }