Ensure DeleteUser is not allowed to Delete Orgs and visa versa (#10134)

* add check to DeleteUser * add check to DeleteOrganization * add Test * remove redundancy (deleteOrg is only used in DeleteOrganization) * Update models/org.go Co-authored-by: zeripath <art27@cantab.net>
2025-11-04 08:30:25 +08:00 · 2020-02-04 15:27:18 +01:00
parent b3c72a7c4a
commit d4096ab6a2
4 changed files with 13 additions and 6 deletions
--- a/models/org.go
+++ b/models/org.go
@@ -256,6 +256,10 @@ func CountOrganizations() int64 {

 // DeleteOrganization completely and permanently deletes everything of organization.
 func DeleteOrganization(org *User) (err error) {
+	if !org.IsOrganization() {
+		return fmt.Errorf("%s is a user not an organization", org.Name)
+	}
+
 	sess := x.NewSession()
 	defer sess.Close()

@@ -275,10 +279,6 @@ func DeleteOrganization(org *User) (err error) {
 }

 func deleteOrg(e *xorm.Session, u *User) error {
-	if !u.IsOrganization() {
-		return fmt.Errorf("You can't delete none organization user: %s", u.Name)
-	}
-
 	// Check ownership of repository.
 	count, err := getRepositoryCount(e, u)
 	if err != nil {