From 6405163e60617ac533ff26e4fd4bc2dd946c19f1 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Tue, 2 Jun 2026 15:30:23 -0500 Subject: [PATCH] fix(licenses): restrict downloadsPublic to release/download paths only The downloadsPublic flag was granting LicensedReadOnly to all routes including the main repo page, causing 404 on private repos. Now only applies to paths containing /releases/ or /archive/. Co-Authored-By: Claude Opus 4.6 (1M context) --- services/context/repo.go | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/services/context/repo.go b/services/context/repo.go index 67e0c70811..977d5e37bb 100644 --- a/services/context/repo.go +++ b/services/context/repo.go @@ -448,12 +448,17 @@ func repoAssignmentLegacy(ctx *Context, data *repoAssignmentPrepareDataStruct) { hasKey := ctx.FormString("dlid") != "" || ctx.FormString("key") != "" || ctx.FormString("download_key") != "" // Check if downloads are set to public (download_gating=none means no key needed). + // Only apply to release/download paths, not the main repo page. downloadsPublic := false - if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") { - downloadsPublic = true - } - if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") { - downloadsPublic = true + reqPath := ctx.Req.URL.Path + isDownloadPath := strings.Contains(reqPath, "/releases/") || strings.Contains(reqPath, "/archive/") + if isDownloadPath { + if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") { + downloadsPublic = true + } + if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") { + downloadsPublic = true + } } if ctx.IsSigned || hasKey || downloadsPublic { -- 2.52.0