From 9162c8215057348d608d86d66081b79167d0bf01 Mon Sep 17 00:00:00 2001
From: zokki <zokki.softwareschmiede@gmail.com>
Date: Mon, 1 Sep 2025 15:19:17 +0200
Subject: [PATCH] fix: preserved 'Custom access' even after no permissions
 (#8943)

fixes #5382

Co-authored-by: Otto <otto@codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8943
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
---
 templates/org/team/new.tmpl   |  2 +-
 tests/integration/org_test.go | 36 +++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/templates/org/team/new.tmpl b/templates/org/team/new.tmpl
index 5c29b9a293..9f1db98227 100644
--- a/templates/org/team/new.tmpl
+++ b/templates/org/team/new.tmpl
@@ -52,7 +52,7 @@
 									<span class="help">{{ctx.Locale.Tr "org.teams.admin_access_helper"}}</span>
 								</label>
 								<label>
-									<input type="radio" name="permission" value="read" {{if or .PageIsOrgTeamsNew (eq .Team.AccessMode 1) (eq .Team.AccessMode 2)}}checked{{end}}>
+									<input type="radio" name="permission" value="read" {{if or .PageIsOrgTeamsNew (le .Team.AccessMode 2)}}checked{{end}}>
 									{{ctx.Locale.Tr "org.teams.general_access"}}
 									<span class="help">{{ctx.Locale.Tr "org.teams.general_access_helper"}}</span>
 								</label>
diff --git a/tests/integration/org_test.go b/tests/integration/org_test.go
index 4035818e1a..cc1664d93a 100644
--- a/tests/integration/org_test.go
+++ b/tests/integration/org_test.go
@@ -297,3 +297,39 @@ func TestOrgNewMigrationButton(t *testing.T) {
 		htmlDoc.AssertElement(t, migrateSelector, true)
 	})
 }
+
+func TestTeamWithoutPermissionToShowTable(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
+	session := loginUser(t, user.Name)
+
+	// set all units to "No access"
+	req := NewRequestWithValues(t, "POST", fmt.Sprintf("/org/%s/teams/%s/edit", org.Name, team.Name), map[string]string{
+		"_csrf":       GetCSRF(t, session, fmt.Sprintf("/org/%s/teams/%s/edit", org.Name, team.Name)),
+		"team_name":   team.Name,
+		"description": "",
+		"repo_access": "all",
+		"permission":  "read",
+		"unit_1":      "0",
+		"unit_2":      "0",
+		"unit_3":      "0",
+		"unit_4":      "0",
+		"unit_5":      "0",
+		"unit_8":      "0",
+		"unit_9":      "0",
+		"unit_10":     "0",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+
+	req = NewRequestWithValues(t, "GET", fmt.Sprintf("/org/%s/teams/%s/edit", org.Name, team.Name), map[string]string{
+		"_csrf": GetCSRF(t, session, fmt.Sprintf("/org/%s/teams/%s/edit", org.Name, team.Name)),
+	})
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	_, checked := htmlDoc.Find(`input[name="permission"][value="read"]`).Attr("checked")
+	assert.True(t, checked)
+}