401 trying to access organization secrets/templates (gitea)

Unsure how to get drone version but I just pulled latest drone/drone:2 and issue persists there.
Gitea version: latest master.

I am getting blank white page trying to access organization secrets or templates from settings. In request log I see GET https://drone.my.domain/api/secrets/test → 401 (test is org name)
Response body: {"message":"Forbidden"}

I have admin rights for organization on gitea, tried doing this with multiple different organizations, result is the same. Tried pressing sync button, nothing changed. Organization secrets/templates settings work for personal repositories on gitea works.
I am gitea instance and organization admin

1 Like

You’ll need to make sure you are a Drone admin
https://docs.drone.io/server/user/admin/

from docs it seems like drone admin is something like system administrator? I just need permission to access organization secrets

giving myself drone admin allowed me to access these but this sounds like something that should be accessible by git repository admins. am i misunderstanding something?

giving myself drone admin allowed me to access these but this sounds like something that should be accessible by git repository admins. am i misunderstanding something?

The ability to create / update / delete templates and organization secrets should only be available to organization admins.

However, the Gitea API does not return enough information to determine whether or not an individual has admin access to the organization [1]. Therefore, as a fallback to this missing information, Drone restricts the ability to create / update / delete templates and organization secrets to Drone admins.

The GitHub API does expose an individual user’s role in the organization, therefore, Drone is able to use the GitHub API to determine user access to templates and org secrets instead of restricting to Drone admins. If the Gitea API can be improved to more closely mirror the GitHub API [2] and to return the user role in the payload, we would be able to support using this information to govern access.

[1] https://try.gitea.io/api/swagger#/organization/orgIsMember
[2] https://docs.github.com/en/rest/orgs/members#get-organization-membership-for-a-user

thanks for clarification. I’ll try reaching out to gitea devs and maybe file a feature request.
meanwhile i think drone could handle this situation better. it looks like 401 is completely unhanded and it breaks page resulting in blank white screen requiring pressing going to previous page and refreshing it