I was testing team permissions for an organization and found that because I’m an admin for the gitea site I can push to any repo, or branch as long as it doesn’t have branch protection. This seems concerning to me as I would have expected that if I put my user in a read only access team for an org that I wouldn’t be able to push to it. This doesn’t seem to be the case, and I can push no matter where my user is associated with.
Yes, maybe we should prevent site admin to do so except they add themselves to the member of that repositories.