From 0518d0d5976dcec71730e199e06a73d1b2eee9eb Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Thu, 9 May 2024 06:31:25 +0000
Subject: [PATCH] fix

---
 routers/api/v1/notify/repo.go             |  4 +-
 routers/api/v1/notify/threads.go          |  4 +-
 routers/api/v1/notify/user.go             |  4 +-
 routers/api/v1/org/team.go                |  4 +-
 routers/api/v1/repo/commits.go            |  4 +-
 routers/api/v1/repo/compare.go            |  2 +-
 routers/api/v1/repo/fork.go               |  4 +-
 routers/api/v1/repo/hook.go               |  2 +-
 routers/api/v1/repo/issue_comment.go      | 10 +--
 routers/api/v1/repo/key.go                | 11 +--
 routers/api/v1/repo/migrate.go            |  2 +-
 routers/api/v1/repo/notes.go              |  2 +-
 routers/api/v1/repo/pull.go               |  2 +-
 routers/api/v1/repo/release.go            | 10 +--
 routers/api/v1/repo/release_attachment.go |  2 +-
 routers/api/v1/repo/release_tags.go       |  2 +-
 routers/api/v1/repo/repo.go               | 12 ++--
 routers/api/v1/repo/status.go             |  6 +-
 routers/api/v1/repo/transfer.go           |  8 +--
 routers/api/v1/user/repo.go               |  4 +-
 routers/api/v1/user/star.go               |  2 +-
 routers/api/v1/user/watch.go              |  2 +-
 routers/web/repo/setting/webhook.go       |  2 +-
 services/actions/notifier.go              | 54 +++++++--------
 services/actions/notifier_helper.go       |  4 +-
 services/convert/activity.go              |  4 +-
 services/convert/git_commit.go            | 10 +--
 services/convert/issue.go                 |  4 +-
 services/convert/issue_comment.go         | 12 ++--
 services/convert/notification.go          |  9 +--
 services/convert/package.go               |  2 +-
 services/convert/pull.go                  |  8 +--
 services/convert/pull_test.go             |  2 +-
 services/convert/release.go               |  5 +-
 services/convert/release_test.go          |  2 +-
 services/convert/repository.go            | 17 ++---
 services/convert/status.go                |  8 +--
 services/webhook/notifier.go              | 84 +++++++++++------------
 tests/integration/api_comment_test.go     |  2 +-
 39 files changed, 168 insertions(+), 164 deletions(-)

diff --git a/routers/api/v1/notify/repo.go b/routers/api/v1/notify/repo.go
index 1744426ee8..5db0428e8a 100644
--- a/routers/api/v1/notify/repo.go
+++ b/routers/api/v1/notify/repo.go
@@ -127,7 +127,7 @@ func ListRepoNotifications(ctx *context.APIContext) {
 
 	ctx.SetTotalCountHeader(totalCount)
 
-	ctx.JSON(http.StatusOK, convert.ToNotifications(ctx, nl))
+	ctx.JSON(http.StatusOK, convert.ToNotifications(ctx, nl, ctx.Doer))
 }
 
 // ReadRepoNotifications mark notification threads as read on a specific repo
@@ -221,7 +221,7 @@ func ReadRepoNotifications(ctx *context.APIContext) {
 			return
 		}
 		_ = notif.LoadAttributes(ctx)
-		changed = append(changed, convert.ToNotificationThread(ctx, notif))
+		changed = append(changed, convert.ToNotificationThread(ctx, notif, ctx.Doer))
 	}
 	ctx.JSON(http.StatusResetContent, changed)
 }
diff --git a/routers/api/v1/notify/threads.go b/routers/api/v1/notify/threads.go
index 8e12d359cb..3eb30d1bf0 100644
--- a/routers/api/v1/notify/threads.go
+++ b/routers/api/v1/notify/threads.go
@@ -46,7 +46,7 @@ func GetThread(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToNotificationThread(ctx, n))
+	ctx.JSON(http.StatusOK, convert.ToNotificationThread(ctx, n, ctx.Doer))
 }
 
 // ReadThread mark notification as read by ID
@@ -97,7 +97,7 @@ func ReadThread(ctx *context.APIContext) {
 		ctx.InternalServerError(err)
 		return
 	}
-	ctx.JSON(http.StatusResetContent, convert.ToNotificationThread(ctx, notif))
+	ctx.JSON(http.StatusResetContent, convert.ToNotificationThread(ctx, notif, ctx.Doer))
 }
 
 func getThread(ctx *context.APIContext) *activities_model.Notification {
diff --git a/routers/api/v1/notify/user.go b/routers/api/v1/notify/user.go
index 879f484cce..2b478ac0df 100644
--- a/routers/api/v1/notify/user.go
+++ b/routers/api/v1/notify/user.go
@@ -87,7 +87,7 @@ func ListNotifications(ctx *context.APIContext) {
 	}
 
 	ctx.SetTotalCountHeader(totalCount)
-	ctx.JSON(http.StatusOK, convert.ToNotifications(ctx, nl))
+	ctx.JSON(http.StatusOK, convert.ToNotifications(ctx, nl, ctx.Doer))
 }
 
 // ReadNotifications mark notification threads as read, unread, or pinned
@@ -168,7 +168,7 @@ func ReadNotifications(ctx *context.APIContext) {
 			return
 		}
 		_ = notif.LoadAttributes(ctx)
-		changed = append(changed, convert.ToNotificationThread(ctx, notif))
+		changed = append(changed, convert.ToNotificationThread(ctx, notif, ctx.Doer))
 	}
 
 	ctx.JSON(http.StatusResetContent, changed)
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 015af774e3..ea83c6e033 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -588,7 +588,7 @@ func GetTeamRepos(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
 			return
 		}
-		repos[i] = convert.ToRepo(ctx, repo, permission)
+		repos[i] = convert.ToRepo(ctx, repo, permission, ctx.Doer)
 	}
 	ctx.SetTotalCountHeader(int64(team.NumRepos))
 	ctx.JSON(http.StatusOK, repos)
@@ -640,7 +640,7 @@ func GetTeamRepo(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission))
+	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission, ctx.Doer))
 }
 
 // getRepositoryByParams get repository by a team's organization ID and repo name
diff --git a/routers/api/v1/repo/commits.go b/routers/api/v1/repo/commits.go
index d06a3b4e49..8bc7a33de7 100644
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@@ -83,7 +83,7 @@ func getCommit(ctx *context.APIContext, identifier string, toCommitOpts convert.
 		return
 	}
 
-	json, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, commit, nil, toCommitOpts)
+	json, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, commit, nil, ctx.Doer, toCommitOpts)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "toCommit", err)
 		return
@@ -257,7 +257,7 @@ func GetAllCommits(ctx *context.APIContext) {
 
 	for i, commit := range commits {
 		// Create json struct
-		apiCommits[i], err = convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, commit, userCache, convert.ParseCommitOptions(ctx))
+		apiCommits[i], err = convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, commit, userCache, ctx.Doer, convert.ParseCommitOptions(ctx))
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "toCommit", err)
 			return
diff --git a/routers/api/v1/repo/compare.go b/routers/api/v1/repo/compare.go
index cfd61d768c..a5502d57c8 100644
--- a/routers/api/v1/repo/compare.go
+++ b/routers/api/v1/repo/compare.go
@@ -79,7 +79,7 @@ func CompareDiff(ctx *context.APIContext) {
 	apiCommits := make([]*api.Commit, 0, len(ci.Commits))
 	userCache := make(map[string]*user_model.User)
 	for i := 0; i < len(ci.Commits); i++ {
-		apiCommit, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, ci.Commits[i], userCache,
+		apiCommit, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, ci.Commits[i], userCache, ctx.Doer,
 			convert.ToCommitOptions{
 				Stat:         true,
 				Verification: verification,
diff --git a/routers/api/v1/repo/fork.go b/routers/api/v1/repo/fork.go
index a1e3c9804b..389a131d4d 100644
--- a/routers/api/v1/repo/fork.go
+++ b/routers/api/v1/repo/fork.go
@@ -67,7 +67,7 @@ func ListForks(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
 			return
 		}
-		apiForks[i] = convert.ToRepo(ctx, fork, permission)
+		apiForks[i] = convert.ToRepo(ctx, fork, permission, ctx.Doer)
 	}
 
 	ctx.SetTotalCountHeader(int64(ctx.Repo.Repository.NumForks))
@@ -158,5 +158,5 @@ func CreateFork(ctx *context.APIContext) {
 	}
 
 	// TODO change back to 201
-	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, fork, access_model.Permission{AccessMode: perm.AccessModeOwner}))
+	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, fork, access_model.Permission{AccessMode: perm.AccessModeOwner}, ctx.Doer))
 }
diff --git a/routers/api/v1/repo/hook.go b/routers/api/v1/repo/hook.go
index ffd2313591..899b77ba44 100644
--- a/routers/api/v1/repo/hook.go
+++ b/routers/api/v1/repo/hook.go
@@ -185,7 +185,7 @@ func TestHook(ctx *context.APIContext) {
 		Commits:      []*api.PayloadCommit{commit},
 		TotalCommits: 1,
 		HeadCommit:   commit,
-		Repo:         convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
+		Repo:         convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}, ctx.Doer),
 		Pusher:       convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone),
 		Sender:       convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone),
 	}); err != nil {
diff --git a/routers/api/v1/repo/issue_comment.go b/routers/api/v1/repo/issue_comment.go
index 070571ba62..d7a3893030 100644
--- a/routers/api/v1/repo/issue_comment.go
+++ b/routers/api/v1/repo/issue_comment.go
@@ -112,7 +112,7 @@ func ListIssueComments(ctx *context.APIContext) {
 	apiComments := make([]*api.Comment, len(comments))
 	for i, comment := range comments {
 		comment.Issue = issue
-		apiComments[i] = convert.ToAPIComment(ctx, ctx.Repo.Repository, comments[i])
+		apiComments[i] = convert.ToAPIComment(ctx, ctx.Repo.Repository, comments[i], ctx.Doer)
 	}
 
 	ctx.SetTotalCountHeader(totalCount)
@@ -332,7 +332,7 @@ func ListRepoIssueComments(ctx *context.APIContext) {
 		return
 	}
 	for i := range comments {
-		apiComments[i] = convert.ToAPIComment(ctx, ctx.Repo.Repository, comments[i])
+		apiComments[i] = convert.ToAPIComment(ctx, ctx.Repo.Repository, comments[i], ctx.Doer)
 	}
 
 	ctx.SetTotalCountHeader(totalCount)
@@ -406,7 +406,7 @@ func CreateIssueComment(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusCreated, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment))
+	ctx.JSON(http.StatusCreated, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment, ctx.Doer))
 }
 
 // GetIssueComment Get a comment by ID
@@ -479,7 +479,7 @@ func GetIssueComment(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment))
+	ctx.JSON(http.StatusOK, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment, ctx.Doer))
 }
 
 // EditIssueComment modify a comment of an issue
@@ -620,7 +620,7 @@ func editIssueComment(ctx *context.APIContext, form api.EditIssueCommentOption)
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment))
+	ctx.JSON(http.StatusOK, convert.ToAPIComment(ctx, ctx.Repo.Repository, comment, ctx.Doer))
 }
 
 // DeleteIssueComment delete a comment from an issue
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 88444a2625..4fbdab4ee9 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -15,6 +15,7 @@ import (
 	"code.gitea.io/gitea/models/perm"
 	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
@@ -25,16 +26,16 @@ import (
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-func appendPrivateInformation(ctx stdCtx.Context, apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
+func appendPrivateInformation(ctx stdCtx.Context, apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository, doer *user_model.User) (*api.DeployKey, error) {
 	apiKey.ReadOnly = key.Mode == perm.AccessModeRead
 	if repository.ID == key.RepoID {
-		apiKey.Repository = convert.ToRepo(ctx, repository, access_model.Permission{AccessMode: key.Mode})
+		apiKey.Repository = convert.ToRepo(ctx, repository, access_model.Permission{AccessMode: key.Mode}, doer)
 	} else {
 		repo, err := repo_model.GetRepositoryByID(ctx, key.RepoID)
 		if err != nil {
 			return apiKey, err
 		}
-		apiKey.Repository = convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: key.Mode})
+		apiKey.Repository = convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: key.Mode}, doer)
 	}
 	return apiKey, nil
 }
@@ -105,7 +106,7 @@ func ListDeployKeys(ctx *context.APIContext) {
 		}
 		apiKeys[i] = convert.ToDeployKey(apiLink, keys[i])
 		if ctx.Doer.IsAdmin || ((ctx.Repo.Repository.ID == keys[i].RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
-			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], ctx.Repo.Repository)
+			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], ctx.Repo.Repository, ctx.Doer)
 		}
 	}
 
@@ -167,7 +168,7 @@ func GetDeployKey(ctx *context.APIContext) {
 	apiLink := composeDeployKeysAPILink(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
 	apiKey := convert.ToDeployKey(apiLink, key)
 	if ctx.Doer.IsAdmin || ((ctx.Repo.Repository.ID == key.RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
-		apiKey, _ = appendPrivateInformation(ctx, apiKey, key, ctx.Repo.Repository)
+		apiKey, _ = appendPrivateInformation(ctx, apiKey, key, ctx.Repo.Repository, ctx.Doer)
 	}
 	ctx.JSON(http.StatusOK, apiKey)
 }
diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go
index f246b08c0a..510c4b7cba 100644
--- a/routers/api/v1/repo/migrate.go
+++ b/routers/api/v1/repo/migrate.go
@@ -212,7 +212,7 @@ func Migrate(ctx *context.APIContext) {
 	}
 
 	log.Trace("Repository migrated: %s/%s", repoOwner.Name, form.RepoName)
-	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
+	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeAdmin}, ctx.Doer))
 }
 
 func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, err error) {
diff --git a/routers/api/v1/repo/notes.go b/routers/api/v1/repo/notes.go
index a4a1d4eab7..5cee8138d8 100644
--- a/routers/api/v1/repo/notes.go
+++ b/routers/api/v1/repo/notes.go
@@ -89,7 +89,7 @@ func getNote(ctx *context.APIContext, identifier string) {
 	verification := ctx.FormString("verification") == "" || ctx.FormBool("verification")
 	files := ctx.FormString("files") == "" || ctx.FormBool("files")
 
-	cmt, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, note.Commit, nil,
+	cmt, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, note.Commit, nil, ctx.Doer,
 		convert.ToCommitOptions{
 			Stat:         true,
 			Verification: verification,
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 38a32a73c7..94bec13592 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -1436,7 +1436,7 @@ func GetPullRequestCommits(ctx *context.APIContext) {
 
 	apiCommits := make([]*api.Commit, 0, limit)
 	for i := start; i < start+limit; i++ {
-		apiCommit, err := convert.ToCommit(ctx, ctx.Repo.Repository, baseGitRepo, commits[i], userCache,
+		apiCommit, err := convert.ToCommit(ctx, ctx.Repo.Repository, baseGitRepo, commits[i], userCache, ctx.Doer,
 			convert.ToCommitOptions{
 				Stat:         true,
 				Verification: verification,
diff --git a/routers/api/v1/repo/release.go b/routers/api/v1/repo/release.go
index f0f3c0bbc7..9936f1c874 100644
--- a/routers/api/v1/repo/release.go
+++ b/routers/api/v1/repo/release.go
@@ -65,7 +65,7 @@ func GetRelease(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release))
+	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release, ctx.Doer))
 }
 
 // GetLatestRelease gets the most recent non-prerelease, non-draft release of a repository, sorted by created_at
@@ -106,7 +106,7 @@ func GetLatestRelease(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release))
+	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release, ctx.Doer))
 }
 
 // ListReleases list a repository's releases
@@ -170,7 +170,7 @@ func ListReleases(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 			return
 		}
-		rels[i] = convert.ToAPIRelease(ctx, ctx.Repo.Repository, release)
+		rels[i] = convert.ToAPIRelease(ctx, ctx.Repo.Repository, release, ctx.Doer)
 	}
 
 	filteredCount, err := db.Count[repo_model.Release](ctx, opts)
@@ -272,7 +272,7 @@ func CreateRelease(ctx *context.APIContext) {
 			return
 		}
 	}
-	ctx.JSON(http.StatusCreated, convert.ToAPIRelease(ctx, ctx.Repo.Repository, rel))
+	ctx.JSON(http.StatusCreated, convert.ToAPIRelease(ctx, ctx.Repo.Repository, rel, ctx.Doer))
 }
 
 // EditRelease edit a release
@@ -356,7 +356,7 @@ func EditRelease(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, rel))
+	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, rel, ctx.Doer))
 }
 
 // DeleteRelease delete a release from a repository
diff --git a/routers/api/v1/repo/release_attachment.go b/routers/api/v1/repo/release_attachment.go
index 59fd83e3a2..5134f6aad6 100644
--- a/routers/api/v1/repo/release_attachment.go
+++ b/routers/api/v1/repo/release_attachment.go
@@ -144,7 +144,7 @@ func ListReleaseAttachments(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release).Attachments)
+	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release, ctx.Doer).Attachments)
 }
 
 // CreateReleaseAttachment creates an attachment and saves the given file
diff --git a/routers/api/v1/repo/release_tags.go b/routers/api/v1/repo/release_tags.go
index fec91164a2..03ff86702a 100644
--- a/routers/api/v1/repo/release_tags.go
+++ b/routers/api/v1/repo/release_tags.go
@@ -63,7 +63,7 @@ func GetReleaseByTag(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release))
+	ctx.JSON(http.StatusOK, convert.ToAPIRelease(ctx, ctx.Repo.Repository, release, ctx.Doer))
 }
 
 // DeleteReleaseByTag delete a release from a repository by tag name
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 7f35a7fe41..0141920940 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -223,7 +223,7 @@ func Search(ctx *context.APIContext) {
 				Error: err.Error(),
 			})
 		}
-		results[i] = convert.ToRepo(ctx, repo, permission)
+		results[i] = convert.ToRepo(ctx, repo, permission, ctx.Doer)
 	}
 	ctx.SetLinkHeader(int(count), opts.PageSize)
 	ctx.SetTotalCountHeader(count)
@@ -278,7 +278,7 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
 		ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
 	}
 
-	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}))
+	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, ctx.Doer))
 }
 
 // Create one repository of mine
@@ -426,7 +426,7 @@ func Generate(ctx *context.APIContext) {
 	}
 	log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
 
-	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}))
+	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, ctx.Doer))
 }
 
 // CreateOrgRepoDeprecated create one repository of the organization
@@ -548,7 +548,7 @@ func Get(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
+	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission, ctx.Doer))
 }
 
 // GetByID returns a single Repository
@@ -589,7 +589,7 @@ func GetByID(ctx *context.APIContext) {
 		ctx.NotFound()
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission))
+	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission, ctx.Doer))
 }
 
 // Edit edit repository properties
@@ -653,7 +653,7 @@ func Edit(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, ctx.Repo.Permission))
+	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, ctx.Repo.Permission, ctx.Doer))
 }
 
 // updateBasicProperties updates the basic properties of a repo: Name, Description, Website and Visibility
diff --git a/routers/api/v1/repo/status.go b/routers/api/v1/repo/status.go
index 9e36ea0aed..61d714ef22 100644
--- a/routers/api/v1/repo/status.go
+++ b/routers/api/v1/repo/status.go
@@ -69,7 +69,7 @@ func NewCommitStatus(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusCreated, convert.ToCommitStatus(ctx, status))
+	ctx.JSON(http.StatusCreated, convert.ToCommitStatus(ctx, status, ctx.Doer))
 }
 
 // GetCommitStatuses returns all statuses for any given commit hash
@@ -209,7 +209,7 @@ func getCommitStatuses(ctx *context.APIContext, sha string) {
 
 	apiStatuses := make([]*api.CommitStatus, 0, len(statuses))
 	for _, status := range statuses {
-		apiStatuses = append(apiStatuses, convert.ToCommitStatus(ctx, status))
+		apiStatuses = append(apiStatuses, convert.ToCommitStatus(ctx, status, ctx.Doer))
 	}
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
@@ -275,7 +275,7 @@ func GetCombinedCommitStatusByRef(ctx *context.APIContext) {
 		return
 	}
 
-	combiStatus := convert.ToCombinedStatus(ctx, statuses, convert.ToRepo(ctx, repo, ctx.Repo.Permission))
+	combiStatus := convert.ToCombinedStatus(ctx, statuses, convert.ToRepo(ctx, repo, ctx.Repo.Permission, ctx.Doer), ctx.Doer)
 
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, combiStatus)
diff --git a/routers/api/v1/repo/transfer.go b/routers/api/v1/repo/transfer.go
index 776b336761..cafef0819d 100644
--- a/routers/api/v1/repo/transfer.go
+++ b/routers/api/v1/repo/transfer.go
@@ -128,12 +128,12 @@ func Transfer(ctx *context.APIContext) {
 
 	if ctx.Repo.Repository.Status == repo_model.RepositoryPendingTransfer {
 		log.Trace("Repository transfer initiated: %s -> %s", oldFullname, ctx.Repo.Repository.FullName())
-		ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
+		ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}, ctx.Doer))
 		return
 	}
 
 	log.Trace("Repository transferred: %s -> %s", oldFullname, ctx.Repo.Repository.FullName())
-	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
+	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}, ctx.Doer))
 }
 
 // AcceptTransfer accept a repo transfer
@@ -171,7 +171,7 @@ func AcceptTransfer(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
+	ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission, ctx.Doer))
 }
 
 // RejectTransfer reject a repo transfer
@@ -209,7 +209,7 @@ func RejectTransfer(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
+	ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission, ctx.Doer))
 }
 
 func acceptOrRejectRepoTransfer(ctx *context.APIContext, accept bool) error {
diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index d0264d6b5a..870477d0b0 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -43,7 +43,7 @@ func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
 			return
 		}
 		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAnyUnitAccess() {
-			apiRepos = append(apiRepos, convert.ToRepo(ctx, repos[i], permission))
+			apiRepos = append(apiRepos, convert.ToRepo(ctx, repos[i], permission, ctx.Doer))
 		}
 	}
 
@@ -128,7 +128,7 @@ func ListMyRepos(ctx *context.APIContext) {
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
 		}
-		results[i] = convert.ToRepo(ctx, repo, permission)
+		results[i] = convert.ToRepo(ctx, repo, permission, ctx.Doer)
 	}
 
 	ctx.SetLinkHeader(int(count), opts.ListOptions.PageSize)
diff --git a/routers/api/v1/user/star.go b/routers/api/v1/user/star.go
index ad9ed9548d..fa2ccbd5cb 100644
--- a/routers/api/v1/user/star.go
+++ b/routers/api/v1/user/star.go
@@ -35,7 +35,7 @@ func getStarredRepos(ctx *context.APIContext, user *user_model.User, private boo
 		if err != nil {
 			return nil, err
 		}
-		repos[i] = convert.ToRepo(ctx, starred, permission)
+		repos[i] = convert.ToRepo(ctx, starred, permission, ctx.Doer)
 	}
 	return repos, nil
 }
diff --git a/routers/api/v1/user/watch.go b/routers/api/v1/user/watch.go
index 2cc23ae476..db48004de9 100644
--- a/routers/api/v1/user/watch.go
+++ b/routers/api/v1/user/watch.go
@@ -33,7 +33,7 @@ func getWatchedRepos(ctx *context.APIContext, user *user_model.User, private boo
 		if err != nil {
 			return nil, 0, err
 		}
-		repos[i] = convert.ToRepo(ctx, watched, permission)
+		repos[i] = convert.ToRepo(ctx, watched, permission, ctx.Doer)
 	}
 	return repos, total, nil
 }
diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go
index 1a3549fea4..9b5174200d 100644
--- a/routers/web/repo/setting/webhook.go
+++ b/routers/web/repo/setting/webhook.go
@@ -691,7 +691,7 @@ func TestWebhook(ctx *context.Context) {
 		Commits:      []*api.PayloadCommit{apiCommit},
 		TotalCommits: 1,
 		HeadCommit:   apiCommit,
-		Repo:         convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
+		Repo:         convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}, ctx.Doer),
 		Pusher:       apiUser,
 		Sender:       apiUser,
 	}
diff --git a/services/actions/notifier.go b/services/actions/notifier.go
index 6551da39e7..52c3480bf9 100644
--- a/services/actions/notifier.go
+++ b/services/actions/notifier.go
@@ -50,7 +50,7 @@ func (n *actionsNotifier) NewIssue(ctx context.Context, issue *issues_model.Issu
 		Action:     api.HookIssueOpened,
 		Index:      issue.Index,
 		Issue:      convert.ToAPIIssue(ctx, issue.Poster, issue),
-		Repository: convert.ToRepo(ctx, issue.Repo, permission),
+		Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, issue.Poster, nil),
 	}).Notify(withMethod(ctx, "NewIssue"))
 }
@@ -77,7 +77,7 @@ func (n *actionsNotifier) IssueChangeContent(ctx context.Context, doer *user_mod
 				Action:      api.HookIssueEdited,
 				Index:       issue.Index,
 				PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-				Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}),
+				Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}, nil),
 				Sender:      convert.ToUser(ctx, doer, nil),
 			}).
 			WithPullRequest(issue.PullRequest).
@@ -90,7 +90,7 @@ func (n *actionsNotifier) IssueChangeContent(ctx context.Context, doer *user_mod
 			Action:     api.HookIssueEdited,
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		}).
 		Notify(ctx)
@@ -109,7 +109,7 @@ func (n *actionsNotifier) IssueChangeStatus(ctx context.Context, doer *user_mode
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 			CommitID:    commitID,
 		}
@@ -128,7 +128,7 @@ func (n *actionsNotifier) IssueChangeStatus(ctx context.Context, doer *user_mode
 	apiIssue := &api.IssuePayload{
 		Index:      issue.Index,
 		Issue:      convert.ToAPIIssue(ctx, doer, issue),
-		Repository: convert.ToRepo(ctx, issue.Repo, permission),
+		Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 	}
 	if isClosed {
@@ -216,7 +216,7 @@ func notifyIssueChange(ctx context.Context, doer *user_model.User, issue *issues
 				Action:      action,
 				Index:       issue.Index,
 				PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-				Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}),
+				Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}, nil),
 				Sender:      convert.ToUser(ctx, doer, nil),
 			}).
 			WithPullRequest(issue.PullRequest).
@@ -230,7 +230,7 @@ func notifyIssueChange(ctx context.Context, doer *user_model.User, issue *issues
 			Action:     action,
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		}).
 		Notify(ctx)
@@ -294,8 +294,8 @@ func notifyIssueCommentChange(ctx context.Context, doer *user_model.User, commen
 	payload := &api.IssueCommentPayload{
 		Action:     action,
 		Issue:      convert.ToAPIIssue(ctx, doer, comment.Issue),
-		Comment:    convert.ToAPIComment(ctx, comment.Issue.Repo, comment),
-		Repository: convert.ToRepo(ctx, comment.Issue.Repo, permission),
+		Comment:    convert.ToAPIComment(ctx, comment.Issue.Repo, comment, nil),
+		Repository: convert.ToRepo(ctx, comment.Issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		IsPull:     comment.Issue.IsPull,
 	}
@@ -350,7 +350,7 @@ func (n *actionsNotifier) NewPullRequest(ctx context.Context, pull *issues_model
 			Action:      api.HookIssueOpened,
 			Index:       pull.Issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, pull, nil),
-			Repository:  convert.ToRepo(ctx, pull.Issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, pull.Issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, pull.Issue.Poster, nil),
 		}).
 		WithPullRequest(pull).
@@ -362,7 +362,7 @@ func (n *actionsNotifier) CreateRepository(ctx context.Context, doer, u *user_mo
 
 	newNotifyInput(repo, doer, webhook_module.HookEventRepository).WithPayload(&api.RepositoryPayload{
 		Action:       api.HookRepoCreated,
-		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 		Organization: convert.ToUser(ctx, u, nil),
 		Sender:       convert.ToUser(ctx, doer, nil),
 	}).Notify(ctx)
@@ -376,8 +376,8 @@ func (n *actionsNotifier) ForkRepository(ctx context.Context, doer *user_model.U
 
 	// forked webhook
 	newNotifyInput(oldRepo, doer, webhook_module.HookEventFork).WithPayload(&api.ForkPayload{
-		Forkee: convert.ToRepo(ctx, oldRepo, oldPermission),
-		Repo:   convert.ToRepo(ctx, repo, permission),
+		Forkee: convert.ToRepo(ctx, oldRepo, oldPermission, nil),
+		Repo:   convert.ToRepo(ctx, repo, permission, nil),
 		Sender: convert.ToUser(ctx, doer, nil),
 	}).Notify(ctx)
 
@@ -389,7 +389,7 @@ func (n *actionsNotifier) ForkRepository(ctx context.Context, doer *user_model.U
 			WithRef(oldRepo.DefaultBranch).
 			WithPayload(&api.RepositoryPayload{
 				Action:       api.HookRepoCreated,
-				Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+				Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 				Organization: convert.ToUser(ctx, u, nil),
 				Sender:       convert.ToUser(ctx, doer, nil),
 			}).Notify(ctx)
@@ -431,7 +431,7 @@ func (n *actionsNotifier) PullRequestReview(ctx context.Context, pr *issues_mode
 			Action:      api.HookIssueReviewed,
 			Index:       review.Issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-			Repository:  convert.ToRepo(ctx, review.Issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, review.Issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, review.Reviewer, nil),
 			Review: &api.ReviewPayload{
 				Type:    string(reviewHookType),
@@ -466,7 +466,7 @@ func (n *actionsNotifier) PullRequestReviewRequest(ctx context.Context, doer *us
 			Index:             issue.Index,
 			PullRequest:       convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
 			RequestedReviewer: convert.ToUser(ctx, reviewer, nil),
-			Repository:        convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:        convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:            convert.ToUser(ctx, doer, nil),
 		}).
 		WithPullRequest(issue.PullRequest).
@@ -502,7 +502,7 @@ func (*actionsNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
 	apiPullRequest := &api.PullRequestPayload{
 		Index:       pr.Issue.Index,
 		PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission),
+		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission, nil),
 		Sender:      convert.ToUser(ctx, doer, nil),
 		Action:      api.HookIssueClosed,
 	}
@@ -539,7 +539,7 @@ func (n *actionsNotifier) PushCommits(ctx context.Context, pusher *user_model.Us
 			CompareURL: setting.AppURL + commits.CompareURL,
 			Commits:    apiCommits,
 			HeadCommit: apiHeadCommit,
-			Repo:       convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+			Repo:       convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 			Pusher:     apiPusher,
 			Sender:     apiPusher,
 		}).
@@ -550,7 +550,7 @@ func (n *actionsNotifier) CreateRef(ctx context.Context, pusher *user_model.User
 	ctx = withMethod(ctx, "CreateRef")
 
 	apiPusher := convert.ToUser(ctx, pusher, nil)
-	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone})
+	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}, nil)
 
 	newNotifyInput(repo, pusher, webhook_module.HookEventCreate).
 		WithRef(refFullName.String()).
@@ -568,7 +568,7 @@ func (n *actionsNotifier) DeleteRef(ctx context.Context, pusher *user_model.User
 	ctx = withMethod(ctx, "DeleteRef")
 
 	apiPusher := convert.ToUser(ctx, pusher, nil)
-	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone})
+	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}, nil)
 
 	newNotifyInput(repo, pusher, webhook_module.HookEventDelete).
 		WithPayload(&api.DeletePayload{
@@ -601,7 +601,7 @@ func (n *actionsNotifier) SyncPushCommits(ctx context.Context, pusher *user_mode
 			Commits:      apiCommits,
 			TotalCommits: commits.Len,
 			HeadCommit:   apiHeadCommit,
-			Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+			Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 			Pusher:       apiPusher,
 			Sender:       apiPusher,
 		}).
@@ -670,7 +670,7 @@ func (n *actionsNotifier) PullRequestSynchronized(ctx context.Context, doer *use
 			Action:      api.HookIssueSynchronized,
 			Index:       pr.Issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-			Repository:  convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}),
+			Repository:  convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		}).
 		WithPullRequest(pr).
@@ -701,7 +701,7 @@ func (n *actionsNotifier) PullRequestChangeTargetBranch(ctx context.Context, doe
 				},
 			},
 			PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-			Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		}).
 		WithPullRequest(pr).
@@ -713,7 +713,7 @@ func (n *actionsNotifier) NewWikiPage(ctx context.Context, doer *user_model.User
 
 	newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
 		Action:     api.HookWikiCreated,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 		Comment:    comment,
@@ -725,7 +725,7 @@ func (n *actionsNotifier) EditWikiPage(ctx context.Context, doer *user_model.Use
 
 	newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
 		Action:     api.HookWikiEdited,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 		Comment:    comment,
@@ -737,7 +737,7 @@ func (n *actionsNotifier) DeleteWikiPage(ctx context.Context, doer *user_model.U
 
 	newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
 		Action:     api.HookWikiDeleted,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 	}).Notify(ctx)
@@ -749,7 +749,7 @@ func (n *actionsNotifier) MigrateRepository(ctx context.Context, doer, u *user_m
 
 	newNotifyInput(repo, doer, webhook_module.HookEventRepository).WithPayload(&api.RepositoryPayload{
 		Action:       api.HookRepoCreated,
-		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
+		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}, nil),
 		Organization: convert.ToUser(ctx, u, nil),
 		Sender:       convert.ToUser(ctx, doer, nil),
 	}).Notify(ctx)
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 1d09a222c0..e96bfa1734 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -369,8 +369,8 @@ func notifyRelease(ctx context.Context, doer *user_model.User, rel *repo_model.R
 		WithRef(git.RefNameFromTag(rel.TagName).String()).
 		WithPayload(&api.ReleasePayload{
 			Action:     action,
-			Release:    convert.ToAPIRelease(ctx, rel.Repo, rel),
-			Repository: convert.ToRepo(ctx, rel.Repo, permission),
+			Release:    convert.ToAPIRelease(ctx, rel.Repo, rel, nil),
+			Repository: convert.ToRepo(ctx, rel.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		}).
 		Notify(ctx)
diff --git a/services/convert/activity.go b/services/convert/activity.go
index 01fef73e58..b7d5b7f673 100644
--- a/services/convert/activity.go
+++ b/services/convert/activity.go
@@ -28,7 +28,7 @@ func ToActivity(ctx context.Context, ac *activities_model.Action, doer *user_mod
 		ActUserID: ac.ActUserID,
 		ActUser:   ToUser(ctx, ac.ActUser, doer),
 		RepoID:    ac.RepoID,
-		Repo:      ToRepo(ctx, ac.Repo, p),
+		Repo:      ToRepo(ctx, ac.Repo, p, doer),
 		RefName:   ac.RefName,
 		IsPrivate: ac.IsPrivate,
 		Content:   ac.Content,
@@ -37,7 +37,7 @@ func ToActivity(ctx context.Context, ac *activities_model.Action, doer *user_mod
 
 	if ac.Comment != nil {
 		result.CommentID = ac.CommentID
-		result.Comment = ToAPIComment(ctx, ac.Repo, ac.Comment)
+		result.Comment = ToAPIComment(ctx, ac.Repo, ac.Comment, doer)
 	}
 
 	return result
diff --git a/services/convert/git_commit.go b/services/convert/git_commit.go
index e0efcddbcb..12f669e0f8 100644
--- a/services/convert/git_commit.go
+++ b/services/convert/git_commit.go
@@ -88,7 +88,7 @@ func ParseCommitOptions(ctx *ctx.APIContext) ToCommitOptions {
 }
 
 // ToCommit convert a git.Commit to api.Commit
-func ToCommit(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Repository, commit *git.Commit, userCache map[string]*user_model.User, opts ToCommitOptions) (*api.Commit, error) {
+func ToCommit(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Repository, commit *git.Commit, userCache map[string]*user_model.User, doer *user_model.User, opts ToCommitOptions) (*api.Commit, error) {
 	var apiAuthor, apiCommitter *api.User
 
 	// Retrieve author and committer information
@@ -103,13 +103,13 @@ func ToCommit(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Rep
 	}
 
 	if ok {
-		apiAuthor = ToUser(ctx, cacheAuthor, nil)
+		apiAuthor = ToUser(ctx, cacheAuthor, doer)
 	} else {
 		author, err := user_model.GetUserByEmail(ctx, commit.Author.Email)
 		if err != nil && !user_model.IsErrUserNotExist(err) {
 			return nil, err
 		} else if err == nil {
-			apiAuthor = ToUser(ctx, author, nil)
+			apiAuthor = ToUser(ctx, author, doer)
 			if userCache != nil {
 				userCache[commit.Author.Email] = author
 			}
@@ -125,13 +125,13 @@ func ToCommit(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Rep
 	}
 
 	if ok {
-		apiCommitter = ToUser(ctx, cacheCommitter, nil)
+		apiCommitter = ToUser(ctx, cacheCommitter, doer)
 	} else {
 		committer, err := user_model.GetUserByEmail(ctx, commit.Committer.Email)
 		if err != nil && !user_model.IsErrUserNotExist(err) {
 			return nil, err
 		} else if err == nil {
-			apiCommitter = ToUser(ctx, committer, nil)
+			apiCommitter = ToUser(ctx, committer, doer)
 			if userCache != nil {
 				userCache[commit.Committer.Email] = committer
 			}
diff --git a/services/convert/issue.go b/services/convert/issue.go
index 668affe09a..3d936d6fac 100644
--- a/services/convert/issue.go
+++ b/services/convert/issue.go
@@ -88,9 +88,9 @@ func toIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Iss
 	}
 	if len(issue.Assignees) > 0 {
 		for _, assignee := range issue.Assignees {
-			apiIssue.Assignees = append(apiIssue.Assignees, ToUser(ctx, assignee, nil))
+			apiIssue.Assignees = append(apiIssue.Assignees, ToUser(ctx, assignee, doer))
 		}
-		apiIssue.Assignee = ToUser(ctx, issue.Assignees[0], nil) // For compatibility, we're keeping the first assignee as `apiIssue.Assignee`
+		apiIssue.Assignee = ToUser(ctx, issue.Assignees[0], doer) // For compatibility, we're keeping the first assignee as `apiIssue.Assignee`
 	}
 	if issue.IsPull {
 		if err := issue.LoadPullRequest(ctx); err != nil {
diff --git a/services/convert/issue_comment.go b/services/convert/issue_comment.go
index 9ec9ac7684..f03a28dedb 100644
--- a/services/convert/issue_comment.go
+++ b/services/convert/issue_comment.go
@@ -15,10 +15,10 @@ import (
 )
 
 // ToAPIComment converts a issues_model.Comment to the api.Comment format for API usage
-func ToAPIComment(ctx context.Context, repo *repo_model.Repository, c *issues_model.Comment) *api.Comment {
+func ToAPIComment(ctx context.Context, repo *repo_model.Repository, c *issues_model.Comment, doer *user_model.User) *api.Comment {
 	return &api.Comment{
 		ID:          c.ID,
-		Poster:      ToUser(ctx, c.Poster, nil),
+		Poster:      ToUser(ctx, c.Poster, doer),
 		HTMLURL:     c.HTMLURL(ctx),
 		IssueURL:    c.IssueURL(ctx),
 		PRURL:       c.PRURL(ctx),
@@ -81,7 +81,7 @@ func ToTimelineComment(ctx context.Context, repo *repo_model.Repository, c *issu
 	comment := &api.TimelineComment{
 		ID:       c.ID,
 		Type:     c.Type.String(),
-		Poster:   ToUser(ctx, c.Poster, nil),
+		Poster:   ToUser(ctx, c.Poster, doer),
 		HTMLURL:  c.HTMLURL(ctx),
 		IssueURL: c.IssueURL(ctx),
 		PRURL:    c.PRURL(ctx),
@@ -143,7 +143,7 @@ func ToTimelineComment(ctx context.Context, repo *repo_model.Repository, c *issu
 			log.Error("LoadPoster: %v", err)
 			return nil
 		}
-		comment.RefComment = ToAPIComment(ctx, repo, com)
+		comment.RefComment = ToAPIComment(ctx, repo, com, doer)
 	}
 
 	if c.Label != nil {
@@ -169,14 +169,14 @@ func ToTimelineComment(ctx context.Context, repo *repo_model.Repository, c *issu
 	}
 
 	if c.Assignee != nil {
-		comment.Assignee = ToUser(ctx, c.Assignee, nil)
+		comment.Assignee = ToUser(ctx, c.Assignee, doer)
 	}
 	if c.AssigneeTeam != nil {
 		comment.AssigneeTeam, _ = ToTeam(ctx, c.AssigneeTeam)
 	}
 
 	if c.ResolveDoer != nil {
-		comment.ResolveDoer = ToUser(ctx, c.ResolveDoer, nil)
+		comment.ResolveDoer = ToUser(ctx, c.ResolveDoer, doer)
 	}
 
 	if c.DependentIssue != nil {
diff --git a/services/convert/notification.go b/services/convert/notification.go
index 41063cf399..760a1e6b27 100644
--- a/services/convert/notification.go
+++ b/services/convert/notification.go
@@ -10,11 +10,12 @@ import (
 	activities_model "code.gitea.io/gitea/models/activities"
 	"code.gitea.io/gitea/models/perm"
 	access_model "code.gitea.io/gitea/models/perm/access"
+	user_model "code.gitea.io/gitea/models/user"
 	api "code.gitea.io/gitea/modules/structs"
 )
 
 // ToNotificationThread convert a Notification to api.NotificationThread
-func ToNotificationThread(ctx context.Context, n *activities_model.Notification) *api.NotificationThread {
+func ToNotificationThread(ctx context.Context, n *activities_model.Notification, doer *user_model.User) *api.NotificationThread {
 	result := &api.NotificationThread{
 		ID:        n.ID,
 		Unread:    !(n.Status == activities_model.NotificationStatusRead || n.Status == activities_model.NotificationStatusPinned),
@@ -25,7 +26,7 @@ func ToNotificationThread(ctx context.Context, n *activities_model.Notification)
 
 	// since user only get notifications when he has access to use minimal access mode
 	if n.Repository != nil {
-		result.Repository = ToRepo(ctx, n.Repository, access_model.Permission{AccessMode: perm.AccessModeRead})
+		result.Repository = ToRepo(ctx, n.Repository, access_model.Permission{AccessMode: perm.AccessModeRead}, doer)
 
 		// This permission is not correct and we should not be reporting it
 		for repository := result.Repository; repository != nil; repository = repository.Parent {
@@ -89,10 +90,10 @@ func ToNotificationThread(ctx context.Context, n *activities_model.Notification)
 }
 
 // ToNotifications convert list of Notification to api.NotificationThread list
-func ToNotifications(ctx context.Context, nl activities_model.NotificationList) []*api.NotificationThread {
+func ToNotifications(ctx context.Context, nl activities_model.NotificationList, doer *user_model.User) []*api.NotificationThread {
 	result := make([]*api.NotificationThread, 0, len(nl))
 	for _, n := range nl {
-		result = append(result, ToNotificationThread(ctx, n))
+		result = append(result, ToNotificationThread(ctx, n, doer))
 	}
 	return result
 }
diff --git a/services/convert/package.go b/services/convert/package.go
index b27992bea9..c28781af7b 100644
--- a/services/convert/package.go
+++ b/services/convert/package.go
@@ -22,7 +22,7 @@ func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_m
 		}
 
 		if permission.HasAnyUnitAccess() {
-			repo = ToRepo(ctx, pd.Repository, permission)
+			repo = ToRepo(ctx, pd.Repository, permission, doer)
 		}
 	}
 
diff --git a/services/convert/pull.go b/services/convert/pull.go
index 775bf3806d..ec7a8454a6 100644
--- a/services/convert/pull.go
+++ b/services/convert/pull.go
@@ -81,7 +81,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 			Name:       pr.BaseBranch,
 			Ref:        pr.BaseBranch,
 			RepoID:     pr.BaseRepoID,
-			Repository: ToRepo(ctx, pr.BaseRepo, p),
+			Repository: ToRepo(ctx, pr.BaseRepo, p, doer),
 		},
 		Head: &api.PRBranchInfo{
 			Name:   pr.HeadBranch,
@@ -95,7 +95,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 		return nil
 	}
 	for _, reviewer := range pr.RequestedReviewers {
-		apiPullRequest.RequestedReviewers = append(apiPullRequest.RequestedReviewers, ToUser(ctx, reviewer, nil))
+		apiPullRequest.RequestedReviewers = append(apiPullRequest.RequestedReviewers, ToUser(ctx, reviewer, doer))
 	}
 
 	if pr.Issue.ClosedUnix != 0 {
@@ -153,7 +153,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 		}
 
 		apiPullRequest.Head.RepoID = pr.HeadRepo.ID
-		apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p)
+		apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p, doer)
 
 		headGitRepo, err := gitrepo.OpenRepository(ctx, pr.HeadRepo)
 		if err != nil {
@@ -211,7 +211,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 	if pr.HasMerged {
 		apiPullRequest.Merged = pr.MergedUnix.AsTimePtr()
 		apiPullRequest.MergedCommitID = &pr.MergedCommitID
-		apiPullRequest.MergedBy = ToUser(ctx, pr.Merger, nil)
+		apiPullRequest.MergedBy = ToUser(ctx, pr.Merger, doer)
 	}
 
 	return apiPullRequest
diff --git a/services/convert/pull_test.go b/services/convert/pull_test.go
index e069fa4a68..7b262cd2af 100644
--- a/services/convert/pull_test.go
+++ b/services/convert/pull_test.go
@@ -32,7 +32,7 @@ func TestPullRequest_APIFormat(t *testing.T) {
 		Ref:        "refs/pull/2/head",
 		Sha:        "4a357436d925b5c974181ff12a994538ddc5a269",
 		RepoID:     1,
-		Repository: ToRepo(db.DefaultContext, headRepo, access_model.Permission{AccessMode: perm.AccessModeRead}),
+		Repository: ToRepo(db.DefaultContext, headRepo, access_model.Permission{AccessMode: perm.AccessModeRead}, nil),
 	}, apiPullRequest.Head)
 
 	// withOut HeadRepo
diff --git a/services/convert/release.go b/services/convert/release.go
index bfff53e62f..8a4c956673 100644
--- a/services/convert/release.go
+++ b/services/convert/release.go
@@ -7,11 +7,12 @@ import (
 	"context"
 
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	api "code.gitea.io/gitea/modules/structs"
 )
 
 // ToAPIRelease convert a repo_model.Release to api.Release
-func ToAPIRelease(ctx context.Context, repo *repo_model.Repository, r *repo_model.Release) *api.Release {
+func ToAPIRelease(ctx context.Context, repo *repo_model.Repository, r *repo_model.Release, doer *user_model.User) *api.Release {
 	return &api.Release{
 		ID:           r.ID,
 		TagName:      r.TagName,
@@ -27,7 +28,7 @@ func ToAPIRelease(ctx context.Context, repo *repo_model.Repository, r *repo_mode
 		IsPrerelease: r.IsPrerelease,
 		CreatedAt:    r.CreatedUnix.AsTime(),
 		PublishedAt:  r.CreatedUnix.AsTime(),
-		Publisher:    ToUser(ctx, r.Publisher, nil),
+		Publisher:    ToUser(ctx, r.Publisher, doer),
 		Attachments:  ToAPIAttachments(repo, r.Attachments),
 	}
 }
diff --git a/services/convert/release_test.go b/services/convert/release_test.go
index 201b27e16d..231081ba0f 100644
--- a/services/convert/release_test.go
+++ b/services/convert/release_test.go
@@ -20,7 +20,7 @@ func TestRelease_ToRelease(t *testing.T) {
 	release1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Release{ID: 1})
 	release1.LoadAttributes(db.DefaultContext)
 
-	apiRelease := ToAPIRelease(db.DefaultContext, repo1, release1)
+	apiRelease := ToAPIRelease(db.DefaultContext, repo1, release1, nil)
 	assert.NotNil(t, apiRelease)
 	assert.EqualValues(t, 1, apiRelease.ID)
 	assert.EqualValues(t, "https://try.gitea.io/api/v1/repos/user2/repo1/releases/1", apiRelease.URL)
diff --git a/services/convert/repository.go b/services/convert/repository.go
index 3b293fe550..d031b1d523 100644
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@@ -13,16 +13,17 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
 )
 
 // ToRepo converts a Repository to api.Repository
-func ToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission) *api.Repository {
-	return innerToRepo(ctx, repo, permissionInRepo, false)
+func ToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, doer *user_model.User) *api.Repository {
+	return innerToRepo(ctx, repo, permissionInRepo, false, doer)
 }
 
-func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, isParent bool) *api.Repository {
+func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, isParent bool, doer *user_model.User) *api.Repository {
 	var parent *api.Repository
 
 	if !permissionInRepo.HasUnits() && permissionInRepo.AccessMode > perm.AccessModeNone {
@@ -51,7 +52,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 			//        But there isn't a good way to get the permission of the parent repo, because the doer is not passed in.
 			//        Use the permission of the current repo to keep the behavior consistent with the old API.
 			//        Maybe the right way is setting the permission of the parent repo to nil, empty is better than wrong.
-			parent = innerToRepo(ctx, repo.BaseRepo, permissionInRepo, true)
+			parent = innerToRepo(ctx, repo.BaseRepo, permissionInRepo, true, doer)
 		}
 	}
 
@@ -165,7 +166,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 			if err := t.LoadAttributes(ctx); err != nil {
 				log.Warn("LoadAttributes of RepoTransfer: %v", err)
 			} else {
-				transfer = ToRepoTransfer(ctx, t)
+				transfer = ToRepoTransfer(ctx, t, doer)
 			}
 		}
 	}
@@ -240,12 +241,12 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 }
 
 // ToRepoTransfer convert a models.RepoTransfer to a structs.RepeTransfer
-func ToRepoTransfer(ctx context.Context, t *models.RepoTransfer) *api.RepoTransfer {
+func ToRepoTransfer(ctx context.Context, t *models.RepoTransfer, doer *user_model.User) *api.RepoTransfer {
 	teams, _ := ToTeams(ctx, t.Teams, false)
 
 	return &api.RepoTransfer{
-		Doer:      ToUser(ctx, t.Doer, nil),
-		Recipient: ToUser(ctx, t.Recipient, nil),
+		Doer:      ToUser(ctx, t.Doer, doer),
+		Recipient: ToUser(ctx, t.Recipient, doer),
 		Teams:     teams,
 	}
 }
diff --git a/services/convert/status.go b/services/convert/status.go
index 6cef63c1cd..0c415db866 100644
--- a/services/convert/status.go
+++ b/services/convert/status.go
@@ -12,7 +12,7 @@ import (
 )
 
 // ToCommitStatus converts git_model.CommitStatus to api.CommitStatus
-func ToCommitStatus(ctx context.Context, status *git_model.CommitStatus) *api.CommitStatus {
+func ToCommitStatus(ctx context.Context, status *git_model.CommitStatus, doer *user_model.User) *api.CommitStatus {
 	apiStatus := &api.CommitStatus{
 		Created:     status.CreatedUnix.AsTime(),
 		Updated:     status.CreatedUnix.AsTime(),
@@ -26,14 +26,14 @@ func ToCommitStatus(ctx context.Context, status *git_model.CommitStatus) *api.Co
 
 	if status.CreatorID != 0 {
 		creator, _ := user_model.GetUserByID(ctx, status.CreatorID)
-		apiStatus.Creator = ToUser(ctx, creator, nil)
+		apiStatus.Creator = ToUser(ctx, creator, doer)
 	}
 
 	return apiStatus
 }
 
 // ToCombinedStatus converts List of CommitStatus to a CombinedStatus
-func ToCombinedStatus(ctx context.Context, statuses []*git_model.CommitStatus, repo *api.Repository) *api.CombinedStatus {
+func ToCombinedStatus(ctx context.Context, statuses []*git_model.CommitStatus, repo *api.Repository, doer *user_model.User) *api.CombinedStatus {
 	if len(statuses) == 0 {
 		return nil
 	}
@@ -47,7 +47,7 @@ func ToCombinedStatus(ctx context.Context, statuses []*git_model.CommitStatus, r
 
 	retStatus.Statuses = make([]*api.CommitStatus, 0, len(statuses))
 	for _, status := range statuses {
-		retStatus.Statuses = append(retStatus.Statuses, ToCommitStatus(ctx, status))
+		retStatus.Statuses = append(retStatus.Statuses, ToCommitStatus(ctx, status, doer))
 		if retStatus.State == "" || status.State.NoBetterThan(retStatus.State) {
 			retStatus.State = status.State
 		}
diff --git a/services/webhook/notifier.go b/services/webhook/notifier.go
index 587caf62ff..25d3d94d8f 100644
--- a/services/webhook/notifier.go
+++ b/services/webhook/notifier.go
@@ -60,7 +60,7 @@ func (m *webhookNotifier) IssueClearLabels(ctx context.Context, doer *user_model
 			Action:      api.HookIssueLabelCleared,
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		})
 	} else {
@@ -68,7 +68,7 @@ func (m *webhookNotifier) IssueClearLabels(ctx context.Context, doer *user_model
 			Action:     api.HookIssueLabelCleared,
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		})
 	}
@@ -83,8 +83,8 @@ func (m *webhookNotifier) ForkRepository(ctx context.Context, doer *user_model.U
 
 	// forked webhook
 	if err := PrepareWebhooks(ctx, EventSource{Repository: oldRepo}, webhook_module.HookEventFork, &api.ForkPayload{
-		Forkee: convert.ToRepo(ctx, oldRepo, oldPermission),
-		Repo:   convert.ToRepo(ctx, repo, permission),
+		Forkee: convert.ToRepo(ctx, oldRepo, oldPermission, nil),
+		Repo:   convert.ToRepo(ctx, repo, permission, nil),
 		Sender: convert.ToUser(ctx, doer, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks [repo_id: %d]: %v", oldRepo.ID, err)
@@ -96,7 +96,7 @@ func (m *webhookNotifier) ForkRepository(ctx context.Context, doer *user_model.U
 	if u.IsOrganization() {
 		if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
 			Action:       api.HookRepoCreated,
-			Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+			Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 			Organization: convert.ToUser(ctx, u, nil),
 			Sender:       convert.ToUser(ctx, doer, nil),
 		}); err != nil {
@@ -109,7 +109,7 @@ func (m *webhookNotifier) CreateRepository(ctx context.Context, doer, u *user_mo
 	// Add to hook queue for created repo after session commit.
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
 		Action:       api.HookRepoCreated,
-		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Organization: convert.ToUser(ctx, u, nil),
 		Sender:       convert.ToUser(ctx, doer, nil),
 	}); err != nil {
@@ -120,7 +120,7 @@ func (m *webhookNotifier) CreateRepository(ctx context.Context, doer, u *user_mo
 func (m *webhookNotifier) DeleteRepository(ctx context.Context, doer *user_model.User, repo *repo_model.Repository) {
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
 		Action:       api.HookRepoDeleted,
-		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Organization: convert.ToUser(ctx, repo.MustOwner(ctx), nil),
 		Sender:       convert.ToUser(ctx, doer, nil),
 	}); err != nil {
@@ -132,7 +132,7 @@ func (m *webhookNotifier) MigrateRepository(ctx context.Context, doer, u *user_m
 	// Add to hook queue for created repo after session commit.
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
 		Action:       api.HookRepoCreated,
-		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Organization: convert.ToUser(ctx, u, nil),
 		Sender:       convert.ToUser(ctx, doer, nil),
 	}); err != nil {
@@ -151,7 +151,7 @@ func (m *webhookNotifier) IssueChangeAssignee(ctx context.Context, doer *user_mo
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		}
 		if removed {
@@ -169,7 +169,7 @@ func (m *webhookNotifier) IssueChangeAssignee(ctx context.Context, doer *user_mo
 		apiIssue := &api.IssuePayload{
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		}
 		if removed {
@@ -202,7 +202,7 @@ func (m *webhookNotifier) IssueChangeTitle(ctx context.Context, doer *user_model
 				},
 			},
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		})
 	} else {
@@ -215,7 +215,7 @@ func (m *webhookNotifier) IssueChangeTitle(ctx context.Context, doer *user_model
 				},
 			},
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		})
 	}
@@ -237,7 +237,7 @@ func (m *webhookNotifier) IssueChangeStatus(ctx context.Context, doer *user_mode
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 			CommitID:    commitID,
 		}
@@ -251,7 +251,7 @@ func (m *webhookNotifier) IssueChangeStatus(ctx context.Context, doer *user_mode
 		apiIssue := &api.IssuePayload{
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 			CommitID:   commitID,
 		}
@@ -282,7 +282,7 @@ func (m *webhookNotifier) NewIssue(ctx context.Context, issue *issues_model.Issu
 		Action:     api.HookIssueOpened,
 		Index:      issue.Index,
 		Issue:      convert.ToAPIIssue(ctx, issue.Poster, issue),
-		Repository: convert.ToRepo(ctx, issue.Repo, permission),
+		Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, issue.Poster, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks: %v", err)
@@ -308,7 +308,7 @@ func (m *webhookNotifier) NewPullRequest(ctx context.Context, pull *issues_model
 		Action:      api.HookIssueOpened,
 		Index:       pull.Issue.Index,
 		PullRequest: convert.ToAPIPullRequest(ctx, pull, nil),
-		Repository:  convert.ToRepo(ctx, pull.Issue.Repo, permission),
+		Repository:  convert.ToRepo(ctx, pull.Issue.Repo, permission, nil),
 		Sender:      convert.ToUser(ctx, pull.Issue.Poster, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks: %v", err)
@@ -337,7 +337,7 @@ func (m *webhookNotifier) IssueChangeContent(ctx context.Context, doer *user_mod
 				},
 			},
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		})
 	} else {
@@ -350,7 +350,7 @@ func (m *webhookNotifier) IssueChangeContent(ctx context.Context, doer *user_mod
 				},
 			},
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		})
 	}
@@ -385,13 +385,13 @@ func (m *webhookNotifier) UpdateComment(ctx context.Context, doer *user_model.Us
 	if err := PrepareWebhooks(ctx, EventSource{Repository: c.Issue.Repo}, eventType, &api.IssueCommentPayload{
 		Action:  api.HookIssueCommentEdited,
 		Issue:   convert.ToAPIIssue(ctx, doer, c.Issue),
-		Comment: convert.ToAPIComment(ctx, c.Issue.Repo, c),
+		Comment: convert.ToAPIComment(ctx, c.Issue.Repo, c, nil),
 		Changes: &api.ChangesPayload{
 			Body: &api.ChangesFromPayload{
 				From: oldContent,
 			},
 		},
-		Repository: convert.ToRepo(ctx, c.Issue.Repo, permission),
+		Repository: convert.ToRepo(ctx, c.Issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		IsPull:     c.Issue.IsPull,
 	}); err != nil {
@@ -413,8 +413,8 @@ func (m *webhookNotifier) CreateIssueComment(ctx context.Context, doer *user_mod
 	if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, eventType, &api.IssueCommentPayload{
 		Action:     api.HookIssueCommentCreated,
 		Issue:      convert.ToAPIIssue(ctx, doer, issue),
-		Comment:    convert.ToAPIComment(ctx, repo, comment),
-		Repository: convert.ToRepo(ctx, repo, permission),
+		Comment:    convert.ToAPIComment(ctx, repo, comment, nil),
+		Repository: convert.ToRepo(ctx, repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		IsPull:     issue.IsPull,
 	}); err != nil {
@@ -450,8 +450,8 @@ func (m *webhookNotifier) DeleteComment(ctx context.Context, doer *user_model.Us
 	if err := PrepareWebhooks(ctx, EventSource{Repository: comment.Issue.Repo}, eventType, &api.IssueCommentPayload{
 		Action:     api.HookIssueCommentDeleted,
 		Issue:      convert.ToAPIIssue(ctx, doer, comment.Issue),
-		Comment:    convert.ToAPIComment(ctx, comment.Issue.Repo, comment),
-		Repository: convert.ToRepo(ctx, comment.Issue.Repo, permission),
+		Comment:    convert.ToAPIComment(ctx, comment.Issue.Repo, comment, nil),
+		Repository: convert.ToRepo(ctx, comment.Issue.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		IsPull:     comment.Issue.IsPull,
 	}); err != nil {
@@ -463,7 +463,7 @@ func (m *webhookNotifier) NewWikiPage(ctx context.Context, doer *user_model.User
 	// Add to hook queue for created wiki page.
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
 		Action:     api.HookWikiCreated,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 		Comment:    comment,
@@ -476,7 +476,7 @@ func (m *webhookNotifier) EditWikiPage(ctx context.Context, doer *user_model.Use
 	// Add to hook queue for edit wiki page.
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
 		Action:     api.HookWikiEdited,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 		Comment:    comment,
@@ -489,7 +489,7 @@ func (m *webhookNotifier) DeleteWikiPage(ctx context.Context, doer *user_model.U
 	// Add to hook queue for edit wiki page.
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
 		Action:     api.HookWikiDeleted,
-		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 		Page:       page,
 	}); err != nil {
@@ -526,7 +526,7 @@ func (m *webhookNotifier) IssueChangeLabels(ctx context.Context, doer *user_mode
 			Action:      api.HookIssueLabelUpdated,
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+			Repository:  convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		})
 	} else {
@@ -534,7 +534,7 @@ func (m *webhookNotifier) IssueChangeLabels(ctx context.Context, doer *user_mode
 			Action:     api.HookIssueLabelUpdated,
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		})
 	}
@@ -568,7 +568,7 @@ func (m *webhookNotifier) IssueChangeMilestone(ctx context.Context, doer *user_m
 			Action:      hookAction,
 			Index:       issue.Index,
 			PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
-			Repository:  convert.ToRepo(ctx, issue.Repo, permission),
+			Repository:  convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:      convert.ToUser(ctx, doer, nil),
 		})
 	} else {
@@ -576,7 +576,7 @@ func (m *webhookNotifier) IssueChangeMilestone(ctx context.Context, doer *user_m
 			Action:     hookAction,
 			Index:      issue.Index,
 			Issue:      convert.ToAPIIssue(ctx, doer, issue),
-			Repository: convert.ToRepo(ctx, issue.Repo, permission),
+			Repository: convert.ToRepo(ctx, issue.Repo, permission, nil),
 			Sender:     convert.ToUser(ctx, doer, nil),
 		})
 	}
@@ -601,7 +601,7 @@ func (m *webhookNotifier) PushCommits(ctx context.Context, pusher *user_model.Us
 		Commits:      apiCommits,
 		TotalCommits: commits.Len,
 		HeadCommit:   apiHeadCommit,
-		Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Pusher:       apiPusher,
 		Sender:       apiPusher,
 	}); err != nil {
@@ -641,7 +641,7 @@ func (*webhookNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
 	apiPullRequest := &api.PullRequestPayload{
 		Index:       pr.Issue.Index,
 		PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission),
+		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, permission, nil),
 		Sender:      convert.ToUser(ctx, doer, nil),
 		Action:      api.HookIssueClosed,
 	}
@@ -669,7 +669,7 @@ func (m *webhookNotifier) PullRequestChangeTargetBranch(ctx context.Context, doe
 			},
 		},
 		PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-		Repository:  convert.ToRepo(ctx, issue.Repo, mode),
+		Repository:  convert.ToRepo(ctx, issue.Repo, mode, nil),
 		Sender:      convert.ToUser(ctx, doer, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks [pr: %d]: %v", pr.ID, err)
@@ -706,7 +706,7 @@ func (m *webhookNotifier) PullRequestReview(ctx context.Context, pr *issues_mode
 		Action:      api.HookIssueReviewed,
 		Index:       review.Issue.Index,
 		PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-		Repository:  convert.ToRepo(ctx, review.Issue.Repo, permission),
+		Repository:  convert.ToRepo(ctx, review.Issue.Repo, permission, nil),
 		Sender:      convert.ToUser(ctx, review.Reviewer, nil),
 		Review: &api.ReviewPayload{
 			Type:    string(reviewHookType),
@@ -731,7 +731,7 @@ func (m *webhookNotifier) PullRequestReviewRequest(ctx context.Context, doer *us
 		Index:             issue.Index,
 		PullRequest:       convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
 		RequestedReviewer: convert.ToUser(ctx, reviewer, nil),
-		Repository:        convert.ToRepo(ctx, issue.Repo, permission),
+		Repository:        convert.ToRepo(ctx, issue.Repo, permission, nil),
 		Sender:            convert.ToUser(ctx, doer, nil),
 	}
 	if isRequest {
@@ -747,7 +747,7 @@ func (m *webhookNotifier) PullRequestReviewRequest(ctx context.Context, doer *us
 
 func (m *webhookNotifier) CreateRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName, refID string) {
 	apiPusher := convert.ToUser(ctx, pusher, nil)
-	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeNone})
+	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeNone}, nil)
 	refName := refFullName.ShortName()
 
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventCreate, &api.CreatePayload{
@@ -775,7 +775,7 @@ func (m *webhookNotifier) PullRequestSynchronized(ctx context.Context, doer *use
 		Action:      api.HookIssueSynchronized,
 		Index:       pr.Issue.Index,
 		PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
-		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repository:  convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Sender:      convert.ToUser(ctx, doer, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks [pull_id: %v]: %v", pr.ID, err)
@@ -784,7 +784,7 @@ func (m *webhookNotifier) PullRequestSynchronized(ctx context.Context, doer *use
 
 func (m *webhookNotifier) DeleteRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName) {
 	apiPusher := convert.ToUser(ctx, pusher, nil)
-	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner})
+	apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil)
 	refName := refFullName.ShortName()
 
 	if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventDelete, &api.DeletePayload{
@@ -807,8 +807,8 @@ func sendReleaseHook(ctx context.Context, doer *user_model.User, rel *repo_model
 	permission, _ := access_model.GetUserRepoPermission(ctx, rel.Repo, doer)
 	if err := PrepareWebhooks(ctx, EventSource{Repository: rel.Repo}, webhook_module.HookEventRelease, &api.ReleasePayload{
 		Action:     action,
-		Release:    convert.ToAPIRelease(ctx, rel.Repo, rel),
-		Repository: convert.ToRepo(ctx, rel.Repo, permission),
+		Release:    convert.ToAPIRelease(ctx, rel.Repo, rel, nil),
+		Repository: convert.ToRepo(ctx, rel.Repo, permission, nil),
 		Sender:     convert.ToUser(ctx, doer, nil),
 	}); err != nil {
 		log.Error("PrepareWebhooks: %v", err)
@@ -843,7 +843,7 @@ func (m *webhookNotifier) SyncPushCommits(ctx context.Context, pusher *user_mode
 		Commits:      apiCommits,
 		TotalCommits: commits.Len,
 		HeadCommit:   apiHeadCommit,
-		Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
+		Repo:         convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}, nil),
 		Pusher:       apiPusher,
 		Sender:       apiPusher,
 	}); err != nil {
diff --git a/tests/integration/api_comment_test.go b/tests/integration/api_comment_test.go
index 255b8332b2..9441b7536f 100644
--- a/tests/integration/api_comment_test.go
+++ b/tests/integration/api_comment_test.go
@@ -155,7 +155,7 @@ func TestAPIGetComment(t *testing.T) {
 	DecodeJSON(t, resp, &apiComment)
 
 	assert.NoError(t, comment.LoadPoster(db.DefaultContext))
-	expect := convert.ToAPIComment(db.DefaultContext, repo, comment)
+	expect := convert.ToAPIComment(db.DefaultContext, repo, comment, nil)
 
 	assert.Equal(t, expect.ID, apiComment.ID)
 	assert.Equal(t, expect.Poster.FullName, apiComment.Poster.FullName)