Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints
You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.
This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.
Closes #17728
Co-authored-by: 6543 <6543@obermui.de>
// update minDBVersion accordingly
var migrations = []Migration{
// Gitea 1.5.0 ends at v69
+
// v70 -> v71
NewMigration("add issue_dependencies", addIssueDependencies),
// v71 -> v72
NewMigration("Create ForeignReference table", createForeignReferenceTable),
// v212 -> v213
NewMigration("Add package tables", addPackageTables),
+ // v213 -> v214
+ NewMigration("Add allow edits from maintainers to PullRequest table", addAllowMaintainerEdit),
}
// GetCurrentDBVersion returns the current db version
--- /dev/null
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+ "xorm.io/xorm"
+)
+
+func addAllowMaintainerEdit(x *xorm.Engine) error {
+ // PullRequest represents relation between pull request and repositories.
+ type PullRequest struct {
+ AllowMaintainerEdit bool `xorm:"NOT NULL DEFAULT false"`
+ }
+
+ return x.Sync2(new(PullRequest))
+}
Issue *Issue `xorm:"-"`
Index int64
- HeadRepoID int64 `xorm:"INDEX"`
- HeadRepo *repo_model.Repository `xorm:"-"`
- BaseRepoID int64 `xorm:"INDEX"`
- BaseRepo *repo_model.Repository `xorm:"-"`
- HeadBranch string
- HeadCommitID string `xorm:"-"`
- BaseBranch string
- ProtectedBranch *ProtectedBranch `xorm:"-"`
- MergeBase string `xorm:"VARCHAR(40)"`
+ HeadRepoID int64 `xorm:"INDEX"`
+ HeadRepo *repo_model.Repository `xorm:"-"`
+ BaseRepoID int64 `xorm:"INDEX"`
+ BaseRepo *repo_model.Repository `xorm:"-"`
+ HeadBranch string
+ HeadCommitID string `xorm:"-"`
+ BaseBranch string
+ ProtectedBranch *ProtectedBranch `xorm:"-"`
+ MergeBase string `xorm:"VARCHAR(40)"`
+ AllowMaintainerEdit bool `xorm:"NOT NULL DEFAULT false"`
HasMerged bool `xorm:"INDEX"`
MergedCommitID string `xorm:"VARCHAR(40)"`
return pr.HeadRepo.HTMLURL() + "/src/branch/" + util.PathEscapeSegments(pr.HeadBranch)
}
+// UpdateAllowEdits update if PR can be edited from maintainers
+func UpdateAllowEdits(ctx context.Context, pr *PullRequest) error {
+ if _, err := db.GetEngine(ctx).ID(pr.ID).Cols("allow_maintainer_edit").Update(pr); err != nil {
+ return err
+ }
+ return nil
+}
+
// Mergeable returns if the pullrequest is mergeable.
func (pr *PullRequest) Mergeable() bool {
// If a pull request isn't mergable if it's:
return p.CanWrite(unit.TypeIssues)
}
+// CanWriteToBranch checks if the branch is writable by the user
+func (p *Permission) CanWriteToBranch(user *user_model.User, branch string) bool {
+ if p.CanWrite(unit.TypeCode) {
+ return true
+ }
+
+ if len(p.Units) < 1 {
+ return false
+ }
+
+ prs, err := GetUnmergedPullRequestsByHeadInfo(p.Units[0].RepoID, branch)
+ if err != nil {
+ return false
+ }
+
+ for _, pr := range prs {
+ if pr.AllowMaintainerEdit {
+ err = pr.LoadBaseRepo()
+ if err != nil {
+ continue
+ }
+ prPerm, err := GetUserRepoPermission(db.DefaultContext, pr.BaseRepo, user)
+ if err != nil {
+ continue
+ }
+ if prPerm.CanWrite(unit.TypeCode) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
// ColorFormat writes a colored string for these Permissions
func (p *Permission) ColorFormat(s fmt.State) {
noColor := log.ColorBytes(log.Reset)
perm)
}()
}
+
// anonymous user visit private repo.
// TODO: anonymous user visit public unit of private repo???
if user == nil && repo.IsPrivate {
}
}
+// CanEnableEditor checks if the user is allowed to write to the branch of the repo
+func CanEnableEditor() func(ctx *Context) {
+ return func(ctx *Context) {
+ if !ctx.Repo.Permission.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
+ ctx.NotFound("CanWriteToBranch denies permission", nil)
+ return
+ }
+ }
+}
+
// RequireRepoWriterOr returns a middleware for requiring repository write to one of the unit permission
func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
return func(ctx *Context) {
}
// CanEnableEditor returns true if repository is editable and user has proper access level.
-func (r *Repository) CanEnableEditor() bool {
- return r.Permission.CanWrite(unit_model.TypeCode) && r.Repository.CanEnableEditor() && r.IsViewBranch && !r.Repository.IsArchived
+func (r *Repository) CanEnableEditor(user *user_model.User) bool {
+ return r.IsViewBranch && r.Permission.CanWriteToBranch(user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
}
// CanCreateBranch returns true if repository is editable and user has proper access level.
sign, keyID, _, err := asymkey_service.SignCRUDAction(ctx, r.Repository.RepoPath(), doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
- canCommit := r.CanEnableEditor() && userCanPush
+ canCommit := r.CanEnableEditor(doer) && userCanPush
if requireSigned {
canCommit = canCommit && sign
}
return CanCommitToBranchResults{
CanCommitToBranch: canCommit,
- EditorEnabled: r.CanEnableEditor(),
+ EditorEnabled: r.CanEnableEditor(doer),
UserCanPush: userCanPush,
RequireSigned: requireSigned,
WillSign: sign,
func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *models.ProtectedBranch, user *user_model.User, isRepoAdmin bool) (*api.Branch, error) {
if bp == nil {
var hasPerm bool
+ var canPush bool
var err error
if user != nil {
hasPerm, err = models.HasAccessUnit(user, repo, unit.TypeCode, perm.AccessModeWrite)
if err != nil {
return nil, err
}
+
+ perms, err := models.GetUserRepoPermission(db.DefaultContext, repo, user)
+ if err != nil {
+ return nil, err
+ }
+ canPush = perms.CanWriteToBranch(user, b.Name)
}
return &api.Branch{
RequiredApprovals: 0,
EnableStatusCheck: false,
StatusCheckContexts: []string{},
- UserCanPush: hasPerm,
+ UserCanPush: canPush,
UserCanMerge: hasPerm,
}, nil
}
Created: pr.Issue.CreatedUnix.AsTimePtr(),
Updated: pr.Issue.UpdatedUnix.AsTimePtr(),
+ AllowMaintainerEdit: pr.AllowMaintainerEdit,
+
Base: &api.PRBranchInfo{
Name: pr.BaseBranch,
Ref: pr.BaseBranch,
Mergeable bool `json:"mergeable"`
HasMerged bool `json:"merged"`
// swagger:strfmt date-time
- Merged *time.Time `json:"merged_at"`
- MergedCommitID *string `json:"merge_commit_sha"`
- MergedBy *User `json:"merged_by"`
+ Merged *time.Time `json:"merged_at"`
+ MergedCommitID *string `json:"merge_commit_sha"`
+ MergedBy *User `json:"merged_by"`
+ AllowMaintainerEdit bool `json:"allow_maintainer_edit"`
Base *PRBranchInfo `json:"base"`
Head *PRBranchInfo `json:"head"`
Labels []int64 `json:"labels"`
State *string `json:"state"`
// swagger:strfmt date-time
- Deadline *time.Time `json:"due_date"`
- RemoveDeadline *bool `json:"unset_due_date"`
+ Deadline *time.Time `json:"due_date"`
+ RemoveDeadline *bool `json:"unset_due_date"`
+ AllowMaintainerEdit *bool `json:"allow_maintainer_edit"`
}
Content string `json:"content"`
}
+// Branch returns branch name
+func (o *CreateFileOptions) Branch() string {
+ return o.FileOptions.BranchName
+}
+
// DeleteFileOptions options for deleting files (used for other File structs below)
// Note: `author` and `committer` are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)
type DeleteFileOptions struct {
SHA string `json:"sha" binding:"Required"`
}
+// Branch returns branch name
+func (o *DeleteFileOptions) Branch() string {
+ return o.FileOptions.BranchName
+}
+
// UpdateFileOptions options for updating files
// Note: `author` and `committer` are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)
type UpdateFileOptions struct {
FromPath string `json:"from_path" binding:"MaxSize(500)"`
}
+// Branch returns branch name
+func (o *UpdateFileOptions) Branch() string {
+ return o.FileOptions.BranchName
+}
+
+// FileOptionInterface provides a unified interface for the different file options
+type FileOptionInterface interface {
+ Branch() string
+}
+
// ApplyDiffPatchFileOptions options for applying a diff patch
// Note: `author` and `committer` are optional (if only one is given, it will be used for the other, otherwise the authenticated user will be used)
type ApplyDiffPatchFileOptions struct {
pulls.new = New Pull Request
pulls.view = View Pull Request
pulls.compare_changes = New Pull Request
+pulls.allow_edits_from_maintainers = Allow edits from maintainers
+pulls.allow_edits_from_maintainers_desc = Users with write access to the base branch can also push to this branch
+pulls.allow_edits_from_maintainers_err = Updating failed
pulls.compare_changes_desc = Select the branch to merge into and the branch to pull from.
pulls.compare_base = merge into
pulls.compare_compare = pull from
}
}
+// reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
+func reqRepoBranchWriter(ctx *context.APIContext) {
+ options, ok := web.GetForm(ctx).(api.FileOptionInterface)
+ if !ok || (!ctx.Repo.CanWriteToBranch(ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) {
+ ctx.Error(http.StatusForbidden, "reqRepoBranchWriter", "user should have a permission to write to this branch")
+ return
+ }
+}
+
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
m.Get("", repo.GetContentsList)
m.Get("/*", repo.GetContents)
m.Group("/*", func() {
- m.Post("", bind(api.CreateFileOptions{}), repo.CreateFile)
- m.Put("", bind(api.UpdateFileOptions{}), repo.UpdateFile)
- m.Delete("", bind(api.DeleteFileOptions{}), repo.DeleteFile)
- }, reqRepoWriter(unit.TypeCode), reqToken())
+ m.Post("", bind(api.CreateFileOptions{}), reqRepoBranchWriter, repo.CreateFile)
+ m.Put("", bind(api.UpdateFileOptions{}), reqRepoBranchWriter, repo.UpdateFile)
+ m.Delete("", bind(api.DeleteFileOptions{}), reqRepoBranchWriter, repo.DeleteFile)
+ }, reqToken())
}, reqRepoReader(unit.TypeCode))
m.Get("/signing-key.gpg", misc.SigningKey)
m.Group("/topics", func() {
}
// canWriteFiles returns true if repository is editable and user has proper access level.
-func canWriteFiles(r *context.Repository) bool {
- return r.Permission.CanWrite(unit.TypeCode) && !r.Repository.IsMirror && !r.Repository.IsArchived
+func canWriteFiles(ctx *context.APIContext, branch string) bool {
+ return ctx.Repo.Permission.CanWriteToBranch(ctx.Doer, branch) &&
+ !ctx.Repo.Repository.IsMirror &&
+ !ctx.Repo.Repository.IsArchived
}
// canReadFiles returns true if repository is readable and user has proper access level.
// Called from both CreateFile or UpdateFile to handle both
func createOrUpdateFile(ctx *context.APIContext, opts *files_service.UpdateRepoFileOptions) (*api.FileResponse, error) {
- if !canWriteFiles(ctx.Repo) {
+ if !canWriteFiles(ctx, opts.OldBranch) {
return nil, models.ErrUserDoesNotHaveAccessToRepo{
UserID: ctx.Doer.ID,
RepoName: ctx.Repo.Repository.LowerName,
// "$ref": "#/responses/error"
apiOpts := web.GetForm(ctx).(*api.DeleteFileOptions)
- if !canWriteFiles(ctx.Repo) {
+ if !canWriteFiles(ctx, apiOpts.BranchName) {
ctx.Error(http.StatusForbidden, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{
UserID: ctx.Doer.ID,
RepoName: ctx.Repo.Repository.LowerName,
opts.Message = "apply-patch"
}
- if !canWriteFiles(ctx.Repo) {
+ if !canWriteFiles(ctx, apiOpts.BranchName) {
ctx.Error(http.StatusInternalServerError, "ApplyPatch", models.ErrUserDoesNotHaveAccessToRepo{
UserID: ctx.Doer.ID,
RepoName: ctx.Repo.Repository.LowerName,
notification.NotifyPullRequestChangeTargetBranch(ctx.Doer, pr, form.Base)
}
+ // update allow edits
+ if form.AllowMaintainerEdit != nil {
+ if err := pull_service.SetAllowEdits(ctx, ctx.Doer, pr, *form.AllowMaintainerEdit); err != nil {
+ if errors.Is(pull_service.ErrUserHasNoPermissionForAction, err) {
+ ctx.Error(http.StatusForbidden, "SetAllowEdits", fmt.Sprintf("SetAllowEdits: %s", err))
+ return
+ }
+ ctx.ServerError("SetAllowEdits", err)
+ return
+ }
+ }
+
// Refetch from database
pr, err = models.GetPullRequestByIndex(ctx.Repo.Repository.ID, pr.Index)
if err != nil {
env []string
opts *private.HookOptions
+
+ branchName string
}
// CanWriteCode returns true if pusher can write code
if !ctx.loadPusherAndPermission() {
return false
}
- ctx.canWriteCode = ctx.userPerm.CanWrite(unit.TypeCode) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite
+ ctx.canWriteCode = ctx.userPerm.CanWriteToBranch(ctx.user, ctx.branchName) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite
ctx.checkedCanWriteCode = true
}
return ctx.canWriteCode
}
func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullName string) {
+ branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
+ ctx.branchName = branchName
+
if !ctx.AssertCanWriteCode() {
return
}
repo := ctx.Repo.Repository
gitRepo := ctx.Repo.GitRepo
- branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA {
log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo)
}
ctx.Data["HeadRepo"] = ci.HeadRepo
+ ctx.Data["BaseCompareRepo"] = ctx.Repo.Repository
// Now we need to assert that the ctx.Doer has permission to read
// the baseRepo's code and pulls
ctx.NotFound("ParseCompareInfo", nil)
return nil
}
+ ctx.Data["CanWriteToHeadRepo"] = permHead.CanWrite(unit.TypeCode)
}
// If we have a rootRepo and it's different from:
if ctx.IsSigned {
if err := pull.LoadHeadRepoCtx(ctx); err != nil {
log.Error("LoadHeadRepo: %v", err)
- } else if pull.HeadRepo != nil && pull.HeadBranch != pull.HeadRepo.DefaultBranch {
+ } else if pull.HeadRepo != nil {
perm, err := models.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
}
if perm.CanWrite(unit.TypeCode) {
// Check if branch is not protected
- if protected, err := models.IsProtectedBranch(pull.HeadRepo.ID, pull.HeadBranch); err != nil {
- log.Error("IsProtectedBranch: %v", err)
- } else if !protected {
- canDelete = true
- ctx.Data["DeleteBranchLink"] = issue.Link() + "/cleanup"
+ if pull.HeadBranch != pull.HeadRepo.DefaultBranch {
+ if protected, err := models.IsProtectedBranch(pull.HeadRepo.ID, pull.HeadBranch); err != nil {
+ log.Error("IsProtectedBranch: %v", err)
+ } else if !protected {
+ canDelete = true
+ ctx.Data["DeleteBranchLink"] = issue.Link() + "/cleanup"
+ }
}
+ ctx.Data["CanWriteToHeadRepo"] = true
}
}
Content: form.Content,
}
pullRequest := &models.PullRequest{
- HeadRepoID: ci.HeadRepo.ID,
- BaseRepoID: repo.ID,
- HeadBranch: ci.HeadBranch,
- BaseBranch: ci.BaseBranch,
- HeadRepo: ci.HeadRepo,
- BaseRepo: repo,
- MergeBase: ci.CompareInfo.MergeBase,
- Type: models.PullRequestGitea,
+ HeadRepoID: ci.HeadRepo.ID,
+ BaseRepoID: repo.ID,
+ HeadBranch: ci.HeadBranch,
+ BaseBranch: ci.BaseBranch,
+ HeadRepo: ci.HeadRepo,
+ BaseRepo: repo,
+ MergeBase: ci.CompareInfo.MergeBase,
+ Type: models.PullRequestGitea,
+ AllowMaintainerEdit: form.AllowMaintainerEdit,
}
// FIXME: check error in the case two people send pull request at almost same time, give nice error prompt
// instead of 500.
"base_branch": pr.BaseBranch,
})
}
+
+// SetAllowEdits allow edits from maintainers to PRs
+func SetAllowEdits(ctx *context.Context) {
+ form := web.GetForm(ctx).(*forms.UpdateAllowEditsForm)
+
+ pr, err := models.GetPullRequestByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
+ if err != nil {
+ if models.IsErrPullRequestNotExist(err) {
+ ctx.NotFound("GetPullRequestByIndex", err)
+ } else {
+ ctx.ServerError("GetPullRequestByIndex", err)
+ }
+ return
+ }
+
+ if err := pull_service.SetAllowEdits(ctx, ctx.Doer, pr, form.AllowMaintainerEdit); err != nil {
+ if errors.Is(pull_service.ErrUserHasNoPermissionForAction, err) {
+ ctx.Error(http.StatusForbidden)
+ return
+ }
+ ctx.ServerError("SetAllowEdits", err)
+ return
+ }
+
+ ctx.JSON(http.StatusOK, map[string]interface{}{
+ "allow_maintainer_edit": pr.AllowMaintainerEdit,
+ })
+}
ctx.Data["LineEscapeStatus"] = statuses
}
if !isLFSFile {
- if ctx.Repo.CanEnableEditor() {
+ if ctx.Repo.CanEnableEditor(ctx.Doer) {
if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
ctx.Data["CanEditFile"] = false
ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
}
} else if !ctx.Repo.IsViewBranch {
ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
- } else if !ctx.Repo.CanWrite(unit_model.TypeCode) {
+ } else if !ctx.Repo.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.fork_before_edit")
}
}
}
}
- if ctx.Repo.CanEnableEditor() {
+ if ctx.Repo.CanEnableEditor(ctx.Doer) {
if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
ctx.Data["CanDeleteFile"] = false
ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
}
} else if !ctx.Repo.IsViewBranch {
ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
- } else if !ctx.Repo.CanWrite(unit_model.TypeCode) {
+ } else if !ctx.Repo.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_have_write_access")
}
}
reqRepoAdmin := context.RequireRepoAdmin()
reqRepoCodeWriter := context.RequireRepoWriter(unit.TypeCode)
+ canEnableEditor := context.CanEnableEditor()
reqRepoCodeReader := context.RequireRepoReader(unit.TypeCode)
reqRepoReleaseWriter := context.RequireRepoWriter(unit.TypeReleases)
reqRepoReleaseReader := context.RequireRepoReader(unit.TypeReleases)
Post(bindIgnErr(forms.EditRepoFileForm{}), repo.NewDiffPatchPost)
m.Combo("/_cherrypick/{sha:([a-f0-9]{7,40})}/*").Get(repo.CherryPick).
Post(bindIgnErr(forms.CherryPickForm{}), repo.CherryPickPost)
- }, context.RepoRefByType(context.RepoRefBranch), repo.MustBeEditable)
+ }, repo.MustBeEditable)
m.Group("", func() {
m.Post("/upload-file", repo.UploadFileToServer)
m.Post("/upload-remove", bindIgnErr(forms.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
- }, context.RepoRef(), repo.MustBeEditable, repo.MustBeAbleToUpload)
- }, context.RepoMustNotBeArchived(), reqRepoCodeWriter, repo.MustBeNotEmpty)
+ }, repo.MustBeEditable, repo.MustBeAbleToUpload)
+ }, context.RepoRef(), canEnableEditor, context.RepoMustNotBeArchived(), repo.MustBeNotEmpty)
m.Group("/branches", func() {
m.Group("/_new", func() {
m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
m.Post("/merge", context.RepoMustNotBeArchived(), bindIgnErr(forms.MergePullRequestForm{}), repo.MergePullRequest)
m.Post("/update", repo.UpdatePullRequest)
+ m.Post("/set_allow_maintainer_edit", bindIgnErr(forms.UpdateAllowEditsForm{}), repo.SetAllowEdits)
m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
m.Group("/files", func() {
m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.ViewPullFiles)
// CreateIssueForm form for creating issue
type CreateIssueForm struct {
- Title string `binding:"Required;MaxSize(255)"`
- LabelIDs string `form:"label_ids"`
- AssigneeIDs string `form:"assignee_ids"`
- Ref string `form:"ref"`
- MilestoneID int64
- ProjectID int64
- AssigneeID int64
- Content string
- Files []string
+ Title string `binding:"Required;MaxSize(255)"`
+ LabelIDs string `form:"label_ids"`
+ AssigneeIDs string `form:"assignee_ids"`
+ Ref string `form:"ref"`
+ MilestoneID int64
+ ProjectID int64
+ AssigneeID int64
+ Content string
+ Files []string
+ AllowMaintainerEdit bool
}
// Validate validates the fields
Message string
}
+// UpdateAllowEditsForm form for changing if PR allows edits from maintainers
+type UpdateAllowEditsForm struct {
+ AllowMaintainerEdit bool
+}
+
// __________ .__
// \______ \ ____ | | ____ _____ ______ ____
// | _// __ \| | _/ __ \\__ \ / ___// __ \
--- /dev/null
+// Copyright 2022 The Gitea Authors.
+// All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pull
+
+import (
+ "context"
+ "errors"
+
+ "code.gitea.io/gitea/models"
+ unit_model "code.gitea.io/gitea/models/unit"
+ user_model "code.gitea.io/gitea/models/user"
+)
+
+var ErrUserHasNoPermissionForAction = errors.New("user not allowed to do this action")
+
+// SetAllowEdits allow edits from maintainers to PRs
+func SetAllowEdits(ctx context.Context, doer *user_model.User, pr *models.PullRequest, allow bool) error {
+ if doer == nil || !pr.Issue.IsPoster(doer.ID) {
+ return ErrUserHasNoPermissionForAction
+ }
+
+ if err := pr.LoadHeadRepo(); err != nil {
+ return err
+ }
+
+ permission, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
+ if err != nil {
+ return err
+ }
+
+ if !permission.CanWrite(unit_model.TypeCode) {
+ return ErrUserHasNoPermissionForAction
+ }
+
+ pr.AllowMaintainerEdit = allow
+ return models.UpdateAllowEdits(ctx, pr)
+}
return false, false, nil
}
+ baseRepoPerm, err := models.GetUserRepoPermission(ctx, pull.BaseRepo, user)
+ if err != nil {
+ return false, false, err
+ }
+
mergeAllowed, err = IsUserAllowedToMerge(pr, headRepoPerm, user)
if err != nil {
return false, false, err
}
+ if pull.AllowMaintainerEdit {
+ mergeAllowedMaintainer, err := IsUserAllowedToMerge(pr, baseRepoPerm, user)
+ if err != nil {
+ return false, false, err
+ }
+
+ mergeAllowed = mergeAllowed || mergeAllowedMaintainer
+ }
+
return mergeAllowed, rebaseAllowed, nil
}
</a>
{{end}}
</div>
+ {{if and .PageIsComparePull (not (eq .HeadRepo.FullName .BaseCompareRepo.FullName)) .CanWriteToHeadRepo}}
+ <div class="ui divider"></div>
+ <div class="inline field">
+ <div class="ui checkbox">
+ <label class="tooltip" data-content="{{.i18n.Tr "repo.pulls.allow_edits_from_maintainers_desc"}}"><strong>{{.i18n.Tr "repo.pulls.allow_edits_from_maintainers"}}</strong></label>
+ <input name="allow_maintainer_edit" type="checkbox">
+ </div>
+ </div>
+ {{end}}
</div>
<input type="hidden" name="redirect_after_creation" value="{{.redirect_after_creation}}">
</div>
</form>
</div>
{{end}}
+
+ {{if and .Issue.IsPull .IsIssuePoster (not .Issue.IsClosed)}}
+ {{if and (not (eq .Issue.PullRequest.HeadRepo.FullName .Issue.PullRequest.BaseRepo.FullName)) .CanWriteToHeadRepo}}
+ <div class="ui divider"></div>
+ <div class="inline field">
+ <div class="ui checkbox" id="allow-edits-from-maintainers"
+ data-url="{{.Issue.Link}}"
+ data-prompt-tip="{{.i18n.Tr "repo.pulls.allow_edits_from_maintainers_desc"}}"
+ data-prompt-error="{{.i18n.Tr "repo.pulls.allow_edits_from_maintainers_err"}}"
+ >
+ <label><strong>{{.i18n.Tr "repo.pulls.allow_edits_from_maintainers"}}</strong></label>
+ <input type="checkbox" {{if .Issue.PullRequest.AllowMaintainerEdit}}checked{{end}}>
+ </div>
+ </div>
+ {{end}}
+ {{end}}
</div>
</div>
"description": "EditPullRequestOption options when modify pull request",
"type": "object",
"properties": {
+ "allow_maintainer_edit": {
+ "type": "boolean",
+ "x-go-name": "AllowMaintainerEdit"
+ },
"assignee": {
"type": "string",
"x-go-name": "Assignee"
"description": "PullRequest represents a pull request",
"type": "object",
"properties": {
+ "allow_maintainer_edit": {
+ "type": "boolean",
+ "x-go-name": "AllowMaintainerEdit"
+ },
"assignee": {
"$ref": "#/definitions/User"
},
});
}
+export function initRepoPullRequestAllowMaintainerEdit() {
+ const $checkbox = $('#allow-edits-from-maintainers');
+ if (!$checkbox.length) return;
+
+ const promptTip = $checkbox.attr('data-prompt-tip');
+ const promptError = $checkbox.attr('data-prompt-error');
+ $checkbox.popup({content: promptTip});
+ $checkbox.checkbox({
+ 'onChange': () => {
+ const checked = $checkbox.checkbox('is checked');
+ let url = $checkbox.attr('data-url');
+ url += '/set_allow_maintainer_edit';
+ $checkbox.checkbox('set disabled');
+ $.ajax({url, type: 'POST',
+ data: {_csrf: csrfToken, allow_maintainer_edit: checked},
+ error: () => {
+ $checkbox.popup({
+ content: promptError,
+ onHidden: () => {
+ // the error popup should be shown only once, then we restore the popup to the default message
+ $checkbox.popup({content: promptTip});
+ },
+ });
+ $checkbox.popup('show');
+ },
+ complete: () => {
+ $checkbox.checkbox('set enabled');
+ },
+ });
+ },
+ });
+}
+
export function initRepoIssueReferenceRepositorySearch() {
$('.issue_reference_repository_search')
.dropdown({
initRepoIssueTimeTracking,
initRepoIssueWipTitle,
initRepoPullRequestMergeInstruction,
+ initRepoPullRequestAllowMaintainerEdit,
initRepoPullRequestReview,
} from './features/repo-issue.js';
import {
initRepoMigrationStatusChecker();
initRepoProject();
initRepoPullRequestMergeInstruction();
+ initRepoPullRequestAllowMaintainerEdit();
initRepoPullRequestReview();
initRepoRelease();
initRepoReleaseEditor();
projects / gitea.git / commitdiff