summaryrefslogtreecommitdiffstats
path: root/modules/context
diff options
context:
space:
mode:
authorqwerty287 <80460567+qwerty287@users.noreply.github.com>2022-04-28 17:45:33 +0200
committerGitHub <noreply@github.com>2022-04-28 17:45:33 +0200
commit8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf (patch)
tree46049742d086daa7683db502883a58e94370a583 /modules/context
parent92dfbada3793fc2be23d38783d6842eac9825f58 (diff)
downloadgitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.tar.gz
gitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.zip
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'modules/context')
-rw-r--r--modules/context/permission.go10
-rw-r--r--modules/context/repo.go8
2 files changed, 14 insertions, 4 deletions
diff --git a/modules/context/permission.go b/modules/context/permission.go
index 142b86faea..8dc3b3cd46 100644
--- a/modules/context/permission.go
+++ b/modules/context/permission.go
@@ -29,6 +29,16 @@ func RequireRepoWriter(unitType unit.Type) func(ctx *Context) {
}
}
+// CanEnableEditor checks if the user is allowed to write to the branch of the repo
+func CanEnableEditor() func(ctx *Context) {
+ return func(ctx *Context) {
+ if !ctx.Repo.Permission.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
+ ctx.NotFound("CanWriteToBranch denies permission", nil)
+ return
+ }
+ }
+}
+
// RequireRepoWriterOr returns a middleware for requiring repository write to one of the unit permission
func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
return func(ctx *Context) {
diff --git a/modules/context/repo.go b/modules/context/repo.go
index a02bb7e869..b2c9a21f8e 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -78,8 +78,8 @@ type Repository struct {
}
// CanEnableEditor returns true if repository is editable and user has proper access level.
-func (r *Repository) CanEnableEditor() bool {
- return r.Permission.CanWrite(unit_model.TypeCode) && r.Repository.CanEnableEditor() && r.IsViewBranch && !r.Repository.IsArchived
+func (r *Repository) CanEnableEditor(user *user_model.User) bool {
+ return r.IsViewBranch && r.Permission.CanWriteToBranch(user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
}
// CanCreateBranch returns true if repository is editable and user has proper access level.
@@ -123,7 +123,7 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
sign, keyID, _, err := asymkey_service.SignCRUDAction(ctx, r.Repository.RepoPath(), doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
- canCommit := r.CanEnableEditor() && userCanPush
+ canCommit := r.CanEnableEditor(doer) && userCanPush
if requireSigned {
canCommit = canCommit && sign
}
@@ -139,7 +139,7 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
return CanCommitToBranchResults{
CanCommitToBranch: canCommit,
- EditorEnabled: r.CanEnableEditor(),
+ EditorEnabled: r.CanEnableEditor(doer),
UserCanPush: userCanPush,
RequireSigned: requireSigned,
WillSign: sign,