aboutsummaryrefslogtreecommitdiffstats
path: root/routers/private/hook_pre_receive.go
diff options
context:
space:
mode:
authorqwerty287 <80460567+qwerty287@users.noreply.github.com>2022-04-28 17:45:33 +0200
committerGitHub <noreply@github.com>2022-04-28 17:45:33 +0200
commit8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf (patch)
tree46049742d086daa7683db502883a58e94370a583 /routers/private/hook_pre_receive.go
parent92dfbada3793fc2be23d38783d6842eac9825f58 (diff)
downloadgitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.tar.gz
gitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.zip
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'routers/private/hook_pre_receive.go')
-rw-r--r--routers/private/hook_pre_receive.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index ccb6933787..8824d9cc39 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -45,6 +45,8 @@ type preReceiveContext struct {
env []string
opts *private.HookOptions
+
+ branchName string
}
// CanWriteCode returns true if pusher can write code
@@ -53,7 +55,7 @@ func (ctx *preReceiveContext) CanWriteCode() bool {
if !ctx.loadPusherAndPermission() {
return false
}
- ctx.canWriteCode = ctx.userPerm.CanWrite(unit.TypeCode) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite
+ ctx.canWriteCode = ctx.userPerm.CanWriteToBranch(ctx.user, ctx.branchName) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite
ctx.checkedCanWriteCode = true
}
return ctx.canWriteCode
@@ -134,13 +136,15 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
}
func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullName string) {
+ branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
+ ctx.branchName = branchName
+
if !ctx.AssertCanWriteCode() {
return
}
repo := ctx.Repo.Repository
gitRepo := ctx.Repo.GitRepo
- branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA {
log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo)