diff options
author | qwerty287 <80460567+qwerty287@users.noreply.github.com> | 2022-04-28 17:45:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-28 17:45:33 +0200 |
commit | 8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf (patch) | |
tree | 46049742d086daa7683db502883a58e94370a583 /routers/private/hook_pre_receive.go | |
parent | 92dfbada3793fc2be23d38783d6842eac9825f58 (diff) | |
download | gitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.tar.gz gitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.zip |
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints
You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.
This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.
Closes #17728
Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'routers/private/hook_pre_receive.go')
-rw-r--r-- | routers/private/hook_pre_receive.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index ccb6933787..8824d9cc39 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -45,6 +45,8 @@ type preReceiveContext struct { env []string opts *private.HookOptions + + branchName string } // CanWriteCode returns true if pusher can write code @@ -53,7 +55,7 @@ func (ctx *preReceiveContext) CanWriteCode() bool { if !ctx.loadPusherAndPermission() { return false } - ctx.canWriteCode = ctx.userPerm.CanWrite(unit.TypeCode) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite + ctx.canWriteCode = ctx.userPerm.CanWriteToBranch(ctx.user, ctx.branchName) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite ctx.checkedCanWriteCode = true } return ctx.canWriteCode @@ -134,13 +136,15 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) { } func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullName string) { + branchName := strings.TrimPrefix(refFullName, git.BranchPrefix) + ctx.branchName = branchName + if !ctx.AssertCanWriteCode() { return } repo := ctx.Repo.Repository gitRepo := ctx.Repo.GitRepo - branchName := strings.TrimPrefix(refFullName, git.BranchPrefix) if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA { log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo) |