aboutsummaryrefslogtreecommitdiffstats
path: root/routers/private
diff options
context:
space:
mode:
authorDavid Svantesson <davidsvantesson@gmail.com>2020-01-16 22:01:22 +0100
committerLauris BH <lauris@nix.lv>2020-01-16 23:01:22 +0200
commit18e0447b3f65cb6aab2eec6b742edf911773097f (patch)
treeda114d81702842af266da59ca88a700dfee91c7b /routers/private
parentd3468ed79fd9e3b29521fa6318492479041696ac (diff)
downloadgitea-18e0447b3f65cb6aab2eec6b742edf911773097f.tar.gz
gitea-18e0447b3f65cb6aab2eec6b742edf911773097f.zip
Fix admin handling at merge of PR (#9749)
* Admin shall be able to bypass merge checks. * Repository admin should not bypass if merge whitelist is set. * Add code comment about checks that PR are ready * notAllOverrideableChecksOk->notAllOverridableChecksOk * Fix merge, require signed currently not overridable. * fix Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Diffstat (limited to 'routers/private')
-rw-r--r--routers/private/hook.go26
1 files changed, 14 insertions, 12 deletions
diff --git a/routers/private/hook.go b/routers/private/hook.go
index 6a07de15ff..7044fdac22 100644
--- a/routers/private/hook.go
+++ b/routers/private/hook.go
@@ -224,7 +224,7 @@ func HookPreReceive(ctx *macaron.Context, opts private.HookOptions) {
canPush = protectBranch.CanUserPush(opts.UserID)
}
if !canPush && opts.ProtectedBranchID > 0 {
- // Manual merge
+ // Merge (from UI or API)
pr, err := models.GetPullRequestByID(opts.ProtectedBranchID)
if err != nil {
log.Error("Unable to get PullRequest %d Error: %v", opts.ProtectedBranchID, err)
@@ -264,19 +264,21 @@ func HookPreReceive(ctx *macaron.Context, opts private.HookOptions) {
})
return
}
- // Manual merge only allowed if PR is ready (even if admin)
- if err := pull_service.CheckPRReadyToMerge(pr); err != nil {
- if models.IsErrNotAllowedToMerge(err) {
- log.Warn("Forbidden: User %d is not allowed push to protected branch %s in %-v and pr #%d is not ready to be merged: %s", opts.UserID, branchName, repo, pr.Index, err.Error())
- ctx.JSON(http.StatusForbidden, map[string]interface{}{
- "err": fmt.Sprintf("Not allowed to push to protected branch %s and pr #%d is not ready to be merged: %s", branchName, opts.ProtectedBranchID, err.Error()),
+ // Check all status checks and reviews is ok, unless repo admin which can bypass this.
+ if !perm.IsAdmin() {
+ if err := pull_service.CheckPRReadyToMerge(pr); err != nil {
+ if models.IsErrNotAllowedToMerge(err) {
+ log.Warn("Forbidden: User %d is not allowed push to protected branch %s in %-v and pr #%d is not ready to be merged: %s", opts.UserID, branchName, repo, pr.Index, err.Error())
+ ctx.JSON(http.StatusForbidden, map[string]interface{}{
+ "err": fmt.Sprintf("Not allowed to push to protected branch %s and pr #%d is not ready to be merged: %s", branchName, opts.ProtectedBranchID, err.Error()),
+ })
+ return
+ }
+ log.Error("Unable to check if mergable: protected branch %s in %-v and pr #%d. Error: %v", opts.UserID, branchName, repo, pr.Index, err)
+ ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+ "err": fmt.Sprintf("Unable to get status of pull request %d. Error: %v", opts.ProtectedBranchID, err),
})
- return
}
- log.Error("Unable to check if mergable: protected branch %s in %-v and pr #%d. Error: %v", opts.UserID, branchName, repo, pr.Index, err)
- ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
- "err": fmt.Sprintf("Unable to get status of pull request %d. Error: %v", opts.ProtectedBranchID, err),
- })
}
} else if !canPush {
log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", opts.UserID, branchName, repo)