aboutsummaryrefslogtreecommitdiffstats
path: root/services/pull/edits.go
diff options
context:
space:
mode:
authorqwerty287 <80460567+qwerty287@users.noreply.github.com>2022-04-28 17:45:33 +0200
committerGitHub <noreply@github.com>2022-04-28 17:45:33 +0200
commit8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf (patch)
tree46049742d086daa7683db502883a58e94370a583 /services/pull/edits.go
parent92dfbada3793fc2be23d38783d6842eac9825f58 (diff)
downloadgitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.tar.gz
gitea-8eb1cd9264af9493e0f57a4a4c0a1f764f7cefcf.zip
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'services/pull/edits.go')
-rw-r--r--services/pull/edits.go40
1 files changed, 40 insertions, 0 deletions
diff --git a/services/pull/edits.go b/services/pull/edits.go
new file mode 100644
index 0000000000..68515ec141
--- /dev/null
+++ b/services/pull/edits.go
@@ -0,0 +1,40 @@
+// Copyright 2022 The Gitea Authors.
+// All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pull
+
+import (
+ "context"
+ "errors"
+
+ "code.gitea.io/gitea/models"
+ unit_model "code.gitea.io/gitea/models/unit"
+ user_model "code.gitea.io/gitea/models/user"
+)
+
+var ErrUserHasNoPermissionForAction = errors.New("user not allowed to do this action")
+
+// SetAllowEdits allow edits from maintainers to PRs
+func SetAllowEdits(ctx context.Context, doer *user_model.User, pr *models.PullRequest, allow bool) error {
+ if doer == nil || !pr.Issue.IsPoster(doer.ID) {
+ return ErrUserHasNoPermissionForAction
+ }
+
+ if err := pr.LoadHeadRepo(); err != nil {
+ return err
+ }
+
+ permission, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
+ if err != nil {
+ return err
+ }
+
+ if !permission.CanWrite(unit_model.TypeCode) {
+ return ErrUserHasNoPermissionForAction
+ }
+
+ pr.AllowMaintainerEdit = allow
+ return models.UpdateAllowEdits(ctx, pr)
+}