aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--models/branches.go23
-rw-r--r--models/repo.go13
-rw-r--r--routers/repo/setting_protected_branch.go4
3 files changed, 37 insertions, 3 deletions
diff --git a/models/branches.go b/models/branches.go
index 9daaa487e7..fa8beb866c 100644
--- a/models/branches.go
+++ b/models/branches.go
@@ -195,7 +195,7 @@ func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts
}
protectBranch.MergeWhitelistUserIDs = whitelist
- whitelist, err = updateUserWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
+ whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
if err != nil {
return err
}
@@ -301,6 +301,27 @@ func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName
return false, nil
}
+// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
+// the users from newWhitelist which have explicit read or write access to the repo.
+func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+ hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
+ if !hasUsersChanged {
+ return currentWhitelist, nil
+ }
+
+ whitelist = make([]int64, 0, len(newWhitelist))
+ for _, userID := range newWhitelist {
+ if reader, err := repo.IsReader(userID); err != nil {
+ return nil, err
+ } else if !reader {
+ continue
+ }
+ whitelist = append(whitelist, userID)
+ }
+
+ return
+}
+
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
// the users from newWhitelist which have write access to the repo.
func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
diff --git a/models/repo.go b/models/repo.go
index 69f32ae4a5..8b3784bae0 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -735,11 +735,24 @@ func (repo *Repository) CanEnableEditor() bool {
return !repo.IsMirror
}
+// GetReaders returns all users that have explicit read access or higher to the repository.
+func (repo *Repository) GetReaders() (_ []*User, err error) {
+ return repo.getUsersWithAccessMode(x, AccessModeRead)
+}
+
// GetWriters returns all users that have write access to the repository.
func (repo *Repository) GetWriters() (_ []*User, err error) {
return repo.getUsersWithAccessMode(x, AccessModeWrite)
}
+// IsReader returns true if user has explicit read access or higher to the repository.
+func (repo *Repository) IsReader(userID int64) (bool, error) {
+ if repo.OwnerID == userID {
+ return true, nil
+ }
+ return x.Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, AccessModeRead).Get(&Access{})
+}
+
// getUsersWithAccessMode returns users that have at least given access mode to the repository.
func (repo *Repository) getUsersWithAccessMode(e Engine, mode AccessMode) (_ []*User, err error) {
if err = repo.getOwner(e); err != nil {
diff --git a/routers/repo/setting_protected_branch.go b/routers/repo/setting_protected_branch.go
index 80f44ead99..2a8502e6f4 100644
--- a/routers/repo/setting_protected_branch.go
+++ b/routers/repo/setting_protected_branch.go
@@ -117,9 +117,9 @@ func SettingsProtectedBranch(c *context.Context) {
}
}
- users, err := c.Repo.Repository.GetWriters()
+ users, err := c.Repo.Repository.GetReaders()
if err != nil {
- c.ServerError("Repo.Repository.GetWriters", err)
+ c.ServerError("Repo.Repository.GetReaders", err)
return
}
c.Data["Users"] = users
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 09:27:44 +0000