From 76e31115965164112a6dfdbd297632431e896e5e Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Wed, 2 Feb 2022 10:10:06 +0000
Subject: Collaborator trust model should trust collaborators (#18539)

* Collaborator trust model should trust collaborators

There was an unintended regression in #17917 which leads to only
repository admin commits being trusted. This PR restores the old logic.

Fix #18501

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 models/asymkey/gpg_key_commit_verification.go | 10 +++++-----
 models/commit.go                              |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'models')

diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go
index 4b9d0cfda4..2f66863091 100644
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@@ -71,7 +71,7 @@ const (
 )
 
 // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
-func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit {
+func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit {
 	newCommits := make([]*SignCommit, 0, len(oldCommits))
 	keyMap := map[string]bool{}
 
@@ -81,7 +81,7 @@ func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustMod
 			Verification: ParseCommitWithSignature(c.Commit),
 		}
 
-		_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isCodeReader, &keyMap)
+		_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap)
 
 		newCommits = append(newCommits, signCommit)
 	}
@@ -455,7 +455,7 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use
 
 // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository
 // There are several trust models in Gitea
-func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) {
+func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) {
 	if !verification.Verified {
 		return
 	}
@@ -500,11 +500,11 @@ func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_
 			var has bool
 			isMember, has = (*keyMap)[verification.SigningKey.KeyID]
 			if !has {
-				isMember, err = isCodeReader(verification.SigningUser)
+				isMember, err = isOwnerMemberCollaborator(verification.SigningUser)
 				(*keyMap)[verification.SigningKey.KeyID] = isMember
 			}
 		} else {
-			isMember, err = isCodeReader(verification.SigningUser)
+			isMember, err = isOwnerMemberCollaborator(verification.SigningUser)
 		}
 
 		if !isMember {
diff --git a/models/commit.go b/models/commit.go
index 5df6964a1d..92a839b780 100644
--- a/models/commit.go
+++ b/models/commit.go
@@ -18,7 +18,7 @@ func ConvertFromGitCommit(commits []*git.Commit, repo *repo_model.Repository) []
 			user_model.ValidateCommitsWithEmails(commits),
 			repo.GetTrustModel(),
 			func(user *user_model.User) (bool, error) {
-				return IsUserRepoAdmin(repo, user)
+				return IsOwnerMemberCollaborator(repo, user.ID)
 			},
 		),
 		repo,
-- 
cgit v1.2.3