From 0fe5e2b08c311f26c3fc0fc71eb6abffb06bc182 Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Sat, 12 Oct 2024 03:08:19 +0800
Subject: Allow maintainers to view and edit files of private repos when "Allow
 maintainers to edit" is enabled (#32215)

Fix #31539
---
 services/context/permission.go |  3 +++
 services/context/repo.go       | 10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'services')

diff --git a/services/context/permission.go b/services/context/permission.go
index 14a9801dcc..9338587257 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -58,6 +58,9 @@ func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
 func RequireRepoReader(unitType unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
 		if !ctx.Repo.CanRead(unitType) {
+			if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {
+				return
+			}
 			if log.IsTrace() {
 				if ctx.IsSigned {
 					log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
diff --git a/services/context/repo.go b/services/context/repo.go
index 0072b63b7c..2df2b7ea40 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -374,7 +374,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 		return
 	}
 
-	if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {
+	if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() && !canWriteAsMaintainer(ctx) {
 		if ctx.FormString("go-get") == "1" {
 			EarlyResponseForGoGetMeta(ctx)
 			return
@@ -1058,3 +1058,11 @@ func GitHookService() func(ctx *Context) {
 		}
 	}
 }
+
+// canWriteAsMaintainer check if the doer can write to a branch as a maintainer
+func canWriteAsMaintainer(ctx *Context) bool {
+	branchName := getRefNameFromPath(ctx.Repo, ctx.PathParam("*"), func(branchName string) bool {
+		return issues_model.CanMaintainerWriteToBranch(ctx, ctx.Repo.Permission, branchName, ctx.Doer)
+	})
+	return len(branchName) > 0
+}
-- 
cgit v1.2.3