1
1
mirror of https://github.com/go-gitea/gitea synced 2025-07-23 02:38:35 +00:00

Add "Allow edits from maintainer" feature (#18002)

Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints

You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.

This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.

Closes #17728

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
qwerty287
2022-04-28 17:45:33 +02:00
committed by GitHub
parent 92dfbada37
commit 8eb1cd9264
29 changed files with 359 additions and 60 deletions

40
services/pull/edits.go Normal file
View File

@@ -0,0 +1,40 @@
// Copyright 2022 The Gitea Authors.
// All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package pull
import (
"context"
"errors"
"code.gitea.io/gitea/models"
unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
)
var ErrUserHasNoPermissionForAction = errors.New("user not allowed to do this action")
// SetAllowEdits allow edits from maintainers to PRs
func SetAllowEdits(ctx context.Context, doer *user_model.User, pr *models.PullRequest, allow bool) error {
if doer == nil || !pr.Issue.IsPoster(doer.ID) {
return ErrUserHasNoPermissionForAction
}
if err := pr.LoadHeadRepo(); err != nil {
return err
}
permission, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
if err != nil {
return err
}
if !permission.CanWrite(unit_model.TypeCode) {
return ErrUserHasNoPermissionForAction
}
pr.AllowMaintainerEdit = allow
return models.UpdateAllowEdits(ctx, pr)
}

View File

@@ -111,11 +111,25 @@ func IsUserAllowedToUpdate(ctx context.Context, pull *models.PullRequest, user *
return false, false, nil
}
baseRepoPerm, err := models.GetUserRepoPermission(ctx, pull.BaseRepo, user)
if err != nil {
return false, false, err
}
mergeAllowed, err = IsUserAllowedToMerge(pr, headRepoPerm, user)
if err != nil {
return false, false, err
}
if pull.AllowMaintainerEdit {
mergeAllowedMaintainer, err := IsUserAllowedToMerge(pr, baseRepoPerm, user)
if err != nil {
return false, false, err
}
mergeAllowed = mergeAllowed || mergeAllowedMaintainer
}
return mergeAllowed, rebaseAllowed, nil
}