Fix Agit pull request permission check (#32999)

user with read permission should also can create agit flow pull request. looks this logic was broken in https://github.com/go-gitea/gitea/pull/31033 this pull request try fix it and add test code. --------- Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-04 23:14:31 +00:00 · 2024-12-28 02:17:01 +08:00 · 2024-12-28 02:17:01 +08:00 · a7b2707be9
commit a7b2707be9
parent 2d1a171dc7
2 changed files with 21 additions and 1 deletions
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@ -64,7 +64,8 @@ func NewPullRequest(ctx context.Context, opts *NewPullRequestOptions) error {
 	}

 	// user should be a collaborator or a member of the organization for base repo
-	if !issue.Poster.IsAdmin {
+	canCreate := issue.Poster.IsAdmin || pr.Flow == issues_model.PullRequestFlowAGit
+	if !canCreate {
 		canCreate, err := repo_model.IsOwnerMemberCollaborator(ctx, repo, issue.Poster.ID)
 		if err != nil {
 			return err
--- a/tests/integration/pull_create_test.go
+++ b/tests/integration/pull_create_test.go
@ -12,6 +12,7 @@ import (
 	"strings"
 	"testing"

+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"

@ -226,3 +227,21 @@ func TestPullCreatePrFromBaseToFork(t *testing.T) {
 		assert.Regexp(t, "^/user1/repo1/pulls/[0-9]*$", url)
 	})
 }
+
+func TestCreateAgitPullWithReadPermission(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		dstPath := t.TempDir()
+
+		u.Path = "user2/repo1.git"
+		u.User = url.UserPassword("user4", userPassword)
+
+		t.Run("Clone", doGitClone(dstPath, u))
+
+		t.Run("add commit", doGitAddSomeCommits(dstPath, "master"))
+
+		t.Run("do agit pull create", func(t *testing.T) {
+			err := git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master", "-o").AddDynamicArguments("topic=" + "test-topic").Run(&git.RunOpts{Dir: dstPath})
+			assert.NoError(t, err)
+		})
+	})
+}