git724/forgejo
1
0
Fork 0
Code Issues Pull requests 3 Projects 1 Releases Packages Wiki Activity

fix(hook): instance admins wrongly restricted by permissions checks

Browse source 
This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b7089360.

It should have been kept for instance admins only because they are not
subject to permission checks.
This commit is contained in:
Earl Warren 2024-06-01 10:41:10 +02:00
commit 05f0007437
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
routers/private/hook_pre_receive.go
View file

@ -397,6 +397,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
return
}
// If we're an admin for the instance, we can ignore checks
if ctx.user.IsAdmin {
return
}
// It's not allowed t overwrite protected files. Unless if the user is an
// admin and the protected branch rule doesn't apply to admins.
if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {