fix(hook): repo admins are wrongly denied the right to force merge
The right to force merge is uses the wrong predicate and
applies to instance admins:
  ctx.user.IsAdmin
It must apply to repository admins and use the following predicate:
 ctx.userPerm.IsAdmin()
This regression is from the ApplyToAdmins implementation in
79b7089360.
Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
	
	
This commit is contained in:
		
					parent
					
						
							
								05f0007437
							
						
					
				
			
			
				commit
				
					
						09f3518069
					
				
			
		
					 3 changed files with 13 additions and 8 deletions
				
			
		
							
								
								
									
										1
									
								
								release-notes/8.0.0/fix/3976.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								release-notes/8.0.0/fix/3976.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | |||
| - repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins | ||||
|  | @ -404,7 +404,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r | |||
| 
 | ||||
| 		// It's not allowed t overwrite protected files. Unless if the user is an | ||||
| 		// admin and the protected branch rule doesn't apply to admins. | ||||
| 		if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) { | ||||
| 		if changedProtectedfiles && (!ctx.userPerm.IsAdmin() || protectBranch.ApplyToAdmins) { | ||||
| 			log.Warn("Forbidden: Branch: %s in %-v is protected from changing file %s", branchName, repo, protectedFilePath) | ||||
| 			ctx.JSON(http.StatusForbidden, private.Response{ | ||||
| 				UserMsg: fmt.Sprintf("branch %s is protected from changing file %s", branchName, protectedFilePath), | ||||
|  | @ -416,7 +416,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r | |||
| 		if pb, err := pull_service.CheckPullBranchProtections(ctx, pr, true); err != nil { | ||||
| 			if models.IsErrDisallowedToMerge(err) { | ||||
| 				// Allow this if the rule doesn't apply to admins and the user is an admin. | ||||
| 				if ctx.user.IsAdmin && !pb.ApplyToAdmins { | ||||
| 				if ctx.userPerm.IsAdmin() && !pb.ApplyToAdmins { | ||||
| 					return | ||||
| 				} | ||||
| 				log.Warn("Forbidden: User %d is not allowed push to protected branch %s in %-v and pr #%d is not ready to be merged: %s", ctx.opts.UserID, branchName, repo, pr.Index, err.Error()) | ||||
|  |  | |||
|  | @ -119,7 +119,10 @@ func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *acc | |||
| 
 | ||||
| 			// * if the doer is admin, they could skip the branch protection check, | ||||
| 			// if that's allowed by the protected branch rule. | ||||
| 			if adminSkipProtectionCheck && !pb.ApplyToAdmins { | ||||
| 			if adminSkipProtectionCheck { | ||||
| 				if doer.IsAdmin { | ||||
| 					err = nil // instance admin can skip the check, so clear the error | ||||
| 				} else if !pb.ApplyToAdmins { | ||||
| 					if isRepoAdmin, errCheckAdmin := access_model.IsUserRepoAdmin(ctx, pr.BaseRepo, doer); errCheckAdmin != nil { | ||||
| 						log.Error("Unable to check if %-v is a repo admin in %-v: %v", doer, pr.BaseRepo, errCheckAdmin) | ||||
| 						return errCheckAdmin | ||||
|  | @ -127,6 +130,7 @@ func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *acc | |||
| 						err = nil // repo admin can skip the check, so clear the error | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 
 | ||||
| 			// If there is still a branch protection check error, return it | ||||
| 			if err != nil { | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Earl Warren
				Earl Warren