Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow maintainers to view and edit files of private repos when "Allow maintainers to edit" is enabled #32215

Merged
merged 7 commits into from
Oct 11, 2024
Merged

Allow maintainers to view and edit files of private repos when "Allow maintainers to edit" is enabled #32215

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6a9a833
check if the doer is a maintainer
Zettat123 Oct 8, 2024
bcb7884
fix SourcePath
Zettat123 Oct 8, 2024
0e83e04
fix canWriteAsMaintainer
Zettat123 Oct 9, 2024
e58189e
fix
Zettat123 Oct 9, 2024
1b96df2
Merge branch 'main' into bugfix/issue-31539
Zettat123 Oct 9, 2024
b02fffe
add TestPullCompare_EnableAllowEditsFromMaintainer
Zettat123 Oct 10, 2024
0f95747
Merge branch 'main' into bugfix/issue-31539
GiteaBot Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions routers/web/repo/pull.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -887,8 +887,6 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
}

if pull.HeadRepo != nil {
ctx.Data["SourcePath"] = pull.HeadRepo.Link() + "/src/commit/" + endCommitID
Copy link
Contributor Author

@Zettat123 Zettat123 Oct 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need to edit SourcePath here. Its value is already set by the setCompareContext.

gitea/routers/web/repo/pull.go

Line 834 in 8bee7fc

setCompareContext(ctx, baseCommit, commit, ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)

And if we use the link of head repo here, the maintainer of the base repository won't be able to view the file.


if !pull.HasMerged && ctx.Doer != nil {
perm, err := access_model.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
if err != nil {
Expand Down
3 changes: 3 additions & 0 deletions services/context/permission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
func RequireRepoReader(unitType unit.Type) func(ctx *Context) {
return func(ctx *Context) {
if !ctx.Repo.CanRead(unitType) {
if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {
return
}
if log.IsTrace() {
if ctx.IsSigned {
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
Expand Down
10 changes: 9 additions & 1 deletion services/context/repo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
return
}

if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {
if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() && !canWriteAsMaintainer(ctx) {
if ctx.FormString("go-get") == "1" {
EarlyResponseForGoGetMeta(ctx)
return
Expand Down Expand Up @@ -1048,3 +1048,11 @@ func GitHookService() func(ctx *Context) {
}
}
}

// canWriteAsMaintainer check if the doer can write to a branch as a maintainer
func canWriteAsMaintainer(ctx *Context) bool {
branchName := getRefNameFromPath(ctx.Repo, ctx.PathParam("*"), func(branchName string) bool {
return issues_model.CanMaintainerWriteToBranch(ctx, ctx.Repo.Permission, branchName, ctx.Doer)
})
return len(branchName) > 0
}
Loading