Add "Allow edits from maintainer" feature (#18002)

Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de>
2025-06-18 01:14:37 -04:00 · 2022-04-28 17:45:33 +02:00 · 2022-04-28 17:45:33 +02:00 · 8eb1cd9264
commit 8eb1cd9264
parent 92dfbada37
29 changed files with 359 additions and 60 deletions
--- a/services/pull/update.go
+++ b/services/pull/update.go
@ -111,11 +111,25 @@ func IsUserAllowedToUpdate(ctx context.Context, pull *models.PullRequest, user *
 		return false, false, nil
 	}

+	baseRepoPerm, err := models.GetUserRepoPermission(ctx, pull.BaseRepo, user)
+	if err != nil {
+		return false, false, err
+	}
+
 	mergeAllowed, err = IsUserAllowedToMerge(pr, headRepoPerm, user)
 	if err != nil {
 		return false, false, err
 	}

+	if pull.AllowMaintainerEdit {
+		mergeAllowedMaintainer, err := IsUserAllowedToMerge(pr, baseRepoPerm, user)
+		if err != nil {
+			return false, false, err
+		}
+
+		mergeAllowed = mergeAllowed || mergeAllowedMaintainer
+	}
+
 	return mergeAllowed, rebaseAllowed, nil
 }