diff --git a/models/branches.go b/models/branches.go index fc3c783b3a9..38aa79d2dc7 100644 --- a/models/branches.go +++ b/models/branches.go @@ -98,9 +98,10 @@ func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool { } // IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch -func (protectBranch *ProtectedBranch) IsUserMergeWhitelisted(userID int64) bool { +func (protectBranch *ProtectedBranch) IsUserMergeWhitelisted(userID int64, permissionInRepo Permission) bool { if !protectBranch.EnableMergeWhitelist { - return true + // Then we need to fall back on whether the user has write permission + return permissionInRepo.CanWrite(UnitTypeCode) } if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) { diff --git a/modules/convert/convert.go b/modules/convert/convert.go index ec18b130567..94ecdd11503 100644 --- a/modules/convert/convert.go +++ b/modules/convert/convert.go @@ -67,8 +67,12 @@ func ToBranch(repo *models.Repository, b *git.Branch, c *git.Commit, bp *models. } if user != nil { + permission, err := models.GetUserRepoPermission(repo, user) + if err != nil { + return nil, err + } branch.UserCanPush = bp.CanUserPush(user.ID) - branch.UserCanMerge = bp.IsUserMergeWhitelisted(user.ID) + branch.UserCanMerge = bp.IsUserMergeWhitelisted(user.ID, permission) } return branch, nil diff --git a/services/pull/merge.go b/services/pull/merge.go index 47521ce1477..27689384a58 100644 --- a/services/pull/merge.go +++ b/services/pull/merge.go @@ -544,7 +544,7 @@ func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *mod return false, err } - if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID)) { + if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID, p)) { return true, nil }