Default empty merger list to those with write permissions (#12535)

Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
4 years ago · d15bb17b78
parent dcb543ac2a
commit d15bb17b78
3 changed files with 9 additions and 4 deletions
--- a/models/branches.go
+++ b/models/branches.go
@ -98,9 +98,10 @@ func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {
 }

 // IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
-func (protectBranch *ProtectedBranch) IsUserMergeWhitelisted(userID int64) bool {
+func (protectBranch *ProtectedBranch) IsUserMergeWhitelisted(userID int64, permissionInRepo Permission) bool {
 	if !protectBranch.EnableMergeWhitelist {
-		return true
+		// Then we need to fall back on whether the user has write permission
+		return permissionInRepo.CanWrite(UnitTypeCode)
 	}

 	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@ -67,8 +67,12 @@ func ToBranch(repo *models.Repository, b *git.Branch, c *git.Commit, bp *models.
 	}

 	if user != nil {
+		permission, err := models.GetUserRepoPermission(repo, user)
+		if err != nil {
+			return nil, err
+		}
 		branch.UserCanPush = bp.CanUserPush(user.ID)
-		branch.UserCanMerge = bp.IsUserMergeWhitelisted(user.ID)
+		branch.UserCanMerge = bp.IsUserMergeWhitelisted(user.ID, permission)
 	}

 	return branch, nil
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@ -544,7 +544,7 @@ func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *mod
 		return false, err
 	}

-	if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID)) {
+	if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID, p)) {
 		return true, nil
 	}