gitea/services/pull/edits.go

// Copyright 2022 The Gitea Authors.
// All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package pull

import (
	"context"
	"errors"

	"code.gitea.io/gitea/models"
	unit_model "code.gitea.io/gitea/models/unit"
	user_model "code.gitea.io/gitea/models/user"
)

var ErrUserHasNoPermissionForAction = errors.New("user not allowed to do this action")

// SetAllowEdits allow edits from maintainers to PRs
func SetAllowEdits(ctx context.Context, doer *user_model.User, pr *models.PullRequest, allow bool) error {
	if doer == nil || !pr.Issue.IsPoster(doer.ID) {
		return ErrUserHasNoPermissionForAction
	}

	if err := pr.LoadHeadRepo(); err != nil {
		return err
	}

	permission, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
	if err != nil {
		return err
	}

	if !permission.CanWrite(unit_model.TypeCode) {
		return ErrUserHasNoPermissionForAction
	}

	pr.AllowMaintainerEdit = allow
	return models.UpdateAllowEdits(ctx, pr)
}
Add "Allow edits from maintainer" feature (#18002) Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de> 3 years ago			`// Copyright 2022 The Gitea Authors.`
			`// All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package pull`

			`import (`
			`"context"`
			`"errors"`

			`"code.gitea.io/gitea/models"`
			`unit_model "code.gitea.io/gitea/models/unit"`
			`user_model "code.gitea.io/gitea/models/user"`
			`)`

			`var ErrUserHasNoPermissionForAction = errors.New("user not allowed to do this action")`

			`// SetAllowEdits allow edits from maintainers to PRs`
			`func SetAllowEdits(ctx context.Context, doer user_model.User, pr models.PullRequest, allow bool) error {`
			`if doer == nil \|\| !pr.Issue.IsPoster(doer.ID) {`
			`return ErrUserHasNoPermissionForAction`
			`}`

			`if err := pr.LoadHeadRepo(); err != nil {`
			`return err`
			`}`

			`permission, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)`
			`if err != nil {`
			`return err`
			`}`

			`if !permission.CanWrite(unit_model.TypeCode) {`
			`return ErrUserHasNoPermissionForAction`
			`}`

			`pr.AllowMaintainerEdit = allow`
			`return models.UpdateAllowEdits(ctx, pr)`
			`}`