Skip to content

Add permission check when creating PR#31033

Merged
lunny merged 16 commits into
go-gitea:mainfrom
yp05327:fix-create-pr-permission
Jul 29, 2024
Merged

Add permission check when creating PR#31033
lunny merged 16 commits into
go-gitea:mainfrom
yp05327:fix-create-pr-permission

Conversation

@yp05327
Copy link
Copy Markdown
Contributor

@yp05327 yp05327 commented May 21, 2024

user should be a collaborator of the base repo to create a PR

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 21, 2024
@pull-request-size pull-request-size Bot added size/L and removed size/M labels May 21, 2024
@yp05327 yp05327 requested a review from lunny May 21, 2024 06:27
@yp05327 yp05327 changed the title Add permission check when create PR Add permission check when creating PR May 21, 2024
@yp05327 yp05327 marked this pull request as ready for review May 21, 2024 07:51
@yp05327
Copy link
Copy Markdown
Contributor Author

yp05327 commented May 21, 2024

Some tests using organization user as the PR poster.....It will take lots of time to fix them. 😕

@yp05327
Copy link
Copy Markdown
Contributor Author

yp05327 commented May 21, 2024

@Zettat123
The poster is org user in TestPullRequestTargetEvent, can it be converted into user4?

@Zettat123
Copy link
Copy Markdown
Contributor

Zettat123 commented May 21, 2024
edited
Loading

@Zettat123 The poster is org user in TestPullRequestTargetEvent, can it be converted into user4?

My fault. It should be converted to an non-org user.
I think user4 is OK.

@pull-request-size pull-request-size Bot added size/M and removed size/L labels May 22, 2024
@lunny lunny added this to the 1.23.0 milestone May 22, 2024
@lunny
Copy link
Copy Markdown
Member

lunny commented May 22, 2024

user should be a collaborator of the base repo to create a PR

He should be a collaborator of the base repository if he creates a PR from the same repository.
If he creates a PR from a forked repository, he should be a collaborator of the head repository.

lunny
lunny reviewed May 22, 2024
View reviewed changes
Comment thread services/pull/pull.go
@yp05327
Copy link
Copy Markdown
Contributor Author

yp05327 commented May 23, 2024
edited
Loading

If he creates a PR from a forked repository, he should be a collaborator of the head repository.

This is not the Github's logic, Github's logic is checking base repo, not head repo (for public repos)

@yp05327
Copy link
Copy Markdown
Contributor Author

yp05327 commented May 23, 2024
edited
Loading

See: yp05327/test#7

yp05328 is a collaborator of yp05327/test
but yp05328 is not a member of yp05327test

image

@pull-request-size pull-request-size Bot added size/L and removed size/M labels May 27, 2024
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 27, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 25, 2024
@yp05327
Copy link
Copy Markdown
Contributor Author

yp05327 commented Jul 28, 2024

Conflict fixed.

@lunny lunny enabled auto-merge (squash) July 29, 2024 01:04
@wolfogre wolfogre added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 29, 2024
@lunny lunny merged commit e0a408e into go-gitea:main Jul 29, 2024
@GiteaBot
Copy link
Copy Markdown
Collaborator

GiteaBot commented Jul 29, 2024

I was unable to create a backport for 1.22. @yp05327, please send one manually. 🍵

go run ./contrib/backport 31033
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added backport/manual No power to the bots! Create your backport yourself! and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Jul 29, 2024
@yp05327 yp05327 deleted the fix-create-pr-permission branch July 29, 2024 04:11
yp05327 added a commit to yp05327/gitea that referenced this pull request Jul 29, 2024
@yp05327
Add permission check when creating PR (go-gitea#31033)
63d8717 
user should be a collaborator of the base repo to create a PR
@yp05327 yp05327 mentioned this pull request Jul 29, 2024
Merged
wolfogre pushed a commit that referenced this pull request Jul 29, 2024
@yp05327
Add permission check when creating PR (#31033) (#31720)
d3f0867 
Backport #31033

user should be a collaborator of the base repo to create a PR
@wolfogre wolfogre added the backport/done All backports for this PR have been created label Jul 29, 2024
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 30, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
7057df3 
* giteaofficial/main:
  Set owner id to zero when GetRegistrationToken for repo (go-gitea#31725)
  fix(api): owner ID should be zero when created repo secret (go-gitea#31715)
  Fix API endpoint for registration-token (go-gitea#31722)
  Fix loadRepository error when access user dashboard (go-gitea#31719)
  Add permission check when creating PR (go-gitea#31033)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@wolfogre wolfogre wolfogre approved these changes

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

5 participants

@yp05327 @Zettat123 @lunny @GiteaBot @wolfogre