go-gitea · lunny · Jan 27, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
diff --git a/models/git/protected_branch.go b/models/git/protected_branch.go
@@ -182,21 +182,21 @@ func (protectBranch *ProtectedBranch) CanUserForcePush(ctx context.Context, user
 }
 
 // IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
-func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, userID int64, permissionInRepo access_model.Permission) bool {
+func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, user *user_model.User, permissionInRepo access_model.Permission) bool {
 	if !protectBranch.EnableMergeWhitelist {
 		// Then we need to fall back on whether the user has write permission
-		return permissionInRepo.CanWrite(unit.TypeCode)
+		return protectBranch.CanUserPush(ctx, user)
 	}
 
-	if slices.Contains(protectBranch.MergeWhitelistUserIDs, userID) {
+	if slices.Contains(protectBranch.MergeWhitelistUserIDs, user.ID) {
 		return true
 	}
 
 	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
 		return false
 	}
 
-	in, err := organization.IsUserInTeams(ctx, userID, protectBranch.MergeWhitelistTeamIDs)
+	in, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.MergeWhitelistTeamIDs)
 	if err != nil {
 		log.Error("IsUserInTeams: %v", err)
 		return false

diff --git a/models/git/protected_branch_test.go b/models/git/protected_branch_test.go
@@ -7,8 +7,12 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -153,3 +157,19 @@ func TestNewProtectBranchPriority(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, int64(2), savedPB2.Priority)
 }
+
+func TestIsUserMergeWhitelistedUsesPushRules(t *testing.T) {
+	user := &user_model.User{ID: 1000}
+	permission := access_model.Permission{}
+	// the user have write permission
+	permission.SetUnitsWithDefaultAccessMode([]*repo_model.RepoUnit{{Type: unit.TypeCode}}, perm.AccessModeWrite)
+
+	// but protected branch refuse to push
+	protectedBranch := &ProtectedBranch{
+		CanPush:              false,
+		EnableMergeWhitelist: false,
+		EnableWhitelist:      false,
+	}
+
+	assert.False(t, IsUserMergeWhitelisted(t.Context(), protectedBranch, user, permission))
+}
diff --git a/services/convert/convert.go b/services/convert/convert.go
@@ -111,7 +111,7 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
 		}
 		bp.Repo = repo
 		branch.UserCanPush = bp.CanUserPush(ctx, user)
-		branch.UserCanMerge = git_model.IsUserMergeWhitelisted(ctx, bp, user.ID, permission)
+		branch.UserCanMerge = git_model.IsUserMergeWhitelisted(ctx, bp, user, permission)
 	}
 
 	return branch, nil

diff --git a/services/pull/merge.go b/services/pull/merge.go
@@ -555,7 +555,7 @@ func isUserAllowedToMergeInRepoBranch(ctx context.Context, repoID int64, branch
 		return false, err
 	}
 
-	if (p.CanWrite(unit.TypeCode) && pb == nil) || (pb != nil && git_model.IsUserMergeWhitelisted(ctx, pb, user.ID, p)) {
+	if (p.CanWrite(unit.TypeCode) && pb == nil) || (pb != nil && git_model.IsUserMergeWhitelisted(ctx, pb, user, p)) {
 		return true, nil
 	}