Allow users with explicit read access to give approvals (#8382)
This commit is contained in:
parent
736ad8f091
commit
4843723d00
3 changed files with 37 additions and 3 deletions
|
@ -195,7 +195,7 @@ func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts
|
||||||
}
|
}
|
||||||
protectBranch.MergeWhitelistUserIDs = whitelist
|
protectBranch.MergeWhitelistUserIDs = whitelist
|
||||||
|
|
||||||
whitelist, err = updateUserWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
|
whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -301,6 +301,27 @@ func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||||
|
// the users from newWhitelist which have explicit read or write access to the repo.
|
||||||
|
func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||||
|
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
||||||
|
if !hasUsersChanged {
|
||||||
|
return currentWhitelist, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
whitelist = make([]int64, 0, len(newWhitelist))
|
||||||
|
for _, userID := range newWhitelist {
|
||||||
|
if reader, err := repo.IsReader(userID); err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else if !reader {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
whitelist = append(whitelist, userID)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
|
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
|
||||||
// the users from newWhitelist which have write access to the repo.
|
// the users from newWhitelist which have write access to the repo.
|
||||||
func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
||||||
|
|
|
@ -735,11 +735,24 @@ func (repo *Repository) CanEnableEditor() bool {
|
||||||
return !repo.IsMirror
|
return !repo.IsMirror
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetReaders returns all users that have explicit read access or higher to the repository.
|
||||||
|
func (repo *Repository) GetReaders() (_ []*User, err error) {
|
||||||
|
return repo.getUsersWithAccessMode(x, AccessModeRead)
|
||||||
|
}
|
||||||
|
|
||||||
// GetWriters returns all users that have write access to the repository.
|
// GetWriters returns all users that have write access to the repository.
|
||||||
func (repo *Repository) GetWriters() (_ []*User, err error) {
|
func (repo *Repository) GetWriters() (_ []*User, err error) {
|
||||||
return repo.getUsersWithAccessMode(x, AccessModeWrite)
|
return repo.getUsersWithAccessMode(x, AccessModeWrite)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsReader returns true if user has explicit read access or higher to the repository.
|
||||||
|
func (repo *Repository) IsReader(userID int64) (bool, error) {
|
||||||
|
if repo.OwnerID == userID {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
return x.Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, AccessModeRead).Get(&Access{})
|
||||||
|
}
|
||||||
|
|
||||||
// getUsersWithAccessMode returns users that have at least given access mode to the repository.
|
// getUsersWithAccessMode returns users that have at least given access mode to the repository.
|
||||||
func (repo *Repository) getUsersWithAccessMode(e Engine, mode AccessMode) (_ []*User, err error) {
|
func (repo *Repository) getUsersWithAccessMode(e Engine, mode AccessMode) (_ []*User, err error) {
|
||||||
if err = repo.getOwner(e); err != nil {
|
if err = repo.getOwner(e); err != nil {
|
||||||
|
|
|
@ -117,9 +117,9 @@ func SettingsProtectedBranch(c *context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
users, err := c.Repo.Repository.GetWriters()
|
users, err := c.Repo.Repository.GetReaders()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.ServerError("Repo.Repository.GetWriters", err)
|
c.ServerError("Repo.Repository.GetReaders", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.Data["Users"] = users
|
c.Data["Users"] = users
|
||||||
|
|
Reference in a new issue