mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity

fix(hook): instance admins wrongly restricted by permissions checks 

This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b7089360.

It should have been kept for instance admins only because they are not
subject to permission checks.
This commit is contained in:
Earl Warren 2024-06-01 10:41:10 +02:00
parent 793421bf59
commit 05f0007437
No known key found for this signature in database
GPG Key ID: 0579CB2928A78A00
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
routers/private/hook_pre_receive.go
View File

@ -397,6 +397,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
return return
} }
// If we're an admin for the instance, we can ignore checks
if ctx.user.IsAdmin {
return
}
// It's not allowed t overwrite protected files. Unless if the user is an // It's not allowed t overwrite protected files. Unless if the user is an
// admin and the protected branch rule doesn't apply to admins. // admin and the protected branch rule doesn't apply to admins.
if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) { if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {