From baec3dc6b9c65c9a46c88da2859ee7a49df53fca Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 1 Jun 2024 10:41:10 +0200
Subject: [PATCH] fix(hook): instance admins wrongly restricted by permissions
 checks

This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b70893601c33a33d8d44eb0421797dfd846a47.

It should have been kept for instance admins only because they are not
subject to permission checks.

(cherry picked from commit 05f0007437d507e1445fd616594c048e5b9908d8)
---
 routers/private/hook_pre_receive.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index cb356a184a..33f09aa096 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -398,6 +398,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 			return
 		}
 
+		// If we're an admin for the instance, we can ignore checks
+		if ctx.user.IsAdmin {
+			return
+		}
+
 		// It's not allowed t overwrite protected files. Unless if the user is an
 		// admin and the protected branch rule doesn't apply to admins.
 		if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {