check if the doer is a maintainer

Zettat123 · Zettat123 · commit 6a9a83319649 · 2024-10-08T18:04:12.000+08:00
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
@@ -887,7 +887,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		}
 
 		if pull.HeadRepo != nil {
-			ctx.Data["SourcePath"] = pull.HeadRepo.Link() + "/src/commit/" + endCommitID
+			ctx.Data["SourcePath"] = pull.BaseRepo.Link() + "/src/commit/" + endCommitID
 
 			if !pull.HasMerged && ctx.Doer != nil {
 				perm, err := access_model.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
diff --git a/services/context/permission.go b/services/context/permission.go
@@ -58,6 +58,9 @@ func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
 func RequireRepoReader(unitType unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
 		if !ctx.Repo.CanRead(unitType) {
+			if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {
+				return
+			}
 			if log.IsTrace() {
 				if ctx.IsSigned {
 					log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
diff --git a/services/context/repo.go b/services/context/repo.go
@@ -374,7 +374,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 		return
 	}
 
-	if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {
+	if !canWriteAsMaintainer(ctx) && !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {
 		if ctx.FormString("go-get") == "1" {
 			EarlyResponseForGoGetMeta(ctx)
 			return
@@ -1048,3 +1048,11 @@ func GitHookService() func(ctx *Context) {
 		}
 	}
 }
+
+// canWriteAsMaintainer check if the doer can write to a branch as a maintainer
+func canWriteAsMaintainer(ctx *Context) bool {
+	// There is no need to check if the branch exists.
+	// If the branch does not exist, CanMaintainerWriteToBranch will return false.
+	branchName := getRefNameFromPath(ctx.Repo, ctx.PathParam("*"), func(_ string) bool { return true })
+	return issues_model.CanMaintainerWriteToBranch(ctx, ctx.Repo.Permission, branchName, ctx.Doer)
+}

Original file line number	Diff line number	Diff line change
`@@ -887,7 +887,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi`
`887`	`887`	`}`
`888`	`888`
`889`	`889`	`if pull.HeadRepo != nil {`
`890`		`- ctx.Data["SourcePath"] = pull.HeadRepo.Link() + "/src/commit/" + endCommitID`
	`890`	`+ ctx.Data["SourcePath"] = pull.BaseRepo.Link() + "/src/commit/" + endCommitID`
`891`	`891`
`892`	`892`	`if !pull.HasMerged && ctx.Doer != nil {`
`893`	`893`	`perm, err := access_model.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)`
Original file line number	Diff line number	Diff line change
`@@ -374,7 +374,7 @@ func repoAssignment(ctx Context, repo repo_model.Repository) {`
`374`	`374`	`return`
`375`	`375`	`}`
`376`	`376`
`377`		`- if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {`
	`377`	`+ if !canWriteAsMaintainer(ctx) && !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {`
`378`	`378`	`if ctx.FormString("go-get") == "1" {`
`379`	`379`	`EarlyResponseForGoGetMeta(ctx)`
`380`	`380`	`return`
`@@ -1048,3 +1048,11 @@ func GitHookService() func(ctx *Context) {`
`1048`	`1048`	`}`
`1049`	`1049`	`}`
`1050`	`1050`	`}`
	`1051`	`+`
	`1052`	`+// canWriteAsMaintainer check if the doer can write to a branch as a maintainer`
	`1053`	`+func canWriteAsMaintainer(ctx *Context) bool {`
	`1054`	`+ // There is no need to check if the branch exists.`
	`1055`	`+ // If the branch does not exist, CanMaintainerWriteToBranch will return false.`
	`1056`	`+ branchName := getRefNameFromPath(ctx.Repo, ctx.PathParam("*"), func(_ string) bool { return true })`
	`1057`	`+ return issues_model.CanMaintainerWriteToBranch(ctx, ctx.Repo.Permission, branchName, ctx.Doer)`
	`1058`	`+}`