Fix Agit pull request permission check

services/pull/pull.go

@@ -64,7 +64,7 @@ func NewPullRequest(ctx context.Context, opts *NewPullRequestOptions) error {
 	}
 
 	// user should be a collaborator or a member of the organization for base repo
-	if !issue.Poster.IsAdmin {
+	if (!issue.Poster.IsAdmin) && pr.Flow == issues_model.PullRequestFlowGithub {
 		canCreate, err := repo_model.IsOwnerMemberCollaborator(ctx, repo, issue.Poster.ID)
 		if err != nil {
 			return err

tests/integration/pull_create_test.go

@@ -4,14 +4,17 @@
 package integration
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"path"
+	"regexp"
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"
 
@@ -226,3 +229,26 @@
 		assert.Regexp(t, "^/user1/repo1/pulls/[0-9]*$", url)
 	})
 }
+
+func TestCreateAgitPullWithReadPermission(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		dstPath := t.TempDir()
+
+		u.Path = "user2/repo1.git"
+		u.User = url.UserPassword("user4", userPassword)
+
+		t.Run("Clone", doGitClone(dstPath, u))
+
+		t.Run("add commit", doGitAddSomeCommits(dstPath, "master"))
+
+		t.Run("do agit pull create", func(t *testing.T) {
+			stderr := new(bytes.Buffer)
+			err := git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master", "-o").AddDynamicArguments("topic=" + "test-topic").Run(&git.RunOpts{Dir: dstPath, Stderr: stderr})
+			assert.NoError(t, err)
+
+			findPullRe := regexp.MustCompile("http://localhost:3003/user2/repo1/pulls/([1-9])")
+			pullLink := findPullRe.FindString(stderr.String())
+			assert.True(t, len(pullLink) > 0)
+		})
+	})
+}