Fix bug to check whether user can update pull request branch or rebase branch (#36465)

When checking whether a user can update a pull request branch or perform an update via rebase, a maintainer should inherit the pull request author’s permissions if Allow maintainer edits is enabled. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-03-20 03:40:27 +00:00 · 2026-03-05 11:31:34 -08:00
parent 723ce3579f
commit 99b0bf7324
3 changed files with 256 additions and 101 deletions
--- a/tests/integration/pull_update_test.go
+++ b/tests/integration/pull_update_test.go
@@ -11,7 +11,6 @@ import (
 	"time"

 	auth_model "code.gitea.io/gitea/models/auth"
-	git_model "code.gitea.io/gitea/models/git"
 	issues_model "code.gitea.io/gitea/models/issues"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -121,49 +120,6 @@ func TestAPIPullUpdateByRebase(t *testing.T) {
 	})
 }

-func TestAPIPullUpdateByRebase2(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
-		// Create PR to test
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-		org26 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26})
-		pr := createOutdatedPR(t, user, org26)
-		assert.NoError(t, pr.LoadBaseRepo(t.Context()))
-		assert.NoError(t, pr.LoadIssue(t.Context()))
-
-		enableRepoAllowUpdateWithRebase(t, pr.BaseRepo.ID, false)
-
-		session := loginUser(t, "user2")
-		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-		req := NewRequestf(t, "POST", "/api/v1/repos/%s/%s/pulls/%d/update?style=rebase", pr.BaseRepo.OwnerName, pr.BaseRepo.Name, pr.Issue.Index).
-			AddTokenAuth(token)
-		session.MakeRequest(t, req, http.StatusForbidden)
-
-		enableRepoAllowUpdateWithRebase(t, pr.BaseRepo.ID, true)
-		assert.NoError(t, pr.LoadHeadRepo(t.Context()))
-
-		// add a protected branch rule to the head branch to block rebase
-		pb := git_model.ProtectedBranch{
-			RepoID:       pr.HeadRepo.ID,
-			RuleName:     pr.HeadBranch,
-			CanPush:      false,
-			CanForcePush: false,
-		}
-		err := git_model.UpdateProtectBranch(t.Context(), pr.HeadRepo, &pb, git_model.WhitelistOptions{})
-		assert.NoError(t, err)
-		req = NewRequestf(t, "POST", "/api/v1/repos/%s/%s/pulls/%d/update?style=rebase", pr.BaseRepo.OwnerName, pr.BaseRepo.Name, pr.Issue.Index).
-			AddTokenAuth(token)
-		session.MakeRequest(t, req, http.StatusForbidden)
-
-		// remove the protected branch rule to allow rebase
-		err = git_model.DeleteProtectedBranch(t.Context(), pr.HeadRepo, pb.ID)
-		assert.NoError(t, err)
-
-		req = NewRequestf(t, "POST", "/api/v1/repos/%s/%s/pulls/%d/update?style=rebase", pr.BaseRepo.OwnerName, pr.BaseRepo.Name, pr.Issue.Index).
-			AddTokenAuth(token)
-		session.MakeRequest(t, req, http.StatusOK)
-	})
-}
-
 func createOutdatedPR(t *testing.T, actor, forkOrg *user_model.User) *issues_model.PullRequest {
 	baseRepo, err := repo_service.CreateRepository(t.Context(), actor, actor, repo_service.CreateRepoOptions{
 		Name:        "repo-pr-update",