From b40107c4164748873f89a9553ed24e8403999339 Mon Sep 17 00:00:00 2001
From: "j.yao.SUSE" <everhopingandwaiting@users.noreply.github.com>
Date: Wed, 8 Apr 2020 19:26:50 +0800
Subject: [PATCH] =?UTF-8?q?[suggest]=20change=20merge=20strategy=EF=BC=9A?=
 =?UTF-8?q?=20do=20not=20check=20write=20access=20if=20user=20in=20merge?=
 =?UTF-8?q?=20white=20list=20(#10951)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [suggest] change merge strategy： do not check write access if user in merge white list #10935

(cherry picked from commit ba74fc6389dfcad03c273441a49b54e4d38c86ee)

* fix NPE

* Fix cross compile (#10952)

* Fix cross compile

* Add test for cross compile

* Fix drone

* Fix drone

* Also prevent CC environment not to generate

Co-authored-by: zeripath <art27@cantab.net>

* fix merge box icon color bug (#10974)

that because need some space beturn ``text`` and color defines

Signed-off-by: a1012112796 <1012112796@qq.com>

* [skip ci] Updated translations via Crowdin

* Allow X in addition to x in tasks (#10979)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove api: merge  reqRepoWriter

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 赵智超 <1012112796@qq.com>
Co-authored-by: GiteaBot <teabot@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
---
 routers/api/v1/api.go    | 2 +-
 routers/routes/routes.go | 3 +--
 services/pull/merge.go   | 5 +----
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 8fc1eeefd..150c073c9 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -788,7 +788,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 						m.Combo("").Get(repo.GetPullRequest).
 							Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
 						m.Combo("/merge").Get(repo.IsPullRequestMerged).
-							Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
+							Post(reqToken(), mustNotBeArchived, bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
 					})
 				}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo(false))
 				m.Group("/statuses", func() {
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index 5f477a847..2273cb447 100644
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -527,7 +527,6 @@ func RegisterRoutes(m *macaron.Macaron) {
 	reqRepoWikiWriter := context.RequireRepoWriter(models.UnitTypeWiki)
 	reqRepoIssueWriter := context.RequireRepoWriter(models.UnitTypeIssues)
 	reqRepoIssueReader := context.RequireRepoReader(models.UnitTypeIssues)
-	reqRepoPullsWriter := context.RequireRepoWriter(models.UnitTypePullRequests)
 	reqRepoPullsReader := context.RequireRepoReader(models.UnitTypePullRequests)
 	reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
 	reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
@@ -887,7 +886,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 			m.Get(".diff", repo.DownloadPullDiff)
 			m.Get(".patch", repo.DownloadPullPatch)
 			m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
-			m.Post("/merge", context.RepoMustNotBeArchived(), reqRepoPullsWriter, bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest)
+			m.Post("/merge", context.RepoMustNotBeArchived(), bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest)
 			m.Post("/update", repo.UpdatePullRequest)
 			m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
 			m.Group("/files", func() {
diff --git a/services/pull/merge.go b/services/pull/merge.go
index 511f3dbfc..b412e7189 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -531,16 +531,13 @@ func IsSignedIfRequired(pr *models.PullRequest, doer *models.User) (bool, error)
 
 // IsUserAllowedToMerge check if user is allowed to merge PR with given permissions and branch protections
 func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *models.User) (bool, error) {
-	if !p.CanWrite(models.UnitTypeCode) {
-		return false, nil
-	}
 
 	err := pr.LoadProtectedBranch()
 	if err != nil {
 		return false, err
 	}
 
-	if pr.ProtectedBranch == nil || pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID) {
+	if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID)) {
 		return true, nil
 	}