From 05f0007437d507e1445fd616594c048e5b9908d8 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 1 Jun 2024 10:41:10 +0200 Subject: [PATCH] fix(hook): instance admins wrongly restricted by permissions checks This exception existed for both instance admins and repo admins before ApplyToAdmins was introduced in 79b70893601c33a33d8d44eb0421797dfd846a47. It should have been kept for instance admins only because they are not subject to permission checks. --- routers/private/hook_pre_receive.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index f06f6071e..97568b3f6 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -397,6 +397,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r return } + // If we're an admin for the instance, we can ignore checks + if ctx.user.IsAdmin { + return + } + // It's not allowed t overwrite protected files. Unless if the user is an // admin and the protected branch rule doesn't apply to admins. if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {