diff --git a/models/git/protected_branch.go b/models/git/protected_branch.go index bde6057375e55..ef82f4cb04535 100644 --- a/models/git/protected_branch.go +++ b/models/git/protected_branch.go @@ -206,12 +206,12 @@ func IsUserOfficialReviewer(ctx context.Context, protectBranch *ProtectedBranch, } if !protectBranch.EnableApprovalsWhitelist { - // Anyone with write access is considered official reviewer - writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite) + // Anyone with code access is considered official reviewer + access, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeRead) if err != nil { return false, err } - return writeAccess, nil + return access, nil } if slices.Contains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) { diff --git a/models/git/protected_branch_test.go b/models/git/protected_branch_test.go index 1962859a8c4e3..29a9f31258768 100644 --- a/models/git/protected_branch_test.go +++ b/models/git/protected_branch_test.go @@ -1,12 +1,20 @@ // Copyright 2022 The Gitea Authors. All rights reserved. // SPDX-License-Identifier: MIT -package git +package git_test import ( "fmt" "testing" + "code.gitea.io/gitea/models/db" + git_model "code.gitea.io/gitea/models/git" + perm_model "code.gitea.io/gitea/models/perm" + access_model "code.gitea.io/gitea/models/perm/access" + repo_model "code.gitea.io/gitea/models/repo" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + "github.com/stretchr/testify/assert" ) @@ -64,7 +72,7 @@ func TestBranchRuleMatch(t *testing.T) { } for _, kase := range kases { - pb := ProtectedBranch{RuleName: kase.Rule} + pb := git_model.ProtectedBranch{RuleName: kase.Rule} var should, infact string if !kase.ExpectedMatch { should = " not" @@ -76,3 +84,33 @@ func TestBranchRuleMatch(t *testing.T) { ) } } + +func TestIsUserOfficialReviewer(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}) + protectedBranch := &git_model.ProtectedBranch{ + RepoID: repo.ID, + EnableApprovalsWhitelist: false, + } + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) + + access := &access_model.Access{ + UserID: user.ID, + RepoID: repo.ID, + Mode: perm_model.AccessModeNone, + } + assert.NoError(t, db.Insert(db.DefaultContext, access)) + + official, err := git_model.IsUserOfficialReviewer(db.DefaultContext, protectedBranch, user) + assert.NoError(t, err) + assert.False(t, official) + + access.Mode = perm_model.AccessModeRead + _, err = db.GetEngine(db.DefaultContext).ID(access.ID).Update(access) + assert.NoError(t, err) + + official, err = git_model.IsUserOfficialReviewer(db.DefaultContext, protectedBranch, user) + assert.NoError(t, err) + assert.True(t, official) +} diff --git a/models/issues/review.go b/models/issues/review.go index ca6fd6035b130..ef5fc0b194060 100644 --- a/models/issues/review.go +++ b/models/issues/review.go @@ -300,7 +300,8 @@ func IsOfficialReviewerTeam(ctx context.Context, issue *Issue, team *organizatio } if !pb.EnableApprovalsWhitelist { - return team.UnitAccessMode(ctx, unit.TypeCode) >= perm.AccessModeWrite, nil + // Any team with code access is considered official reviewer + return team.UnitAccessMode(ctx, unit.TypeCode) >= perm.AccessModeRead, nil } return slices.Contains(pb.ApprovalsWhitelistTeamIDs, team.ID), nil