mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-24 14:16:22 +00:00
5488ec7d96
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
(cherry picked from commit 266e0b2ce9
)
Conflicts:
tests/integration/pull_merge_test.go
trivial context conflict
316 B
316 B
Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. It was fixed so that such a deletion is only allowed if the user performing the merge has write permission to the repository from which the pull request was made.