Add permission check when deleting branch after automerge succeed

2025-02-04 20:57:49 +01:00 · 2024-11-08 10:52:16 -08:00 · 2024-11-08 10:52:16 -08:00 · 6d79d8ac4c
commit 6d79d8ac4c
parent c879891fe1
1 changed files with 11 additions and 2 deletions
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@ -15,6 +15,7 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	pull_model "code.gitea.io/gitea/models/pull"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
@ -306,8 +307,16 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 	}

 	if pr.Flow == issues_model.PullRequestFlowGithub && scheduledPRM.DeleteBranchAfterMerge {
+		perm, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
+		if err != nil {
+			log.Error("GetUserRepoPermission %-v: %v", pr.HeadRepo, err)
+			return
+		}
+
+		if perm.CanWrite(unit.TypeCode) { // default branch and branch protection will be checked in DeleteBranch
 			if err := repo_service.DeleteBranch(ctx, doer, pr.HeadRepo, headGitRepo, pr.HeadBranch); err != nil {
 				log.Error("deleteBranch after automerge for pull[%d] failed: %v", pr.ID, err)
 			}
 		}
+	}
 }