[suggest] change merge strategy： do not check write access if user in…

… merge white list (go-gitea#10951)

* [suggest] change merge strategy： do not check write access if user in merge white list go-gitea#10935

(cherry picked from commit ba74fc6389dfcad03c273441a49b54e4d38c86ee)

* fix NPE

* Fix cross compile (go-gitea#10952)

* Fix cross compile

* Add test for cross compile

* Fix drone

* Fix drone

* Also prevent CC environment not to generate

Co-authored-by: zeripath <[email protected]>

* fix merge box icon color bug (go-gitea#10974)

that because need some space beturn ``text`` and color defines

Signed-off-by: a1012112796 <[email protected]>

* [skip ci] Updated translations via Crowdin

* Allow X in addition to x in tasks (go-gitea#10979)

Signed-off-by: Andrew Thornton <[email protected]>

* remove api: merge  reqRepoWriter

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: 赵智超 <[email protected]>
Co-authored-by: GiteaBot <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: guillep2k <[email protected]>

routers/api/v1/api.go

@@ -788,7 +788,7 @@ func RegisterRoutes(m *macaron.Macaron) {
  m.Combo("").Get(repo.GetPullRequest).
  Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
  m.Combo("/merge").Get(repo.IsPullRequestMerged).
- Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
+ Post(reqToken(), mustNotBeArchived, bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
  })
  }, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo(false))
  m.Group("/statuses", func() {

routers/routes/routes.go

@@ -527,7 +527,6 @@ func RegisterRoutes(m *macaron.Macaron) {
  reqRepoWikiWriter := context.RequireRepoWriter(models.UnitTypeWiki)
  reqRepoIssueWriter := context.RequireRepoWriter(models.UnitTypeIssues)
  reqRepoIssueReader := context.RequireRepoReader(models.UnitTypeIssues)
- reqRepoPullsWriter := context.RequireRepoWriter(models.UnitTypePullRequests)
  reqRepoPullsReader := context.RequireRepoReader(models.UnitTypePullRequests)
  reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
  reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
@@ -887,7 +886,7 @@ func RegisterRoutes(m *macaron.Macaron) {
  m.Get(".diff", repo.DownloadPullDiff)
  m.Get(".patch", repo.DownloadPullPatch)
  m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
- m.Post("/merge", context.RepoMustNotBeArchived(), reqRepoPullsWriter, bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest)
+ m.Post("/merge", context.RepoMustNotBeArchived(), bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest)
  m.Post("/update", repo.UpdatePullRequest)
  m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
  m.Group("/files", func() {

services/pull/merge.go

@@ -531,16 +531,13 @@ func IsSignedIfRequired(pr *models.PullRequest, doer *models.User) (bool, error)
 
 // IsUserAllowedToMerge check if user is allowed to merge PR with given permissions and branch protections
 func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *models.User) (bool, error) {
- if !p.CanWrite(models.UnitTypeCode) {
- return false, nil
- }
 
  err := pr.LoadProtectedBranch()
  if err != nil {
  return false, err
  }
 
- if pr.ProtectedBranch == nil || pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID) {
+ if (p.CanWrite(models.UnitTypeCode) && pr.ProtectedBranch == nil) || (pr.ProtectedBranch != nil && pr.ProtectedBranch.IsUserMergeWhitelisted(user.ID)) {
  return true, nil
  }