Fix team member access check (#35899) (#35905)

Backport #35899 by wxiaoguang Fix #35499 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-11-13 02:02:53 +09:00 · 2025-11-09 11:44:53 +08:00
parent 70ee6b9029
commit 1ca4fef611
7 changed files with 87 additions and 60 deletions
--- a/models/git/protected_branch.go
+++ b/models/git/protected_branch.go
@@ -466,11 +466,13 @@ func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, c
 		return currentWhitelist, nil
 	}

+	prUserIDs, err := access_model.GetUserIDsWithUnitAccess(ctx, repo, perm.AccessModeRead, unit.TypePullRequests)
+	if err != nil {
+		return nil, err
+	}
 	whitelist = make([]int64, 0, len(newWhitelist))
 	for _, userID := range newWhitelist {
-		if reader, err := access_model.IsRepoReader(ctx, repo, userID); err != nil {
-			return nil, err
-		} else if !reader {
+		if !prUserIDs.Contains(userID) {
 			continue
 		}
 		whitelist = append(whitelist, userID)