mirror of
https://github.com/go-gitea/gitea.git
synced 2026-05-25 16:08:46 +09:00
eb93981d45
- Introduce a “Bypass Protection Allowlist” on branch rules (users/teams) alongside admins, with BlockAdminMergeOverride still respected. - Surface the allowlist in API (create/edit options, structs) and settings UI; merge box now shows the red button + message for bypass-capable users. - Apply bypass logic to merge checks and pre-receive so allowlisted users can override unmet approvals/status checks/ protected files when force-merging. - Add migration for new columns, locale strings, and unit tests (bypass helper; queue test tweak). <img width="1069" height="218" alt="image" src="https://github.com/user-attachments/assets/0b61bc2a-a27f-47f3-a923-613688008e65" /> Fixes #36476 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Codex GPT-5.3 <codex@openai.com> Co-authored-by: GPT-5.2 <noreply@openai.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
61 lines
1.8 KiB
Go
61 lines
1.8 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package v1_27
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/models/migrations/migrationtest"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func Test_AddBranchProtectionBypassAllowlist(t *testing.T) {
|
|
type ProtectedBranch struct {
|
|
ID int64 `xorm:"pk autoincr"`
|
|
RepoID int64 `xorm:"INDEX"`
|
|
BranchName string `xorm:"INDEX"`
|
|
EnableBypassAllowlist bool `xorm:"NOT NULL DEFAULT false"`
|
|
BypassAllowlistUserIDs []int64 `xorm:"JSON TEXT"`
|
|
BypassAllowlistTeamIDs []int64 `xorm:"JSON TEXT"`
|
|
}
|
|
|
|
x, deferable := migrationtest.PrepareTestEnv(t, 0, new(ProtectedBranch))
|
|
defer deferable()
|
|
|
|
// Test with default values
|
|
_, err := x.Insert(&ProtectedBranch{RepoID: 1, BranchName: "main"})
|
|
require.NoError(t, err)
|
|
|
|
// Test with populated allowlist
|
|
_, err = x.Insert(&ProtectedBranch{
|
|
RepoID: 1,
|
|
BranchName: "develop",
|
|
EnableBypassAllowlist: true,
|
|
BypassAllowlistUserIDs: []int64{1, 2, 3},
|
|
BypassAllowlistTeamIDs: []int64{10, 20},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, AddBranchProtectionBypassAllowlist(x))
|
|
|
|
// Verify the default values record
|
|
var pb ProtectedBranch
|
|
has, err := x.Where("repo_id = ? AND branch_name = ?", 1, "main").Get(&pb)
|
|
require.NoError(t, err)
|
|
require.True(t, has)
|
|
require.False(t, pb.EnableBypassAllowlist)
|
|
require.Nil(t, pb.BypassAllowlistUserIDs)
|
|
require.Nil(t, pb.BypassAllowlistTeamIDs)
|
|
|
|
// Verify the populated allowlist record
|
|
var pb2 ProtectedBranch
|
|
has, err = x.Where("repo_id = ? AND branch_name = ?", 1, "develop").Get(&pb2)
|
|
require.NoError(t, err)
|
|
require.True(t, has)
|
|
require.True(t, pb2.EnableBypassAllowlist)
|
|
require.Equal(t, []int64{1, 2, 3}, pb2.BypassAllowlistUserIDs)
|
|
require.Equal(t, []int64{10, 20}, pb2.BypassAllowlistTeamIDs)
|
|
}
|