fix(hook): instance admins wrongly restricted by permissions checks

This exception existed for both instance admins and repo admins before ApplyToAdmins was introduced in 79b70893601c33a33d8d44eb0421797dfd846a47. It should have been kept for instance admins only because they are not subject to permission checks.
author: Earl Warren <contact@earl-warren.org> 2024-06-01 10:41:10 +0200
committer: Earl Warren <contact@earl-warren.org> 2024-06-01 23:50:57 +0200
commit: 05f0007437d507e1445fd616594c048e5b9908d8 (patch)
tree: 1c4fcfbb9a286eb5170c3a2c6d783d20cdf5affd /routers/private
parent: tests(integration): add TestPullMergeBranchProtect (diff)
download: forgejo-05f0007437d507e1445fd616594c048e5b9908d8.tar.xz
forgejo-05f0007437d507e1445fd616594c048e5b9908d8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index f06f6071e9..97568b3f65 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -397,6 +397,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 			return
 		}
 
+		// If we're an admin for the instance, we can ignore checks
+		if ctx.user.IsAdmin {
+			return
+		}
+
 		// It's not allowed t overwrite protected files. Unless if the user is an
 		// admin and the protected branch rule doesn't apply to admins.
 		if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {
author	Earl Warren <contact@earl-warren.org>	2024-06-01 10:41:10 +0200
committer	Earl Warren <contact@earl-warren.org>	2024-06-01 23:50:57 +0200
commit	05f0007437d507e1445fd616594c048e5b9908d8 (patch)
tree	1c4fcfbb9a286eb5170c3a2c6d783d20cdf5affd /routers/private
parent	tests(integration): add TestPullMergeBranchProtect (diff)
download	forgejo-05f0007437d507e1445fd616594c048e5b9908d8.tar.xz forgejo-05f0007437d507e1445fd616594c048e5b9908d8.zip