Only allow admins to rename default/protected branches #33276
Conversation
GiteaBot
added
the
lgtm/need 2
pull-request-size
bot
added
the
size/M
github-actions
bot
added
modifies/translation
modifies/api
| @@ -351,6 +352,9 @@ func RenameBranchPost(ctx *context.Context) { | |||
| msg, err := repository.RenameBranch(ctx, ctx.Repo.Repository, ctx.Doer, ctx.Repo.GitRepo, form.From, form.To) | |||
| if err != nil { | |||
| switch { | |||
| case repo_model.IsErrUserDoesNotHaveAccessToRepo(err): | |||
There was a problem hiding this comment.
I'm iffy about using ErrUserDoesNotHaveAccessToRepo as an error here. Technically the user does have access to the repo, just not the access required to rename default/protected branches. Open to ideas
|
An example of changing default/protected branches in the web UI: 
|
|
FYI: Make admins adhere to branch protection rules #32248 : there is a feature to block admins from bypassing the branch protection, maybe it should also be considered (or has it been considered already) ? |
|
The current change doesn't consider this. I found a GitHub changelog that seem to match my current implementation. I not familiar with setting up branch protection rules, but from messing around with GitHub's rulesets I don't see a way to disable the ability to rename protected branches |
|
Then again I can see how it could be potentially dangerous. An example: 
I now renamed the protected branch. GitHub now no longer sees this as a protected branch: 
|
|
Hmm I think we already (in a buggy way) handle this?? Using my changes, when I define a rule without special characters (i.e. 
But if I introduce wildcard characters (i.e. 
Not sure why we don't throw this error for the previous case? In the code we seem to honor the update and reflect it in the |
|
I think I might understand this design. It looks like if the new branch name == rule name, we treat it as "oh since the user wants to rename the branch I assume they also want to rename the rule". But if is a glob-based rule we don't make this assumption and instead throw this error. I'll make the necessary changes to follow this design closely. |
pull-request-size
bot
added
size/L
GiteaBot
added
lgtm/need 1
GiteaBot
added
lgtm/done
lunny
added
the
reviewed/wait-merge
GiteaBot
removed
the
reviewed/wait-merge
* giteaofficial/main: Only allow admins to rename default/protected branches (go-gitea#33276) Enable Typescript `noImplicitThis` (go-gitea#33250) Prepare for support performance trace (go-gitea#33286) Fix closed dependency title (go-gitea#33285) Move some Actions related functions from `routers` to `services` (go-gitea#33280) Fix incorrect TagName/BranchName usages (go-gitea#33279)
Currently, anyone with write permissions to a repo are able to rename default or protected branches.
This change follows GitHub's design by only allowing repo/site admins to change these branches. However, it also follows are current design for protected branches and only allows admins to modify branch names == branch protection rule names. Glob-based rules cannot be renamed by anyone (as was already the case, but we now catch
ErrBranchIsProtectedwhich we previously did not catch, throwing a 500).