Pull Request access requires code access #32253
Comments
|
-> Make owner/repo/pulls handlers use "PR reader" permission #32254 |
|
IIRC, I have asked this question before, but no responses. I will try to find it. 🤔 |
|
It is here: ps: maybe this is outdated. But actually some operations of PR still depends on code unit permission. and it is not documented, so users may confused about it. |
That's not related. By design "reader" could always create issues and edit their own issues. "writer" could manage issues. It is not that intuitive but it was indeed designed as that. Just like any GitHub user (reader) could open issues in Gitea's repo. |
|
I'm not talking about issues, but the PRs below. At that time, user without code permission but have PR read permission can access the PR, and the problem is that they can also review and approve it even they have no access to the code. This is what I want to say, as @hakito has mentioned it:
And it seems that it is related to this change: |
|
Yes, it is related to #30519, I made that change which is not ideal (or buggy), that's why I proposed a quick fix |
|
I have created a new issue about whether user can access to the other tabs if they have no code permission: #32264 |
Description
Our Product Owner needs access to Pull Requests to review completed feature branches.
I gave him Write Access to Pull Requests on
/org/company/teams/po/editHowever, when he tried to go to PR page he got a 404 error (If I recall correctly). I also tried with Read access, but it also did not work.
I had to give him Code read access as well. The expecation would be, that with PR permission it would be possible to comment on the PR, but without access to the other tabs (code).
Gitea Version
1.22.3
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
Docker
Database
None
The text was updated successfully, but these errors were encountered: