fix(merge request): Users can merge the branches they created themsel…

…ves, close yuntijs#2
lihaorong840506 · Mar 27, 2024 · b576156 · b576156
1 parent b3e2306
commit b576156
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 29 deletions.
diff --git a/packages/server/README.md b/packages/server/README.md
@@ -56,15 +56,15 @@ docker run --name dolt --restart=always `
 ```bash
 docker exec -it dolt bash
 # 执行下面的命令可以进入 dolt sql shell
-dolt --host 0.0.0.0 --port 3306 -u root -p tenxcloud --no-tls sql
+dolt --host 0.0.0.0 --port 3306 -u root -p yunti --no-tls sql
 ```
 
 使用 dolt sql 初始化数据库：
 
 ```bash
 dolt config --global --add user.email "[email protected]"
 dolt config --global --add user.name "yunti"
-dolt --host 0.0.0.0 --port 3306 -u root -p tenxcloud --no-tls sql < /tmp/db/init.sql
+dolt --host 0.0.0.0 --port 3306 -u root -p yunti --no-tls sql < /tmp/db/init.sql
 ```
 
 启动 server：

diff --git a/packages/server/src/merge-requests/merge-requests.service.ts b/packages/server/src/merge-requests/merge-requests.service.ts
@@ -278,22 +278,9 @@ export class MergeRequestService {
       throw new CustomException('ALREADY_CLOSED', 'Already closed', 409);
     }
 
-    // 当关闭
-    if (mergeRequest.authorId !== user.id) {
-      let memberRole;
-      memberRole = await (mergeRequest.mergeRequestSourceType === MergeRequestSourceType.app
-        ? this.appsMembersService.checkUserAppMemberRole(user, mergeRequest.mergeRequestSourceId)
-        : this.componentsMembersService.checkUserComponentMemberRole(
-            user,
-            mergeRequest.mergeRequestSourceId
-          ));
-      if (memberRole !== MemberRole.Owner && memberRole !== MemberRole.Maintainer) {
-        throw new CustomException(
-          'Forbidden',
-          'Only MR creator, onwer and Maintainer can close the MR',
-          403
-        );
-      }
+    // 当关闭检查用户权限是否足够
+    if (mergeRequest.authorId !== user.id || mergeRequest.assigneeId !== user.id) {
+      await this.checkMRPermission(user, mergeRequest);
     }
 
     mergeRequest.mergeRequestStatus = MergeRequestStatus.Closed;
@@ -328,6 +315,8 @@ export class MergeRequestService {
       throw new CustomException('ALREADY_RESOLVED', 'Already resolved', 400);
     }
 
+    await this.checkMRPermission(user, mergeRequest);
+
     // 当数据完全使用源代码数据时不需要对源代码进行 commit
     let isNeedCommit = false;
     const dataSource = await treeDataSources.getDataSource(mergeRequest.sourceBranchName);
@@ -467,17 +456,8 @@ export class MergeRequestService {
       throw new CustomException('IS_NOT_OPENNING', 'merge request is not openning status', 400);
     }
 
-    // 查看合并权限是否满足 Owner 或 maintainer
-    let memberRole;
-    memberRole = await (mergeRequest.mergeRequestSourceType === MergeRequestSourceType.app
-      ? this.appsMembersService.checkUserAppMemberRole(user, mergeRequest.mergeRequestSourceId)
-      : this.componentsMembersService.checkUserComponentMemberRole(
-          user,
-          mergeRequest.mergeRequestSourceId
-        ));
-    if (memberRole !== MemberRole.Owner && memberRole !== MemberRole.Maintainer) {
-      throw new CustomException('Forbidden', 'Only onwer and maintainer can merge the MR', 403);
-    }
+    // 查看合并权限是否满足 Owner 或 maintainer, 或当前分支的 owner
+    await this.checkMRPermission(user, mergeRequest);
 
     const dataSource = await treeDataSources.getDataSource(mergeRequest.targetBranchName);
     const queryRunner = dataSource.createQueryRunner();
@@ -689,4 +669,32 @@ export class MergeRequestService {
       );
     }
   }
+
+  async checkMRPermission(user: ILoginUser, mergeRequest: MergeRequest) {
+    const targetBranchInfo = mergeRequest.targetBranchName.split('/');
+    if (targetBranchInfo && targetBranchInfo.length < 2) {
+      throw new CustomException(
+        'TARGET BRANCH NAME IS WRONG',
+        `Full target branche name is wrong: ${mergeRequest.targetBranchName}`,
+        400
+      );
+    }
+    // 当前分支为用户分支时可以修改，非用户分支时看是否为 owner 或者 maintainer
+    if (targetBranchInfo[1] !== user.id) {
+      let memberRole;
+      memberRole = await (mergeRequest.mergeRequestSourceType === MergeRequestSourceType.app
+        ? this.appsMembersService.checkUserAppMemberRole(user, mergeRequest.mergeRequestSourceId)
+        : this.componentsMembersService.checkUserComponentMemberRole(
+            user,
+            mergeRequest.mergeRequestSourceId
+          ));
+      if (memberRole !== MemberRole.Owner && memberRole !== MemberRole.Maintainer) {
+        throw new CustomException(
+          'Forbidden',
+          'Only MR creator, onwer and Maintainer can use the MR',
+          403
+        );
+      }
+    }
+  }
 }