Added checks for protected branches in pull requests

[Chri-s]

Fixes #2875. This pull request adds checks whether the user is allowed to push to the base branch of a pull request.

If a user may not push to the base branch, the green merge button is hidden on the pull request view. If the user tries merge via the web api, an error (http code 500) with
{"message":"branch is protected [name: %s]","url":"https://godoc.org/github.com/go-gitea/go-sdk/gitea"}
is returned.

There shouldn't be a way to circumvent the branch protection via a pull request.

[codecov-io]

Codecov Report

Merging #3544 into master will decrease coverage by 0.02%.
The diff coverage is 12.12%.

@@            Coverage Diff             @@
##           master    #3544      +/-   ##
==========================================
- Coverage   35.88%   35.86%   -0.03%     
==========================================
  Files         287      287              
  Lines       41331    41362      +31     
==========================================
+ Hits        14833    14835       +2     
- Misses      24316    24339      +23     
- Partials     2182     2188       +6

Impacted Files	Coverage Δ
models/error.go	32.65% <0%> (-0.48%)	⬇️
routers/repo/issue.go	33.09% <14.28%> (-0.18%)	⬇️
models/pull.go	51.2% <14.28%> (-0.97%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c0d41b1...fbf9bf2. Read the comment docs.

[lafriks]

ErrNotAllowedToMerge would be better name for this error

[lafriks]

Would be better to create new function pr.CheckUserAllowedToMerge that would return error (nil for allowed to merge)

[lafriks]

Reuse function pull.CheckUserAllowedToMerge here

[lafriks]

in such cases ctx.ServerError(... should be used

[lafriks]

Reuse IsRepositoryWriter && CheckUserAllowedToMerge to assign to something like ctx.Data["AllowMerge"] and check that in pull.tmpl with {{if .AllowMerge}}

[lafriks]

With moving that check to function would allow to reuse that function to add additional conditions for merge limitations

[Chri-s]

Sorry, had a problem with the first commit after your change request :( I hope the last commit meets your requirements.

[lafriks]

No need to load repository if it is already loaded (need check if pr.BaseRepo == nil {)

[Chri-s]

I added it, but GetBaseRepo() already checks for this:

func (pr *PullRequest) GetBaseRepo() (err error) {
	if pr.BaseRepo != nil {
		return nil
	}

[lafriks]

Sorry I overlooked that function than... I was checking code but somehow missed that check. If it does than yes there is no need to do additional check

[lafriks]

This could be rewritten as:

ctx.Data["AllowMerge"] = ctx.Data["IsRepositoryWriter"]
if err := pull.CheckUserAllowedToMerge(ctx.User); err != nil {
    if !models.IsErrNotAllowedToMerge(err) {
        ctx.ServerError(err)
        return
    }
    ctx.Data["AllowMerge"] = false
}

[Chri-s]

The CI build failed because of a git error (https://drone.gitea.io/go-gitea/gitea/3754/2):

+ git init
Initialized empty Git repository in /srv/app/src/code.gitea.io/gitea/.git/
+ git remote add origin https://github.com/go-gitea/gitea.git
+ git fetch --tags --depth=50 origin +refs/pull/3544/merge:
fatal: The remote end hung up unexpectedly
exit status 128

I don't think that this has something to do with my latest commit, is there some way to tell drone to retry?

[lunny]

LGTM

[lunny]

need @lafriks 's review.