Skip hooks for UserMergeToRef RPC (!1312) · Merge requests · GitLab.org / gitaly

Oswaldo Ferreira requested to merge osw-skip-hooks-for-merge-to-ref into master Jun 14, 2019

We've noticed at https://gitlab.com/gitlab-org/gitlab-ce/issues/63101 that even though we've skipped authorization checks for the MergeToRefService on gitlab-rails, hooks still trigger extra checks at Gitlab::GitAccess#check_change_access!. That leads to problems as we were lazily updating the merge-ref upon user access to the MR page, and not necessarily the given user will have writing access to the repository.

The user shouldn't play any role here beside being the author of the commit to the ref.

We reverted https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28513 given this was leading to problems for users that send MRs from forks to projects they're not a member of (i.e. merge_request.author doesn't have writing access).

Extra bit of info: We also skip hooks for Repository#fetch_source_branch!.

Edited Nov 18, 2021 by GitLab Release Tools Bot

Skip hooks for UserMergeToRef RPC

Merge request reports