From 05f0007437d507e1445fd616594c048e5b9908d8 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 1 Jun 2024 10:41:10 +0200
Subject: [PATCH] fix(hook): instance admins wrongly restricted by permissions
 checks

This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b70893601c33a33d8d44eb0421797dfd846a47.

It should have been kept for instance admins only because they are not
subject to permission checks.
---
 routers/private/hook_pre_receive.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index f06f6071e9..97568b3f65 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -397,6 +397,11 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 			return
 		}
 
+		// If we're an admin for the instance, we can ignore checks
+		if ctx.user.IsAdmin {
+			return
+		}
+
 		// It's not allowed t overwrite protected files. Unless if the user is an
 		// admin and the protected branch rule doesn't apply to admins.
 		if changedProtectedfiles && (!ctx.user.IsAdmin || protectBranch.ApplyToAdmins) {