From 1b296ed1a422b8f29ea0c0e887f6470b8895116c Mon Sep 17 00:00:00 2001 From: Pedro Nishiyama Date: Thu, 28 Nov 2024 04:18:23 -0300 Subject: [PATCH] Allow users with write permission to run actions (#32644) --- I have a use case where I need a team to be able to run actions without admin access. --- routers/web/repo/actions/actions.go | 4 ++-- routers/web/web.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go index f5fb056494..ad16b9fb4e 100644 --- a/routers/web/repo/actions/actions.go +++ b/routers/web/repo/actions/actions.go @@ -168,8 +168,8 @@ func List(ctx *context.Context) { actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig() ctx.Data["ActionsConfig"] = actionsConfig - if len(workflowID) > 0 && ctx.Repo.IsAdmin() { - ctx.Data["AllowDisableOrEnableWorkflow"] = true + if len(workflowID) > 0 && ctx.Repo.CanWrite(unit.TypeActions) { + ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.IsAdmin() isWorkflowDisabled := actionsConfig.IsWorkflowDisabled(workflowID) ctx.Data["CurWorkflowDisabled"] = isWorkflowDisabled diff --git a/routers/web/web.go b/routers/web/web.go index a2c14993ac..5ed046a983 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -1406,7 +1406,7 @@ func registerRoutes(m *web.Router) { m.Get("", actions.List) m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile) m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile) - m.Post("/run", reqRepoAdmin, actions.Run) + m.Post("/run", reqRepoActionsWriter, actions.Run) m.Group("/runs/{run}", func() { m.Combo("").