RFR: 1903: Verify User's group membership when processing backport command

Zhao Song zsong at openjdk.org
Tue May 9 21:23:41 UTC 2023

In GitLab, every project is under a group. If a user doesn't have access to the group, then the user will not be able to see any project under the group. 

However, when processing backport command, the bot will not verify user's group membership, so that it's possible for the bot to create a pull request that is invisible to the user. 

For example, if a user has access to "groupA" but not "groupB", then he can issue the "/backport groupB/repo2" command on one of the commits in "groupA/repo1". In this case, Skara bot would create a PR that is invisible to the user.

To fix this issue, we need to verify user's membership after we get the targetRepo. `GitLabRepository#canPush` is very helpful.


Commit messages:
 - SKARA-1903

Changes: https://git.openjdk.org/skara/pull/1516/files
 Webrev: https://webrevs.openjdk.org/?repo=skara&pr=1516&range=00
  Issue: https://bugs.openjdk.org/browse/SKARA-1903
  Stats: 20 lines in 1 file changed: 20 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/skara/pull/1516.diff
  Fetch: git fetch https://git.openjdk.org/skara.git pull/1516/head:pull/1516

PR: https://git.openjdk.org/skara/pull/1516

More information about the skara-dev mailing list