From 84bcb3451a5b1a9032dcf5351292191572dddcf2 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sun, 17 May 2020 02:48:30 +0200
Subject: [PATCH] Check Push permissions on IsUserAllowedToUpdate (#11448)

---
 services/pull/update.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/services/pull/update.go b/services/pull/update.go
index 2ccbcf00a3..0829b1c5d6 100644
--- a/services/pull/update.go
+++ b/services/pull/update.go
@@ -59,6 +59,17 @@ func IsUserAllowedToUpdate(pull *models.PullRequest, user *models.User) (bool, e
 		HeadBranch: pull.BaseBranch,
 		BaseBranch: pull.HeadBranch,
 	}
+
+	err = pr.LoadProtectedBranch()
+	if err != nil {
+		return false, err
+	}
+
+	// Update function need push permission
+	if pr.ProtectedBranch != nil && !pr.ProtectedBranch.CanUserPush(user.ID) {
+		return false, nil
+	}
+
 	return IsUserAllowedToMerge(pr, headRepoPerm, user)
 }