fix(commenter roles): don't give system users roles (#6766)

Currently on every pull request Ghost would have a misleading "First-time contributor" role. Also, if the issue author is a Ghost, all other ghosts who commented will be labeled as authors even if they are different ghosts. I've added a missing check to abort all other permission and contribution checks early if the user is a ghost. Also applies to other system users, as suggested by @earl-warren. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6766 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-31 20:02:09 +00:00 · 2025-02-05 17:34:45 +00:00 · 2025-02-05 17:34:45 +00:00 · d1d78c1b14
commit d1d78c1b14
parent 862f4ad60c
5 changed files with 140 additions and 5 deletions
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

 package repo
@ -1308,18 +1309,24 @@ func NewIssuePost(ctx *context.Context) {
 func roleDescriptor(ctx stdCtx.Context, repo *repo_model.Repository, poster *user_model.User, issue *issues_model.Issue, hasOriginalAuthor bool) (issues_model.RoleDescriptor, error) {
 	roleDescriptor := issues_model.RoleDescriptor{}

+	// Migrated comment with no associated local user
 	if hasOriginalAuthor {
 		return roleDescriptor, nil
 	}

+	// Special user that can't have associated contributions and permissions in the repo.
+	if poster.IsGhost() || poster.IsActions() || poster.IsAPActor() {
+		return roleDescriptor, nil
+	}
+
+	// If the poster is the actual poster of the issue, enable Poster role.
+	roleDescriptor.IsPoster = issue.IsPoster(poster.ID)
+
 	perm, err := access_model.GetUserRepoPermission(ctx, repo, poster)
 	if err != nil {
 		return roleDescriptor, err
 	}

-	// If the poster is the actual poster of the issue, enable Poster role.
-	roleDescriptor.IsPoster = issue.IsPoster(poster.ID)
-
 	// Check if the poster is owner of the repo.
 	if perm.IsOwner() {
 		// If the poster isn't an admin, enable the owner role.