fix: PR not blocked by review request for a whitelisted team (#8511)

Fixes #8491. Previous behavior always updated the newly created review to set the `official` flag to false. This logic is now removed. The most likely reason that this logic existed was that team reviews were being marked as official based upon `doer`, rather than the target team, which seems undesirable. The expected behavior was retained by removing the check for `IsOfficialReviewer(..., doer)`, ensuring that when making a review request for a team, it doesn't matter *who* makes the request. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8511 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2025-07-19 17:49:39 +02:00 · 2025-07-15 23:21:42 +02:00 · 2025-07-15 23:21:42 +02:00 · e47fa23729
commit e47fa23729
parent e186b5c039
5 changed files with 134 additions and 10 deletions
--- a/models/issues/review_test.go
+++ b/models/issues/review_test.go
@ -8,6 +8,7 @@ import (

 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
+	organization_model "forgejo.org/models/organization"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@ -319,3 +320,80 @@ func TestAddReviewRequest(t *testing.T) {
 	require.Error(t, err)
 	assert.True(t, issues_model.IsErrReviewRequestOnClosedPR(err))
 }
+
+func TestAddTeamReviewRequest(t *testing.T) {
+	defer unittest.OverrideFixtures("models/fixtures/TestAddTeamReviewRequest")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	setupForProtectedBranch := func() (*issues_model.Issue, *user_model.User) {
+		// From override models/fixtures/TestAddTeamReviewRequest/issue.yml; issue #23 is a PR into a protected branch
+		issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 23})
+		require.NoError(t, issue.LoadRepo(db.DefaultContext))
+		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+		return issue, doer
+	}
+
+	t.Run("Protected branch, not official team", func(t *testing.T) {
+		issue, doer := setupForProtectedBranch()
+		// Team 2 is not part of the whitelist for this protected branch
+		team := unittest.AssertExistsAndLoadBean(t, &organization_model.Team{ID: 2})
+
+		comment, err := issues_model.AddTeamReviewRequest(db.DefaultContext, issue, team, doer)
+		require.NoError(t, err)
+		require.NotNil(t, comment)
+
+		review, err := issues_model.GetTeamReviewerByIssueIDAndTeamID(db.DefaultContext, issue.ID, team.ID)
+		require.NoError(t, err)
+		require.NotNil(t, review)
+		assert.Equal(t, issues_model.ReviewTypeRequest, review.Type)
+		assert.Equal(t, team.ID, review.ReviewerTeamID)
+		// This review request should not be marked official because it is not a request for a team in the branch
+		// protection rule's whitelist...
+		assert.False(t, review.Official)
+	})
+
+	t.Run("Protected branch, official team", func(t *testing.T) {
+		issue, doer := setupForProtectedBranch()
+		// Team 1 is part of the whitelist for this protected branch
+		team := unittest.AssertExistsAndLoadBean(t, &organization_model.Team{ID: 1})
+
+		comment, err := issues_model.AddTeamReviewRequest(db.DefaultContext, issue, team, doer)
+		require.NoError(t, err)
+		require.NotNil(t, comment)
+
+		review, err := issues_model.GetTeamReviewerByIssueIDAndTeamID(db.DefaultContext, issue.ID, team.ID)
+		require.NoError(t, err)
+		require.NotNil(t, review)
+		assert.Equal(t, issues_model.ReviewTypeRequest, review.Type)
+		assert.Equal(t, team.ID, review.ReviewerTeamID)
+		// Expected to be considered official because team 1 is in the review whitelist for this protected branch
+		assert.True(t, review.Official)
+	})
+
+	t.Run("Unprotected branch, official team", func(t *testing.T) {
+		// Working on a PR into a branch that is not protected, issue #2
+		issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
+		require.NoError(t, issue.LoadRepo(db.DefaultContext))
+		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+		// team is a team that has write perms against the repo
+		team := unittest.AssertExistsAndLoadBean(t, &organization_model.Team{ID: 1})
+
+		comment, err := issues_model.AddTeamReviewRequest(db.DefaultContext, issue, team, doer)
+		require.NoError(t, err)
+		require.NotNil(t, comment)
+
+		review, err := issues_model.GetTeamReviewerByIssueIDAndTeamID(db.DefaultContext, issue.ID, team.ID)
+		require.NoError(t, err)
+		require.NotNil(t, review)
+		assert.Equal(t, issues_model.ReviewTypeRequest, review.Type)
+		assert.Equal(t, team.ID, review.ReviewerTeamID)
+		// Will not be marked as official because PR #2 there's no branch protection rule that enables whitelist
+		// approvals (verifying logic in `IsOfficialReviewerTeam` indirectly)
+		assert.False(t, review.Official)
+
+		// Adding the same team review request again should be a noop
+		comment, err = issues_model.AddTeamReviewRequest(db.DefaultContext, issue, team, doer)
+		require.NoError(t, err)
+		require.Nil(t, comment)
+	})
+}