From e283195530dd2218432f8b56caa7a40093577478 Mon Sep 17 00:00:00 2001
From: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Date: Mon, 1 Feb 2021 14:48:19 +0100
Subject: [PATCH] Fix permission check on branch deletion (#1515)

---
 gradle/changelog/delete_branches_permission.yaml              | 2 ++
 .../sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java   | 2 +-
 .../scm/api/v2/resources/BranchToBranchDtoMapperTest.java     | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)
 create mode 100644 gradle/changelog/delete_branches_permission.yaml

diff --git a/gradle/changelog/delete_branches_permission.yaml b/gradle/changelog/delete_branches_permission.yaml
new file mode 100644
index 0000000000..d5fc6080c9
--- /dev/null
+++ b/gradle/changelog/delete_branches_permission.yaml
@@ -0,0 +1,2 @@
+- type: fixed
+  description: Fix permission check for branch deletion ([#1515](https://github.com/scm-manager/scm-manager/pull/1515))
diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java
index f3860f5708..29874d90f5 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java
@@ -62,7 +62,7 @@ public abstract class BranchToBranchDtoMapper extends HalAppenderMapper implemen
       .single(linkBuilder("changeset", resourceLinks.changeset().changeset(namespaceAndName.getNamespace(), namespaceAndName.getName(), branch.getRevision())).build())
       .single(linkBuilder("source", resourceLinks.source().self(namespaceAndName.getNamespace(), namespaceAndName.getName(), branch.getRevision())).build());
 
-    if (!branch.isDefaultBranch() && RepositoryPermissions.modify(repository).isPermitted()) {
+    if (!branch.isDefaultBranch() && RepositoryPermissions.push(repository).isPermitted()) {
       linksBuilder.single(linkBuilder("delete", resourceLinks.branch().delete(repository.getNamespace(), repository.getName(), branch.getName())).build());
     }
 
diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapperTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapperTest.java
index e46dc6eea3..c42d363686 100644
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapperTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapperTest.java
@@ -87,7 +87,7 @@ class BranchToBranchDtoMapperTest {
   @Test
   void shouldAppendDeleteLink() {
     Repository repository = RepositoryTestData.createHeartOfGold();
-    when(subject.isPermitted("repository:modify:" + repository.getId())).thenReturn(true);
+    when(subject.isPermitted("repository:push:" + repository.getId())).thenReturn(true);
     Branch branch = Branch.normalBranch("master", "42");
 
     BranchDto dto = mapper.map(branch, repository);
@@ -106,7 +106,7 @@ class BranchToBranchDtoMapperTest {
   @Test
   void shouldNotAppendDeleteLinkIfNotPermitted() {
     Repository repository = RepositoryTestData.createHeartOfGold();
-    when(subject.isPermitted("repository:modify:" + repository.getId())).thenReturn(false);
+    when(subject.isPermitted("repository:push:" + repository.getId())).thenReturn(false);
     Branch branch = Branch.normalBranch("master", "42");
 
     BranchDto dto = mapper.map(branch, repository);