Beer
September 26, 2021, 12:57pm
1
Belonging to an organisation using Gitea, I submitted a PR to one of the repositories.
When the PR got merged, it said I did the merge, whil actually someone else (admin) did it.
Are there knobs to turn to avoid that impersonation behaviour? I find the fact this is even possible worrying.
IMHO, while admins should be able to bypass some rules (like reviews and such), they should never make actions which are not authenticated by them.
eeyrjmr
September 26, 2021, 3:06pm
2
isn’t’ this more a matter of admin doing the merge and iirc there is a PR open for this
opened 02:27PM - 23 Sep 21 UTC
### Feature Description
Say I am one of the 'owners' of a repo and I've set b… ranch protection on the `main` branch. Specifically, I've set required approvals to 3.
This works fine for the most part, but on the pull request it shows 'As an administrator, you may still merge this pull request.':

So I could click the red 'Rebase and Merge' button and bypass the required approvals.
A feature I would really like would be a way to disable this ability. So that, even as an owner, I don't get this option to merge the PR without approvals.
Now I understand that, as owner of the repo, I have ultimate control of the settings. If I wanted to, I could go into settings and remove the need for required approvals. But that is quite an involved process which under normal circumstances I wouldn't do.
However, I want to avoid the temptation for an owner to quickly merge a PR without getting approvals granted first.
If I could just disable this merge button from showing, until approvals have been granted, then that would improve usability.
### Screenshots
_No response_