Allow users with write permission to run actions (#32644)

NishiyamaPedro · web-flow · commit 1b296ed1a422 · 2024-11-28T07:18:23.000Z
---
I have a use case where I need a team to be able to run actions without
admin access.
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
@@ -168,8 +168,8 @@ func List(ctx *context.Context) {
 	actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
 	ctx.Data["ActionsConfig"] = actionsConfig
 
-	if len(workflowID) > 0 && ctx.Repo.IsAdmin() {
-		ctx.Data["AllowDisableOrEnableWorkflow"] = true
+	if len(workflowID) > 0 && ctx.Repo.CanWrite(unit.TypeActions) {
+		ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.IsAdmin()
 		isWorkflowDisabled := actionsConfig.IsWorkflowDisabled(workflowID)
 		ctx.Data["CurWorkflowDisabled"] = isWorkflowDisabled
 
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -1406,7 +1406,7 @@ func registerRoutes(m *web.Router) {
 		m.Get("", actions.List)
 		m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile)
 		m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile)
-		m.Post("/run", reqRepoAdmin, actions.Run)
+		m.Post("/run", reqRepoActionsWriter, actions.Run)
 
 		m.Group("/runs/{run}", func() {
 			m.Combo("").
