revert: allowed merged users

amustaque97 · amustaque97 · commit e1c1ba6cffb4 · 2025-12-23T10:12:17.000+05:30
diff --git a/docs/toml-schema.md b/docs/toml-schema.md
@@ -421,12 +421,6 @@ required-approvals = 1
 # in [access.teams].
 # (optional)
 allowed-merge-teams = ["awesome-team"]
-# Enable bypass for organization administrators.
-# Due to GitHub API limitations, individual users cannot be granted bypass  
-# access directly. Instead, this grants bypass to all organization admins.
-# For granular control, add users to a team and use allowed-merge-teams.
-# (optional)
-allowed-merge-users = ["any-username"]  # Enables OrganizationAdmin bypass
 # Determines the merge queue bot(s) that manage pushes to this branch.
 # When a bot manages the queue, some other options, like
 # `required-approvals` and `pr-required` options are not valid.
diff --git a/rust_team_data/src/v1.rs b/rust_team_data/src/v1.rs
@@ -258,8 +258,6 @@ pub struct BranchProtection {
     pub dismiss_stale_review: bool,
     pub mode: BranchProtectionMode,
     pub allowed_merge_teams: Vec<String>,
-    #[serde(default)]
-    pub allowed_merge_users: Vec<String>,
     pub merge_bots: Vec<MergeBot>,
 }
 
diff --git a/src/schema.rs b/src/schema.rs
@@ -877,8 +877,6 @@ pub(crate) struct BranchProtection {
     #[serde(default)]
     pub allowed_merge_teams: Vec<String>,
     #[serde(default)]
-    pub allowed_merge_users: Vec<String>,
-    #[serde(default)]
     pub merge_bots: Vec<MergeBot>,
 }
 
diff --git a/src/static_api.rs b/src/static_api.rs
@@ -62,7 +62,6 @@ impl<'a> Generator<'a> {
                         BranchProtectionMode::PrNotRequired
                     },
                     allowed_merge_teams: b.allowed_merge_teams.clone(),
-                    allowed_merge_users: b.allowed_merge_users.clone(),
                     merge_bots: b
                         .merge_bots
                         .iter()
diff --git a/sync-team/src/github/mod.rs b/sync-team/src/github/mod.rs
@@ -679,7 +679,6 @@ impl SyncGitHub {
                         dismiss_stale_review: false,
                         mode: rust_team_data::v1::BranchProtectionMode::PrNotRequired,
                         allowed_merge_teams: vec![],
-                        allowed_merge_users: vec![],
                         merge_bots: vec![],
                     },
                 });
@@ -717,13 +716,8 @@ impl SyncGitHub {
         actual_ruleset: &api::Ruleset,
         branch_protection: &rust_team_data::v1::BranchProtection,
     ) -> bool {
-        let expected_count = branch_protection.allowed_merge_teams.len()
-            + if branch_protection.allowed_merge_users.is_empty() {
-                0
-            } else {
-                1
-            } // OrganizationAdmin counts as 1
-            + branch_protection.merge_bots.len();
+        let expected_count =
+            branch_protection.allowed_merge_teams.len() + branch_protection.merge_bots.len();
 
         let actual_count = actual_ruleset
             .bypass_actors
@@ -1008,24 +1002,6 @@ pub(crate) fn construct_bypass_actors(
         }
     }
 
-    // Add OrganizationAdmin bypass actor if allowed_merge_users is specified.
-    // Note: GitHub API limitation - cannot add individual users as bypass actors.
-    // OrganizationAdmin with actor_id=1 grants bypass to ALL organization admins.
-    // For granular per-user control, use allowed_merge_teams with a team containing specific users.
-    if !branch_protection.allowed_merge_users.is_empty() {
-        debug!(
-            "Using OrganizationAdmin bypass actor for allowed_merge_users: {:?}. \
-             Note: This grants bypass to ALL org admins, not just specified users. \
-             For per-user control, use allowed_merge_teams instead.",
-            branch_protection.allowed_merge_users
-        );
-        bypass_actors.push(api::RulesetBypassActor {
-            actor_id: Some(api::ActorId::Id(1)),
-            actor_type: api::RulesetActorType::OrganizationAdmin,
-            bypass_mode: Some(api::RulesetBypassMode::Always),
-        });
-    }
-
     // Resolve bot integration bypass actors
     for merge_bot in &branch_protection.merge_bots {
         let user_login = match merge_bot {
@@ -1989,24 +1965,14 @@ fn log_ruleset(
 
     // Log expected bypass actors if branch protection config is provided
     if let Some(bp) = branch_protection
-        && (!bp.allowed_merge_teams.is_empty()
-            || !bp.allowed_merge_users.is_empty()
-            || !bp.merge_bots.is_empty())
+        && (!bp.allowed_merge_teams.is_empty() || !bp.merge_bots.is_empty())
     {
         writeln!(result, "        Expected Bypass Actors:")?;
 
         for team in &bp.allowed_merge_teams {
             writeln!(result, "          - Team: {} (Mode: always)", team)?;
         }
 
-        if !bp.allowed_merge_users.is_empty() {
-            writeln!(
-                result,
-                "          - OrganizationAdmin: ID=1 (Mode: always) [Note: Grants bypass to all org admins, requested users: {}]",
-                bp.allowed_merge_users.join(", ")
-            )?;
-        }
-
         for bot in &bp.merge_bots {
             let bot_name = match bot {
                 MergeBot::Homu => "bors",
diff --git a/sync-team/src/github/tests/test_utils.rs b/sync-team/src/github/tests/test_utils.rs
@@ -424,7 +424,6 @@ pub struct BranchProtectionBuilder {
     pub dismiss_stale_review: bool,
     pub mode: BranchProtectionMode,
     pub allowed_merge_teams: Vec<String>,
-    pub allowed_merge_users: Vec<String>,
     pub merge_bots: Vec<MergeBot>,
 }
 
@@ -449,15 +448,13 @@ impl BranchProtectionBuilder {
             dismiss_stale_review,
             mode,
             allowed_merge_teams,
-            allowed_merge_users,
             merge_bots,
         } = self;
         v1::BranchProtection {
             pattern,
             dismiss_stale_review,
             mode,
             allowed_merge_teams,
-            allowed_merge_users,
             merge_bots,
         }
     }
@@ -468,7 +465,6 @@ impl BranchProtectionBuilder {
             mode,
             dismiss_stale_review: false,
             allowed_merge_teams: vec![],
-            allowed_merge_users: vec![],
             merge_bots: vec![],
         }
     }
diff --git a/tests/static-api/_expected/v1/repos.json b/tests/static-api/_expected/v1/repos.json
@@ -21,7 +21,6 @@
             }
           },
           "allowed_merge_teams": [],
-          "allowed_merge_users": [],
           "merge_bots": []
         }
       ],
@@ -63,7 +62,6 @@
           "allowed_merge_teams": [
             "foo"
           ],
-          "allowed_merge_users": [],
           "merge_bots": []
         }
       ],
diff --git a/tests/static-api/_expected/v1/repos/archived_repo.json b/tests/static-api/_expected/v1/repos/archived_repo.json
@@ -19,7 +19,6 @@
         }
       },
       "allowed_merge_teams": [],
-      "allowed_merge_users": [],
       "merge_bots": []
     }
   ],
diff --git a/tests/static-api/_expected/v1/repos/some_repo.json b/tests/static-api/_expected/v1/repos/some_repo.json
@@ -30,7 +30,6 @@
       "allowed_merge_teams": [
         "foo"
       ],
-      "allowed_merge_users": [],
       "merge_bots": []
     }
   ],

Original file line number	Diff line number	Diff line change
`@@ -258,8 +258,6 @@ pub struct BranchProtection {`
`258`	`258`	`pub dismiss_stale_review: bool,`
`259`	`259`	`pub mode: BranchProtectionMode,`
`260`	`260`	`pub allowed_merge_teams: Vec<String>,`
`261`		`- #[serde(default)]`
`262`		`- pub allowed_merge_users: Vec<String>,`
`263`	`261`	`pub merge_bots: Vec<MergeBot>,`
`264`	`262`	`}`
`265`	`263`
Original file line number	Diff line number	Diff line change
`@@ -877,8 +877,6 @@ pub(crate) struct BranchProtection {`
`877`	`877`	`#[serde(default)]`
`878`	`878`	`pub allowed_merge_teams: Vec<String>,`
`879`	`879`	`#[serde(default)]`
`880`		`- pub allowed_merge_users: Vec<String>,`
`881`		`- #[serde(default)]`
`882`	`880`	`pub merge_bots: Vec<MergeBot>,`
`883`	`881`	`}`
`884`	`882`
Original file line number	Diff line number	Diff line change
`@@ -424,7 +424,6 @@ pub struct BranchProtectionBuilder {`
`424`	`424`	`pub dismiss_stale_review: bool,`
`425`	`425`	`pub mode: BranchProtectionMode,`
`426`	`426`	`pub allowed_merge_teams: Vec<String>,`
`427`		`- pub allowed_merge_users: Vec<String>,`
`428`	`427`	`pub merge_bots: Vec<MergeBot>,`
`429`	`428`	`}`
`430`	`429`
`@@ -449,15 +448,13 @@ impl BranchProtectionBuilder {`
`449`	`448`	`dismiss_stale_review,`
`450`	`449`	`mode,`
`451`	`450`	`allowed_merge_teams,`
`452`		`- allowed_merge_users,`
`453`	`451`	`merge_bots,`
`454`	`452`	`} = self;`
`455`	`453`	`v1::BranchProtection {`
`456`	`454`	`pattern,`
`457`	`455`	`dismiss_stale_review,`
`458`	`456`	`mode,`
`459`	`457`	`allowed_merge_teams,`
`460`		`- allowed_merge_users,`
`461`	`458`	`merge_bots,`
`462`	`459`	`}`
`463`	`460`	`}`
`@@ -468,7 +465,6 @@ impl BranchProtectionBuilder {`
`468`	`465`	`mode,`
`469`	`466`	`dismiss_stale_review: false,`
`470`	`467`	`allowed_merge_teams: vec![],`
`471`		`- allowed_merge_users: vec![],`
`472`	`468`	`merge_bots: vec![],`
`473`	`469`	`}`
`474`	`470`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@`
`21`	`21`	`}`
`22`	`22`	`},`
`23`	`23`	`"allowed_merge_teams": [],`
`24`		`- "allowed_merge_users": [],`
`25`	`24`	`"merge_bots": []`
`26`	`25`	`}`
`27`	`26`	`],`
`@@ -63,7 +62,6 @@`
`63`	`62`	`"allowed_merge_teams": [`
`64`	`63`	`"foo"`
`65`	`64`	`],`
`66`		`- "allowed_merge_users": [],`
`67`	`65`	`"merge_bots": []`
`68`	`66`	`}`
`69`	`67`	`],`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,6 @@`
`19`	`19`	`}`
`20`	`20`	`},`
`21`	`21`	`"allowed_merge_teams": [],`
`22`		`- "allowed_merge_users": [],`
`23`	`22`	`"merge_bots": []`
`24`	`23`	`}`
`25`	`24`	`],`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,6 @@`
`30`	`30`	`"allowed_merge_teams": [`
`31`	`31`	`"foo"`
`32`	`32`	`],`
`33`		`- "allowed_merge_users": [],`
`34`	`33`	`"merge_bots": []`
`35`	`34`	`}`
`36`	`35`	`],`