From b4e5a9727d9db30e599445559085eb5c31f36e84 Mon Sep 17 00:00:00 2001
From: Meni Yakove <myakove@gmail.com>
Date: Sat, 21 Jun 2025 17:59:49 +0300
Subject: [PATCH 1/2] fix: add-allowed-user

---
 webhook_server/libs/issue_comment_handler.py | 11 +++++---
 webhook_server/libs/owners_files_handler.py  | 28 ++++++++++++++------
 webhook_server/utils/constants.py            |  1 +
 3 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/webhook_server/libs/issue_comment_handler.py b/webhook_server/libs/issue_comment_handler.py
index 12dc21db..b0476d0b 100644
--- a/webhook_server/libs/issue_comment_handler.py
+++ b/webhook_server/libs/issue_comment_handler.py
@@ -1,8 +1,8 @@
 from __future__ import annotations
 
 import asyncio
-from typing import TYPE_CHECKING, Callable, Any, Coroutine, Union
 from asyncio import Task
+from typing import TYPE_CHECKING, Any, Callable, Coroutine, Union
 
 from github.PullRequest import PullRequest
 
@@ -15,6 +15,7 @@
     BUILD_AND_PUSH_CONTAINER_STR,
     BUILD_CONTAINER_STR,
     CHERRY_PICK_LABEL_PREFIX,
+    COMMAND_ADD_ALLOWED_USER_STR,
     COMMAND_ASSIGN_REVIEWER_STR,
     COMMAND_ASSIGN_REVIEWERS_STR,
     COMMAND_CHECK_CAN_MERGE_STR,
@@ -91,6 +92,7 @@ async def user_commands(
             COMMAND_CHECK_CAN_MERGE_STR,
             BUILD_AND_PUSH_CONTAINER_STR,
             COMMAND_ASSIGN_REVIEWER_STR,
+            COMMAND_ADD_ALLOWED_USER_STR,
         ]
 
         command_and_args: list[str] = command.split(" ", 1)
@@ -98,7 +100,7 @@ async def user_commands(
         _args: str = command_and_args[1] if len(command_and_args) > 1 else ""
 
         self.logger.debug(
-            f"{self.log_prefix} User: {reviewed_user}, Command: {_command}, Command args: {_args if _args else 'None'}"
+            f"{self.log_prefix} User: {reviewed_user}, Command: {_command}, Command args: {_args or 'None'}"
         )
         if _command not in available_commands + list(USER_LABELS_DICT.keys()):
             self.logger.debug(f"{self.log_prefix} Command {command} is not supported.")
@@ -109,7 +111,7 @@ async def user_commands(
         if remove := len(command_and_args) > 1 and _args == "cancel":
             self.logger.debug(f"{self.log_prefix} User requested 'cancel' for command {_command}")
 
-        if _command in (COMMAND_RETEST_STR, COMMAND_ASSIGN_REVIEWER_STR) and not _args:
+        if _command in (COMMAND_RETEST_STR, COMMAND_ASSIGN_REVIEWER_STR, COMMAND_ADD_ALLOWED_USER_STR) and not _args:
             missing_command_arg_comment_msg: str = f"{_command} requires an argument"
             error_msg: str = f"{self.log_prefix} {missing_command_arg_comment_msg}"
             self.logger.debug(error_msg)
@@ -123,6 +125,9 @@ async def user_commands(
         if _command == COMMAND_ASSIGN_REVIEWER_STR:
             await self._add_reviewer_by_user_comment(pull_request=pull_request, reviewer=_args)
 
+        elif _command == COMMAND_ADD_ALLOWED_USER_STR:
+            await asyncio.to_thread(pull_request.create_issue_comment, body=f"{_args} is now allowed to run commands")
+
         elif _command == COMMAND_ASSIGN_REVIEWERS_STR:
             await self.owners_file_handler.assign_reviewers(pull_request=pull_request)
 
diff --git a/webhook_server/libs/owners_files_handler.py b/webhook_server/libs/owners_files_handler.py
index 5e32d1e4..d7c2e220 100644
--- a/webhook_server/libs/owners_files_handler.py
+++ b/webhook_server/libs/owners_files_handler.py
@@ -10,6 +10,8 @@
 from github.PaginatedList import PaginatedList
 from github.PullRequest import PullRequest
 
+from webhook_server.utils.constants import COMMAND_ADD_ALLOWED_USER_STR
+
 if TYPE_CHECKING:
     from webhook_server.libs.github_api import GithubWebhook
 
@@ -53,6 +55,14 @@ def root_approvers(self) -> list[str]:
         self.logger.debug(f"{self.log_prefix} ROOT Approvers: {_approvers}")
         return _approvers
 
+    @property
+    def allowed_users(self) -> list[str]:
+        self._ensure_initialized()
+
+        _allowed_users = self.all_repository_approvers_and_reviewers.get(".", {}).get("allowed-users", [])
+        self.logger.debug(f"{self.log_prefix} ROOT allowed users: {_allowed_users}")
+        return _allowed_users
+
     async def list_changed_files(self, pull_request: PullRequest) -> list[str]:
         return [_file.filename for _file in await asyncio.to_thread(pull_request.get_files)]
 
@@ -236,7 +246,7 @@ async def is_user_valid_to_run_commands(self, pull_request: PullRequest, reviewe
         self._ensure_initialized()
 
         allowed_user_to_approve = await self.get_all_repository_maintainers() + self.all_repository_approvers
-        allow_user_comment = f"/add-allowed-user @{reviewed_user}"
+        allow_user_comment = f"/{COMMAND_ADD_ALLOWED_USER_STR} @{reviewed_user}"
 
         comment_msg = f"""
 {reviewed_user} is not allowed to run retest commands.
@@ -247,13 +257,15 @@ async def is_user_valid_to_run_commands(self, pull_request: PullRequest, reviewe
         valid_users = await self.valid_users_to_run_commands
 
         if reviewed_user not in valid_users:
-            comments_from_approvers = [
-                comment.body
-                for comment in await asyncio.to_thread(pull_request.get_issue_comments)
-                if comment.user.login in allowed_user_to_approve
-            ]
-            for comment in comments_from_approvers:
-                if allow_user_comment in comment:
+            for comment in [
+                _comment
+                for _comment in await asyncio.to_thread(pull_request.get_issue_comments)
+                if _comment.user.login in allowed_user_to_approve
+            ]:
+                if allow_user_comment in comment.body:
+                    self.logger.debug(
+                        f"{self.log_prefix} {reviewed_user} is approved to run commands by {comment.user.login}"
+                    )
                     return True
 
             self.logger.debug(f"{self.log_prefix} {reviewed_user} is not in {valid_users}")
diff --git a/webhook_server/utils/constants.py b/webhook_server/utils/constants.py
index 6c7ee871..33da3a69 100644
--- a/webhook_server/utils/constants.py
+++ b/webhook_server/utils/constants.py
@@ -33,6 +33,7 @@
 COMMAND_ASSIGN_REVIEWERS_STR = "assign-reviewers"
 COMMAND_CHECK_CAN_MERGE_STR = "check-can-merge"
 COMMAND_ASSIGN_REVIEWER_STR = "assign-reviewer"
+COMMAND_ADD_ALLOWED_USER_STR = "add-allowed-user"
 
 # Gitlab colors require a '#' prefix; e.g: #
 USER_LABELS_DICT: dict[str, str] = {

From 1ebdd4823a183ca1fdcb3160ac961ae250532eea Mon Sep 17 00:00:00 2001
From: Meni Yakove <myakove@gmail.com>
Date: Sat, 21 Jun 2025 18:02:10 +0300
Subject: [PATCH 2/2] Fix comment when user is approved

---
 webhook_server/libs/owners_files_handler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webhook_server/libs/owners_files_handler.py b/webhook_server/libs/owners_files_handler.py
index d7c2e220..ef30faa1 100644
--- a/webhook_server/libs/owners_files_handler.py
+++ b/webhook_server/libs/owners_files_handler.py
@@ -264,7 +264,7 @@ async def is_user_valid_to_run_commands(self, pull_request: PullRequest, reviewe
             ]:
                 if allow_user_comment in comment.body:
                     self.logger.debug(
-                        f"{self.log_prefix} {reviewed_user} is approved to run commands by {comment.user.login}"
+                        f"{self.log_prefix} {reviewed_user} is approved by {comment.user.login} to run commands"
                     )
                     return True