From 4f2df547334f831cdc86b0add08a273962888f29 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 28 2014 08:17:43 +0000
Subject: Only repo admin can merge pull-request


---

diff --git a/progit/fork.py b/progit/fork.py
index 691d2f8..37ae9a4 100644
--- a/progit/fork.py
+++ b/progit/fork.py
@@ -151,6 +151,11 @@ def merge_request_pull(repo, requestid, username=None):
     if not request:
         flask.abort(404, 'Pull-request not found')
 
+    if not is_repo_admin(repo):
+        flask.abort(
+            403,
+            'You are not allowed to merge pull-request for this project')
+
     error_output = flask.url_for(
         'request_pull', repo=repo.name, requestid=requestid)
     if username: