From 319620ad54c17e71ef9d802f4584f549e7a0d251 Mon Sep 17 00:00:00 2001
From: Fridolin Glatter <glatter@iiasa.ac.at>
Date: Wed, 8 Jan 2025 15:10:56 +0100
Subject: [PATCH] Use triggering_actor as CI-dispatch criterion

---
 .github/workflows/receive.yaml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/receive.yaml b/.github/workflows/receive.yaml
index c71a77b41..258989e9b 100644
--- a/.github/workflows/receive.yaml
+++ b/.github/workflows/receive.yaml
@@ -12,10 +12,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Ensure first-party branch or valid label
-      if: >
-        github.repository != github.event.pull_request.head.repo.full_name &&
-        ! contains(github.event.pull_request.labels.*.name, env.label)
+      - uses: actions-cool/check-user-permission@v2
+        id: checkAccess
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+    - name: Ensure user permission
+      if: steps.checkAccess.outputs.require-result == 'false'
       run: |
-        echo "Will not run \`pytest\` workflow for branch in fork without label \`${{ env.label }}\`." >>$GITHUB_STEP_SUMMARY
+        echo "${{ github.triggering_actor }} does not have permissions on this repo."
+        echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+        echo "Job originally triggered by ${{ github.actor }}"
         exit 1