From 4229f6ae4e06ff3041d51a83efea89014d2c9d64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D8=B4=D8=B1=D9=83=D8=A9=20=D8=AE=D8=A8=D9=8A=D8=B1=20?=
 =?UTF-8?q?=D8=A7=D9=84=D9=85=D8=AD=D8=AF=D9=88=D8=AF=D8=A9?=
 <it@exp-sa.com>
Date: Fri, 21 Nov 2025 22:44:17 +0200
Subject: [PATCH] Refactor PR author validation in workflow

Updated the GitHub Actions workflow to restrict PR authors by modifying the allowed users list and changing the validation logic.
---
 .github/workflows/restrict-pr-authors.yaml | 32 +++++++++-------------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/restrict-pr-authors.yaml b/.github/workflows/restrict-pr-authors.yaml
index b530d6fcc..265e43353 100644
--- a/.github/workflows/restrict-pr-authors.yaml
+++ b/.github/workflows/restrict-pr-authors.yaml
@@ -1,6 +1,10 @@
 # Author: Moutaz (restrict PR authors)
 name: Restrict PR Authors
 
+permissions:
+  contents: read
+  pull-requests: write
+  
 on:
   pull_request:
     types: [opened, reopened]
@@ -28,36 +32,26 @@ on:
       - dev_odex25_donation
 
 jobs:
-  restrict-author:
+  validate:
     runs-on: linting_odex25-standard-modules_runner
 
     steps:
-      - name: Validate PR Author
+      - name: Check PR Author
         uses: actions/github-script@v7
         with:
+          github-token: ${{ secrets.PR_CLOSE_TOKEN }}   # 👈 ضروري
           script: |
-            const allowedUsers = [
-              "ahmad-samir",
-              "expdevops",
-              "whatever-user"
-            ];
+            const allowed = ["ahmad-samir", "moutazmuhammad"];
+            const author = context.payload.pull_request.user.login;
 
-            const pr = context.payload.pull_request;
-            const author = pr.user.login;
-
-            console.log("PR Author:", author);
-
-            if (!allowedUsers.includes(author)) {
-              console.log(`❌ User '${author}' is NOT allowed to open PRs. Closing PR...`);
+            core.info(`PR Author: ${author}`);
 
+            if (!allowed.includes(author)) {
+              core.error(`User '${author}' is NOT allowed. Closing PR...`);
               await github.rest.pulls.update({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
-                pull_number: pr.number,
+                pull_number: context.payload.pull_request.number,
                 state: "closed"
               });
-
-              core.setFailed("PR automatically closed. Unauthorized author.");
-            } else {
-              console.log("✅ Author is allowed to open PR.");
             }