summaryrefslogtreecommitdiffstats
path: root/cmd/hook.go
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2017-09-14 16:16:22 +0800
committerGitHub <noreply@github.com>2017-09-14 16:16:22 +0800
commit1739e84ac02c0384c04576a00abab9348293f9c7 (patch)
tree1015e68f36421f274d2e883ff3ddb0cb29b6af71 /cmd/hook.go
parentbe3319b3d545289b772d7a92b4b62205863954d9 (diff)
downloadgitea-1739e84ac02c0384c04576a00abab9348293f9c7.tar.gz
gitea-1739e84ac02c0384c04576a00abab9348293f9c7.zip
improve protected branch to add whitelist support (#2451)
* improve protected branch to add whitelist support * fix lint * fix style check * fix tests * fix description on UI and import * fix test * bug fixed * fix tests and languages * move isSliceInt64Eq to util pkg; improve function names & typo
Diffstat (limited to 'cmd/hook.go')
-rw-r--r--cmd/hook.go48
1 files changed, 25 insertions, 23 deletions
diff --git a/cmd/hook.go b/cmd/hook.go
index 06250181d3..0ddbb36f90 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -84,9 +84,10 @@ func runHookPreReceive(c *cli.Context) error {
// the environment setted on serv command
repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
- //username := os.Getenv(models.EnvRepoUsername)
- //reponame := os.Getenv(models.EnvRepoName)
- //repoPath := models.RepoPath(username, reponame)
+ username := os.Getenv(models.EnvRepoUsername)
+ reponame := os.Getenv(models.EnvRepoName)
+ userIDStr := os.Getenv(models.EnvPusherID)
+ repoPath := models.RepoPath(username, reponame)
buf := bytes.NewBuffer(nil)
scanner := bufio.NewScanner(os.Stdin)
@@ -104,36 +105,37 @@ func runHookPreReceive(c *cli.Context) error {
continue
}
- //oldCommitID := string(fields[0])
+ oldCommitID := string(fields[0])
newCommitID := string(fields[1])
refFullName := string(fields[2])
- // FIXME: when we add feature to protected branch to deny force push, then uncomment below
- /*var isForce bool
- // detect force push
- if git.EmptySHA != oldCommitID {
- output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
- if err != nil {
- fail("Internal error", "Fail to detect force push: %v", err)
- } else if len(output) > 0 {
- isForce = true
- }
- }*/
-
branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
if err != nil {
log.GitLogger.Fatal(2, "retrieve protected branches information failed")
}
- if protectBranch != nil {
- if !protectBranch.CanPush {
- // check and deletion
- if newCommitID == git.EmptySHA {
- fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
- } else {
+ if protectBranch != nil && protectBranch.IsProtected() {
+ // detect force push
+ if git.EmptySHA != oldCommitID {
+ output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
+ if err != nil {
+ fail("Internal error", "Fail to detect force push: %v", err)
+ } else if len(output) > 0 {
+ fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
+ }
+ }
+
+ // check and deletion
+ if newCommitID == git.EmptySHA {
+ fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
+ } else {
+ userID, _ := strconv.ParseInt(userIDStr, 10, 64)
+ canPush, err := private.CanUserPush(protectBranch.ID, userID)
+ if err != nil {
+ fail("Internal error", "Fail to detect user can push: %v", err)
+ } else if !canPush {
fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
- //fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
}
}
}