diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2017-09-14 16:16:22 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-14 16:16:22 +0800 |
| commit | 1739e84ac02c0384c04576a00abab9348293f9c7 (patch) | |
| tree | 1015e68f36421f274d2e883ff3ddb0cb29b6af71 /cmd | |
| parent | be3319b3d545289b772d7a92b4b62205863954d9 (diff) | |
| download | gitea-1739e84ac02c0384c04576a00abab9348293f9c7.tar.gz gitea-1739e84ac02c0384c04576a00abab9348293f9c7.zip | |
improve protected branch to add whitelist support (#2451)
* improve protected branch to add whitelist support
* fix lint
* fix style check
* fix tests
* fix description on UI and import
* fix test
* bug fixed
* fix tests and languages
* move isSliceInt64Eq to util pkg; improve function names & typo
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/hook.go | 48 |
1 files changed, 25 insertions, 23 deletions
diff --git a/cmd/hook.go b/cmd/hook.go index 06250181d3..0ddbb36f90 100644 --- a/cmd/hook.go +++ b/cmd/hook.go @@ -84,9 +84,10 @@ func runHookPreReceive(c *cli.Context) error { // the environment setted on serv command repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64) isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true") - //username := os.Getenv(models.EnvRepoUsername) - //reponame := os.Getenv(models.EnvRepoName) - //repoPath := models.RepoPath(username, reponame) + username := os.Getenv(models.EnvRepoUsername) + reponame := os.Getenv(models.EnvRepoName) + userIDStr := os.Getenv(models.EnvPusherID) + repoPath := models.RepoPath(username, reponame) buf := bytes.NewBuffer(nil) scanner := bufio.NewScanner(os.Stdin) @@ -104,36 +105,37 @@ func runHookPreReceive(c *cli.Context) error { continue } - //oldCommitID := string(fields[0]) + oldCommitID := string(fields[0]) newCommitID := string(fields[1]) refFullName := string(fields[2]) - // FIXME: when we add feature to protected branch to deny force push, then uncomment below - /*var isForce bool - // detect force push - if git.EmptySHA != oldCommitID { - output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath) - if err != nil { - fail("Internal error", "Fail to detect force push: %v", err) - } else if len(output) > 0 { - isForce = true - } - }*/ - branchName := strings.TrimPrefix(refFullName, git.BranchPrefix) protectBranch, err := private.GetProtectedBranchBy(repoID, branchName) if err != nil { log.GitLogger.Fatal(2, "retrieve protected branches information failed") } - if protectBranch != nil { - if !protectBranch.CanPush { - // check and deletion - if newCommitID == git.EmptySHA { - fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "") - } else { + if protectBranch != nil && protectBranch.IsProtected() { + // detect force push + if git.EmptySHA != oldCommitID { + output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath) + if err != nil { + fail("Internal error", "Fail to detect force push: %v", err) + } else if len(output) > 0 { + fail(fmt.Sprintf("branch %s is protected from force push", branchName), "") + } + } + + // check and deletion + if newCommitID == git.EmptySHA { + fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "") + } else { + userID, _ := strconv.ParseInt(userIDStr, 10, 64) + canPush, err := private.CanUserPush(protectBranch.ID, userID) + if err != nil { + fail("Internal error", "Fail to detect user can push: %v", err) + } else if !canPush { fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "") - //fail(fmt.Sprintf("branch %s is protected from force push", branchName), "") } } } |