diff options
| author | zeripath <art27@cantab.net> | 2020-01-15 08:32:57 +0000 |
|---|---|---|
| committer | Antoine GIRARD <sapk@users.noreply.github.com> | 2020-01-15 09:32:57 +0100 |
| commit | 66ee9b87f9aaabef836ec72bfaf8032b359b29c1 (patch) | |
| tree | b6d134fb5ccc83c4b7ddad6a0eb6206496cc8b76 /modules/context/repo.go | |
| parent | 6b1fa1235904947187266789b204f19bc03872be (diff) | |
| download | gitea-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.tar.gz gitea-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.zip | |
Add require signed commit for protected branch (#9708)
* Add require signed commit for protected branch
* Fix fmt
* Make editor show if they will be signed
* bugfix
* Add basic merge check and better information for CRUD
* linting comment
* Add descriptors to merge signing
* Slight refactor
* Slight improvement to appearances
* Handle Merge API
* manage CRUD API
* Move error to error.go
* Remove fix to delete.go
* prep for merge
* need to tolerate \r\n in message
* check protected branch before trying to load it
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* fix commit-reader
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'modules/context/repo.go')
| -rw-r--r-- | modules/context/repo.go | 51 |
1 files changed, 47 insertions, 4 deletions
diff --git a/modules/context/repo.go b/modules/context/repo.go index 86c7df2b05..66700a6937 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -74,14 +74,57 @@ func RepoMustNotBeArchived() macaron.Handler { } } +// CanCommitToBranchResults represents the results of CanCommitToBranch +type CanCommitToBranchResults struct { + CanCommitToBranch bool + EditorEnabled bool + UserCanPush bool + RequireSigned bool + WillSign bool + SigningKey string + WontSignReason string +} + // CanCommitToBranch returns true if repository is editable and user has proper access level // and branch is not protected for push -func (r *Repository) CanCommitToBranch(doer *models.User) (bool, error) { - protectedBranch, err := r.Repository.IsProtectedBranchForPush(r.BranchName, doer) +func (r *Repository) CanCommitToBranch(doer *models.User) (CanCommitToBranchResults, error) { + protectedBranch, err := models.GetProtectedBranchBy(r.Repository.ID, r.BranchName) + if err != nil { - return false, err + return CanCommitToBranchResults{}, err } - return r.CanEnableEditor() && !protectedBranch, nil + userCanPush := true + requireSigned := false + if protectedBranch != nil { + userCanPush = protectedBranch.CanUserPush(doer.ID) + requireSigned = protectedBranch.RequireSignedCommits + } + + sign, keyID, err := r.Repository.SignCRUDAction(doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName) + + canCommit := r.CanEnableEditor() && userCanPush + if requireSigned { + canCommit = canCommit && sign + } + wontSignReason := "" + if err != nil { + if models.IsErrWontSign(err) { + wontSignReason = string(err.(*models.ErrWontSign).Reason) + err = nil + } else { + wontSignReason = "error" + } + } + + return CanCommitToBranchResults{ + CanCommitToBranch: canCommit, + EditorEnabled: r.CanEnableEditor(), + UserCanPush: userCanPush, + RequireSigned: requireSigned, + WillSign: sign, + SigningKey: keyID, + WontSignReason: wontSignReason, + }, err } // CanUseTimetracker returns whether or not a user can use the timetracker. |