summaryrefslogtreecommitdiffstats
path: root/modules/context
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2020-01-15 08:32:57 +0000
committerAntoine GIRARD <sapk@users.noreply.github.com>2020-01-15 09:32:57 +0100
commit66ee9b87f9aaabef836ec72bfaf8032b359b29c1 (patch)
treeb6d134fb5ccc83c4b7ddad6a0eb6206496cc8b76 /modules/context
parent6b1fa1235904947187266789b204f19bc03872be (diff)
downloadgitea-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.tar.gz
gitea-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.zip
Add require signed commit for protected branch (#9708)
* Add require signed commit for protected branch * Fix fmt * Make editor show if they will be signed * bugfix * Add basic merge check and better information for CRUD * linting comment * Add descriptors to merge signing * Slight refactor * Slight improvement to appearances * Handle Merge API * manage CRUD API * Move error to error.go * Remove fix to delete.go * prep for merge * need to tolerate \r\n in message * check protected branch before trying to load it * Apply suggestions from code review Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * fix commit-reader Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'modules/context')
-rw-r--r--modules/context/repo.go51
1 files changed, 47 insertions, 4 deletions
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 86c7df2b05..66700a6937 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -74,14 +74,57 @@ func RepoMustNotBeArchived() macaron.Handler {
}
}
+// CanCommitToBranchResults represents the results of CanCommitToBranch
+type CanCommitToBranchResults struct {
+ CanCommitToBranch bool
+ EditorEnabled bool
+ UserCanPush bool
+ RequireSigned bool
+ WillSign bool
+ SigningKey string
+ WontSignReason string
+}
+
// CanCommitToBranch returns true if repository is editable and user has proper access level
// and branch is not protected for push
-func (r *Repository) CanCommitToBranch(doer *models.User) (bool, error) {
- protectedBranch, err := r.Repository.IsProtectedBranchForPush(r.BranchName, doer)
+func (r *Repository) CanCommitToBranch(doer *models.User) (CanCommitToBranchResults, error) {
+ protectedBranch, err := models.GetProtectedBranchBy(r.Repository.ID, r.BranchName)
+
if err != nil {
- return false, err
+ return CanCommitToBranchResults{}, err
}
- return r.CanEnableEditor() && !protectedBranch, nil
+ userCanPush := true
+ requireSigned := false
+ if protectedBranch != nil {
+ userCanPush = protectedBranch.CanUserPush(doer.ID)
+ requireSigned = protectedBranch.RequireSignedCommits
+ }
+
+ sign, keyID, err := r.Repository.SignCRUDAction(doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
+
+ canCommit := r.CanEnableEditor() && userCanPush
+ if requireSigned {
+ canCommit = canCommit && sign
+ }
+ wontSignReason := ""
+ if err != nil {
+ if models.IsErrWontSign(err) {
+ wontSignReason = string(err.(*models.ErrWontSign).Reason)
+ err = nil
+ } else {
+ wontSignReason = "error"
+ }
+ }
+
+ return CanCommitToBranchResults{
+ CanCommitToBranch: canCommit,
+ EditorEnabled: r.CanEnableEditor(),
+ UserCanPush: userCanPush,
+ RequireSigned: requireSigned,
+ WillSign: sign,
+ SigningKey: keyID,
+ WontSignReason: wontSignReason,
+ }, err
}
// CanUseTimetracker returns whether or not a user can use the timetracker.