summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2019-10-21 09:21:45 +0100
committerGitHub <noreply@github.com>2019-10-21 09:21:45 +0100
commit0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021 (patch)
tree8844040cf40b0f37c9457eade166a8bff1a91152 /modules
parentb1c1e1549b50bbd5929e2c4dd72a1dbf4b511b50 (diff)
downloadgitea-0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021.tar.gz
gitea-0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021.zip
Allow Protected Branches to Whitelist Deploy Keys (#8483)
Add an option to protected branches to add writing deploy keys to the whitelist for pushing. Please note this is technically a breaking change: previously if the owner of a repository was on the whitelist then any writing deploy key was effectively on the whitelist. This option will now need to be set if that is desired. Closes #8472 Details: * Allow Protected Branches to Whitelist Deploy Keys * Add migration * Ensure that IsDeployKey is set to false on the http pushes * add not null default false
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/repo_form.go1
-rw-r--r--modules/private/hook.go4
2 files changed, 4 insertions, 1 deletions
diff --git a/modules/auth/repo_form.go b/modules/auth/repo_form.go
index 5a8ac5934f..2280666114 100644
--- a/modules/auth/repo_form.go
+++ b/modules/auth/repo_form.go
@@ -152,6 +152,7 @@ type ProtectBranchForm struct {
EnableWhitelist bool
WhitelistUsers string
WhitelistTeams string
+ WhitelistDeployKeys bool
EnableMergeWhitelist bool
MergeWhitelistUsers string
MergeWhitelistTeams string
diff --git a/modules/private/hook.go b/modules/private/hook.go
index 67496b5132..cc9703cc77 100644
--- a/modules/private/hook.go
+++ b/modules/private/hook.go
@@ -31,11 +31,12 @@ type HookOptions struct {
GitAlternativeObjectDirectories string
GitQuarantinePath string
ProtectedBranchID int64
+ IsDeployKey bool
}
// HookPreReceive check whether the provided commits are allowed
func HookPreReceive(ownerName, repoName string, opts HookOptions) (int, string) {
- reqURL := setting.LocalURL + fmt.Sprintf("api/internal/hook/pre-receive/%s/%s?old=%s&new=%s&ref=%s&userID=%d&gitObjectDirectory=%s&gitAlternativeObjectDirectories=%s&gitQuarantinePath=%s&prID=%d",
+ reqURL := setting.LocalURL + fmt.Sprintf("api/internal/hook/pre-receive/%s/%s?old=%s&new=%s&ref=%s&userID=%d&gitObjectDirectory=%s&gitAlternativeObjectDirectories=%s&gitQuarantinePath=%s&prID=%d&isDeployKey=%t",
url.PathEscape(ownerName),
url.PathEscape(repoName),
url.QueryEscape(opts.OldCommitID),
@@ -46,6 +47,7 @@ func HookPreReceive(ownerName, repoName string, opts HookOptions) (int, string)
url.QueryEscape(opts.GitAlternativeObjectDirectories),
url.QueryEscape(opts.GitQuarantinePath),
opts.ProtectedBranchID,
+ opts.IsDeployKey,
)
resp, err := newInternalRequest(reqURL, "GET").Response()