diff options
| author | Lauris BH <lauris@nix.lv> | 2020-03-27 00:26:34 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-27 00:26:34 +0200 |
| commit | bbd910ed1b4f52ee66a5cdd8d11f856598161bef (patch) | |
| tree | 8392e0f8208b5b7d8e6df8335677518aa07f194f /modules | |
| parent | 52cfd2743c0e85b36081cf80a850e6a5901f1865 (diff) | |
| download | gitea-bbd910ed1b4f52ee66a5cdd8d11f856598161bef.tar.gz gitea-bbd910ed1b4f52ee66a5cdd8d11f856598161bef.zip | |
Allow to set protected file patterns that can not be changed under no conditions (#10806)
Co-Authored-By: zeripath <art27@cantab.net>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/repo_form.go | 1 | ||||
| -rw-r--r-- | modules/convert/convert.go | 1 | ||||
| -rw-r--r-- | modules/repofiles/delete.go | 32 | ||||
| -rw-r--r-- | modules/repofiles/update.go | 32 | ||||
| -rw-r--r-- | modules/structs/repo_branch.go | 3 |
5 files changed, 47 insertions, 22 deletions
diff --git a/modules/auth/repo_form.go b/modules/auth/repo_form.go index 84ab35f649..123090dbb7 100644 --- a/modules/auth/repo_form.go +++ b/modules/auth/repo_form.go @@ -175,6 +175,7 @@ type ProtectBranchForm struct { BlockOnRejectedReviews bool DismissStaleApprovals bool RequireSignedCommits bool + ProtectedFilePatterns string } // Validate validates the fields diff --git a/modules/convert/convert.go b/modules/convert/convert.go index d75a130535..e11a599fd6 100644 --- a/modules/convert/convert.go +++ b/modules/convert/convert.go @@ -120,6 +120,7 @@ func ToBranchProtection(bp *models.ProtectedBranch) *api.BranchProtection { BlockOnRejectedReviews: bp.BlockOnRejectedReviews, DismissStaleApprovals: bp.DismissStaleApprovals, RequireSignedCommits: bp.RequireSignedCommits, + ProtectedFilePatterns: bp.ProtectedFilePatterns, Created: bp.CreatedUnix.AsTime(), Updated: bp.UpdatedUnix.AsTime(), } diff --git a/modules/repofiles/delete.go b/modules/repofiles/delete.go index c1689b0be0..2ffc75e7c8 100644 --- a/modules/repofiles/delete.go +++ b/modules/repofiles/delete.go @@ -60,21 +60,31 @@ func DeleteRepoFile(repo *models.Repository, doer *models.User, opts *DeleteRepo if err != nil { return nil, err } - if protectedBranch != nil && !protectedBranch.CanUserPush(doer.ID) { - return nil, models.ErrUserCannotCommit{ - UserName: doer.LowerName, - } - } - if protectedBranch != nil && protectedBranch.RequireSignedCommits { - _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch) - if err != nil { - if !models.IsErrWontSign(err) { - return nil, err - } + if protectedBranch != nil { + if !protectedBranch.CanUserPush(doer.ID) { return nil, models.ErrUserCannotCommit{ UserName: doer.LowerName, } } + if protectedBranch.RequireSignedCommits { + _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch) + if err != nil { + if !models.IsErrWontSign(err) { + return nil, err + } + return nil, models.ErrUserCannotCommit{ + UserName: doer.LowerName, + } + } + } + patterns := protectedBranch.GetProtectedFilePatterns() + for _, pat := range patterns { + if pat.Match(strings.ToLower(opts.TreePath)) { + return nil, models.ErrFilePathProtected{ + Path: opts.TreePath, + } + } + } } } diff --git a/modules/repofiles/update.go b/modules/repofiles/update.go index e2aafb567d..86f53d4a1c 100644 --- a/modules/repofiles/update.go +++ b/modules/repofiles/update.go @@ -156,21 +156,31 @@ func CreateOrUpdateRepoFile(repo *models.Repository, doer *models.User, opts *Up if err != nil { return nil, err } - if protectedBranch != nil && !protectedBranch.CanUserPush(doer.ID) { - return nil, models.ErrUserCannotCommit{ - UserName: doer.LowerName, - } - } - if protectedBranch != nil && protectedBranch.RequireSignedCommits { - _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch) - if err != nil { - if !models.IsErrWontSign(err) { - return nil, err - } + if protectedBranch != nil { + if !protectedBranch.CanUserPush(doer.ID) { return nil, models.ErrUserCannotCommit{ UserName: doer.LowerName, } } + if protectedBranch.RequireSignedCommits { + _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch) + if err != nil { + if !models.IsErrWontSign(err) { + return nil, err + } + return nil, models.ErrUserCannotCommit{ + UserName: doer.LowerName, + } + } + } + patterns := protectedBranch.GetProtectedFilePatterns() + for _, pat := range patterns { + if pat.Match(strings.ToLower(opts.TreePath)) { + return nil, models.ErrFilePathProtected{ + Path: opts.TreePath, + } + } + } } } diff --git a/modules/structs/repo_branch.go b/modules/structs/repo_branch.go index f8c9290548..886018c858 100644 --- a/modules/structs/repo_branch.go +++ b/modules/structs/repo_branch.go @@ -41,6 +41,7 @@ type BranchProtection struct { BlockOnRejectedReviews bool `json:"block_on_rejected_reviews"` DismissStaleApprovals bool `json:"dismiss_stale_approvals"` RequireSignedCommits bool `json:"require_signed_commits"` + ProtectedFilePatterns string `json:"protected_file_patterns"` // swagger:strfmt date-time Created time.Time `json:"created_at"` // swagger:strfmt date-time @@ -67,6 +68,7 @@ type CreateBranchProtectionOption struct { BlockOnRejectedReviews bool `json:"block_on_rejected_reviews"` DismissStaleApprovals bool `json:"dismiss_stale_approvals"` RequireSignedCommits bool `json:"require_signed_commits"` + ProtectedFilePatterns string `json:"protected_file_patterns"` } // EditBranchProtectionOption options for editing a branch protection @@ -88,4 +90,5 @@ type EditBranchProtectionOption struct { BlockOnRejectedReviews *bool `json:"block_on_rejected_reviews"` DismissStaleApprovals *bool `json:"dismiss_stale_approvals"` RequireSignedCommits *bool `json:"require_signed_commits"` + ProtectedFilePatterns *string `json:"protected_file_patterns"` } |