Add API for manipulating Git hooks (#6436)

* Add API for manipulating Git hooks

Signed-off-by: Segev Finer <segev@codeocean.com>

* Replace code.gitea.io/sdk with PR branch temporarily for CI

* Switch back to code.gitea.io/sdk@master

* Return 403 instead of 404 on no permission to edit hooks in API

* Add tests for Git hooks API

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <segev208@gmail.com>

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <segev208@gmail.com>

* empty line

5 files changed, 233 insertions, 3 deletions

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 4194d98db8..f5a1fd6d86 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -312,6 +312,15 @@ func reqOrgMembership() macaron.Handler {
 	}
 }
 
+func reqGitHook() macaron.Handler {
+	return func(ctx *context.APIContext) {
+		if !ctx.User.CanEditGitHook() {
+			ctx.Error(403, "", "must be allowed to edit Git hooks")
+			return
+		}
+	}
+}
+
 func orgAssignment(args ...bool) macaron.Handler {
 	var (
 		assignOrg  bool
@@ -509,6 +518,14 @@ func RegisterRoutes(m *macaron.Macaron) {
 							Delete(repo.DeleteHook)
 						m.Post("/tests", context.RepoRef(), repo.TestHook)
 					})
+					m.Group("/git", func() {
+						m.Combo("").Get(repo.ListGitHooks)
+						m.Group("/:id", func() {
+							m.Combo("").Get(repo.GetGitHook).
+								Patch(bind(api.EditGitHookOption{}), repo.EditGitHook).
+								Delete(repo.DeleteGitHook)
+						})
+					}, reqGitHook(), context.ReferencesGitRepo(true))
 				}, reqToken(), reqAdmin())
 				m.Group("/collaborators", func() {
 					m.Get("", repo.ListCollaborators)
@@ -602,10 +619,10 @@ func RegisterRoutes(m *macaron.Macaron) {
 				})
 				m.Group("/releases", func() {
 					m.Combo("").Get(repo.ListReleases).
-						Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)
+						Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(false), bind(api.CreateReleaseOption{}), repo.CreateRelease)
 					m.Group("/:id", func() {
 						m.Combo("").Get(repo.GetRelease).
-							Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease).
+							Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(false), bind(api.EditReleaseOption{}), repo.EditRelease).
 							Delete(reqToken(), reqRepoWriter(models.UnitTypeReleases), repo.DeleteRelease)
 						m.Group("/assets", func() {
 							m.Combo("").Get(repo.ListReleaseAttachments).
@@ -627,7 +644,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 						m.Combo("/merge").Get(repo.IsPullRequestMerged).
 							Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
 					})
-				}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo())
+				}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo(false))
 				m.Group("/statuses", func() {
 					m.Combo("/:sha").Get(repo.GetCommitStatuses).
 						Post(reqToken(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
diff --git a/routers/api/v1/convert/convert.go b/routers/api/v1/convert/convert.go
index d9cc2da7a5..aca21db4ed 100644
--- a/routers/api/v1/convert/convert.go
+++ b/routers/api/v1/convert/convert.go
@@ -180,6 +180,15 @@ func ToHook(repoLink string, w *models.Webhook) *api.Hook {
 	}
 }
 
+// ToGitHook convert git.Hook to api.GitHook
+func ToGitHook(h *git.Hook) *api.GitHook {
+	return &api.GitHook{
+		Name:     h.Name(),
+		IsActive: h.IsActive,
+		Content:  h.Content,
+	}
+}
+
 // ToDeployKey convert models.DeployKey to api.DeployKey
 func ToDeployKey(apiLink string, key *models.DeployKey) *api.DeployKey {
 	return &api.DeployKey{
diff --git a/routers/api/v1/repo/git_hook.go b/routers/api/v1/repo/git_hook.go
new file mode 100644
index 0000000000..b7a8691cd3
--- /dev/null
+++ b/routers/api/v1/repo/git_hook.go
@@ -0,0 +1,187 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/routers/api/v1/convert"
+	api "code.gitea.io/sdk/gitea"
+)
+
+// ListGitHooks list all Git hooks of a repository
+func ListGitHooks(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/hooks/git repository repoListGitHooks
+	// ---
+	// summary: List the Git hooks in a repository
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/GitHookList"
+	hooks, err := ctx.Repo.GitRepo.Hooks()
+	if err != nil {
+		ctx.Error(500, "Hooks", err)
+		return
+	}
+
+	apiHooks := make([]*api.GitHook, len(hooks))
+	for i := range hooks {
+		apiHooks[i] = convert.ToGitHook(hooks[i])
+	}
+	ctx.JSON(200, &apiHooks)
+}
+
+// GetGitHook get a repo's Git hook by id
+func GetGitHook(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/hooks/git/{id} repository repoGetGitHook
+	// ---
+	// summary: Get a Git hook
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: id
+	//   in: path
+	//   description: id of the hook to get
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/GitHook"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	hookID := ctx.Params(":id")
+	hook, err := ctx.Repo.GitRepo.GetHook(hookID)
+	if err != nil {
+		if err == git.ErrNotValidHook {
+			ctx.NotFound()
+		} else {
+			ctx.Error(500, "GetHook", err)
+		}
+		return
+	}
+	ctx.JSON(200, convert.ToGitHook(hook))
+}
+
+// EditGitHook modify a Git hook of a repository
+func EditGitHook(ctx *context.APIContext, form api.EditGitHookOption) {
+	// swagger:operation PATCH /repos/{owner}/{repo}/hooks/git/{id} repository repoEditGitHook
+	// ---
+	// summary: Edit a Git hook in a repository
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: id
+	//   in: path
+	//   description: id of the hook to get
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/EditGitHookOption"
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/GitHook"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	hookID := ctx.Params(":id")
+	hook, err := ctx.Repo.GitRepo.GetHook(hookID)
+	if err != nil {
+		if err == git.ErrNotValidHook {
+			ctx.NotFound()
+		} else {
+			ctx.Error(500, "GetHook", err)
+		}
+		return
+	}
+
+	hook.Content = form.Content
+	if err = hook.Update(); err != nil {
+		ctx.Error(500, "hook.Update", err)
+		return
+	}
+
+	ctx.JSON(200, convert.ToGitHook(hook))
+}
+
+// DeleteGitHook delete a Git hook of a repository
+func DeleteGitHook(ctx *context.APIContext) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/hooks/git/{id} repository repoDeleteGitHook
+	// ---
+	// summary: Delete a Git hook in a repository
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: id
+	//   in: path
+	//   description: id of the hook to get
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	hookID := ctx.Params(":id")
+	hook, err := ctx.Repo.GitRepo.GetHook(hookID)
+	if err != nil {
+		if err == git.ErrNotValidHook {
+			ctx.NotFound()
+		} else {
+			ctx.Error(500, "GetHook", err)
+		}
+		return
+	}
+
+	hook.Content = ""
+	if err = hook.Update(); err != nil {
+		ctx.Error(500, "hook.Update", err)
+		return
+	}
+
+	ctx.Status(204)
+}
diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go
index 5aaee8d6ea..038f79005f 100644
--- a/routers/api/v1/swagger/options.go
+++ b/routers/api/v1/swagger/options.go
@@ -29,6 +29,9 @@ type swaggerParameterBodies struct {
 	EditHookOption api.EditHookOption
 
 	// in:body
+	EditGitHookOption api.EditGitHookOption
+
+	// in:body
 	CreateIssueOption api.CreateIssueOption
 	// in:body
 	EditIssueOption api.EditIssueOption
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 0422d3fa10..f671037795 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -71,6 +71,20 @@ type swaggerResponseHookList struct {
 	Body []api.Hook `json:"body"`
 }
 
+// GitHook
+// swagger:response GitHook
+type swaggerResponseGitHook struct {
+	// in:body
+	Body api.GitHook `json:"body"`
+}
+
+// GitHookList
+// swagger:response GitHookList
+type swaggerResponseGitHookList struct {
+	// in:body
+	Body []api.GitHook `json:"body"`
+}
+
 // Release
 // swagger:response Release
 type swaggerResponseRelease struct {