summaryrefslogtreecommitdiffstats
path: root/routers/private
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-01-16 16:00:22 +0800
committerGitHub <noreply@github.com>2023-01-16 16:00:22 +0800
commit2782c1439679402a1f8731a94dc66214781282ba (patch)
tree66739f30beb529119694290bdcdba9e02bdcfabd /routers/private
parentcc1f8cbe96c195aab79761c48bc4ec0bff2b3431 (diff)
downloadgitea-2782c1439679402a1f8731a94dc66214781282ba.tar.gz
gitea-2782c1439679402a1f8731a94dc66214781282ba.zip
Supports wildcard protected branch (#20825)
This PR introduce glob match for protected branch name. The separator is `/` and you can use `*` matching non-separator chars and use `**` across separator. It also supports input an exist or non-exist branch name as matching condition and branch name condition has high priority than glob rule. Should fix #2529 and #15705 screenshots <img width="1160" alt="image" src="https://user-images.githubusercontent.com/81045/205651179-ebb5492a-4ade-4bb4-a13c-965e8c927063.png"> Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'routers/private')
-rw-r--r--routers/private/hook_pre_receive.go16
1 files changed, 12 insertions, 4 deletions
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index f58ed4ee4b..8468227077 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -156,7 +156,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
return
}
- protectBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, branchName)
+ protectBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, branchName)
if err != nil {
log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
ctx.JSON(http.StatusInternalServerError, private.Response{
@@ -166,9 +166,10 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
}
// Allow pushes to non-protected branches
- if protectBranch == nil || !protectBranch.IsProtected() {
+ if protectBranch == nil {
return
}
+ protectBranch.Repo = repo
// This ref is a protected branch.
//
@@ -238,7 +239,6 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
})
return
-
}
changedProtectedfiles = true
@@ -251,7 +251,15 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
if ctx.opts.DeployKeyID != 0 {
canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableWhitelist || protectBranch.WhitelistDeployKeys)
} else {
- canPush = !changedProtectedfiles && protectBranch.CanUserPush(ctx, ctx.opts.UserID)
+ user, err := user_model.GetUserByID(ctx, ctx.opts.UserID)
+ if err != nil {
+ log.Error("Unable to GetUserByID for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+ ctx.JSON(http.StatusInternalServerError, private.Response{
+ Err: fmt.Sprintf("Unable to GetUserByID for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+ })
+ return
+ }
+ canPush = !changedProtectedfiles && protectBranch.CanUserPush(ctx, user)
}
// 6. If we're not allowed to push directly