aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorJimmy Praet <jimmy.praet@telenet.be>2021-09-11 16:21:17 +0200
committerGitHub <noreply@github.com>2021-09-11 16:21:17 +0200
commit3d6cb25e315c0d4249c5c749a2eb8c64ec463aad (patch)
treebf9ba30a34e0e97b6a52584caffa1d3d9fe2506d /routers
parenteb03e819d323f6374d0a99a5b80d4674a18fa957 (diff)
downloadgitea-3d6cb25e315c0d4249c5c749a2eb8c64ec463aad.tar.gz
gitea-3d6cb25e315c0d4249c5c749a2eb8c64ec463aad.zip
Support unprotected file patterns (#16395)
Fixes #16381 Note that changes to unprotected files via the web editor still cannot be pushed directly to the protected branch. I could easily add such support for edits and deletes if needed. But for adding, uploading or renaming unprotected files, it is not trivial. * Extract & Move GetAffectedFiles to modules/git
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/repo/branch.go5
-rw-r--r--routers/private/hook.go17
-rw-r--r--routers/web/repo/setting_protected_branch.go1
3 files changed, 23 insertions, 0 deletions
diff --git a/routers/api/v1/repo/branch.go b/routers/api/v1/repo/branch.go
index 8653b0bc80..c57075e3b8 100644
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@@ -498,6 +498,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
DismissStaleApprovals: form.DismissStaleApprovals,
RequireSignedCommits: form.RequireSignedCommits,
ProtectedFilePatterns: form.ProtectedFilePatterns,
+ UnprotectedFilePatterns: form.UnprotectedFilePatterns,
BlockOnOutdatedBranch: form.BlockOnOutdatedBranch,
}
@@ -643,6 +644,10 @@ func EditBranchProtection(ctx *context.APIContext) {
protectBranch.ProtectedFilePatterns = *form.ProtectedFilePatterns
}
+ if form.UnprotectedFilePatterns != nil {
+ protectBranch.UnprotectedFilePatterns = *form.UnprotectedFilePatterns
+ }
+
if form.BlockOnOutdatedBranch != nil {
protectBranch.BlockOnOutdatedBranch = *form.BlockOnOutdatedBranch
}
diff --git a/routers/private/hook.go b/routers/private/hook.go
index 40edcd9c5a..d928dc421c 100644
--- a/routers/private/hook.go
+++ b/routers/private/hook.go
@@ -343,6 +343,23 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
return
}
+ // Allow commits that only touch unprotected files
+ globs := protectBranch.GetUnprotectedFilePatterns()
+ if len(globs) > 0 {
+ unprotectedFilesOnly, err := pull_service.CheckUnprotectedFiles(oldCommitID, newCommitID, globs, env, gitRepo)
+ if err != nil {
+ log.Error("Unable to check file protection for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+ ctx.JSON(http.StatusInternalServerError, private.Response{
+ Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+ })
+ return
+ }
+ if unprotectedFilesOnly {
+ // Commit only touches unprotected files, this is allowed
+ continue
+ }
+ }
+
// Or we're simply not able to push to this protected branch
log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", opts.UserID, branchName, repo)
ctx.JSON(http.StatusForbidden, private.Response{
diff --git a/routers/web/repo/setting_protected_branch.go b/routers/web/repo/setting_protected_branch.go
index 30c7d81b8e..c48ab9471a 100644
--- a/routers/web/repo/setting_protected_branch.go
+++ b/routers/web/repo/setting_protected_branch.go
@@ -253,6 +253,7 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
protectBranch.RequireSignedCommits = f.RequireSignedCommits
protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
+ protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{