Writable deploy keys (closes #671) (#3225)

* Add is_writable checkbox to deploy keys interface

* Add writable key option to deploy key form

* Add support for writable ssh keys in the interface

* Rename IsWritable to ReadOnly

* Test: create read-only and read-write deploy keys via api

* Add DeployKey access mode migration

* Update gitea sdk via govendor

* Fix deploykey migration

* Add unittests for writable deploy keys

* Move template text to locale

* Remove implicit column update

* Remove duplicate locales

* Replace ReadOnly field with IsReadOnly method

* Fix deploy_keys related integration test

* Rename v54 migration with v55

* Fix migration hell

3 files changed, 63 insertions, 2 deletions

diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 42082c3561..a3586d2552 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -160,7 +160,7 @@ func CreateDeployKey(ctx *context.APIContext, form api.CreateKeyOption) {
 		return
 	}
 
-	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content)
+	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
 	if err != nil {
 		HandleAddKeyError(ctx, err)
 		return
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 342451b8ad..d7a61ba268 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -544,7 +544,7 @@ func DeployKeysPost(ctx *context.Context, form auth.AddKeyForm) {
 		return
 	}
 
-	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content)
+	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
 	if err != nil {
 		ctx.Data["HasError"] = true
 		switch {
diff --git a/routers/repo/settings_test.go b/routers/repo/settings_test.go
new file mode 100644
index 0000000000..392c05f773
--- /dev/null
+++ b/routers/repo/settings_test.go
@@ -0,0 +1,61 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth"
+	"code.gitea.io/gitea/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAddReadOnlyDeployKey(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/settings/keys")
+
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 2)
+
+	addKeyForm := auth.AddKeyForm{
+		Title:   "read-only",
+		Content: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
+	}
+	DeployKeysPost(ctx, addKeyForm)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	models.AssertExistsAndLoadBean(t, &models.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    models.AccessModeRead,
+	})
+}
+
+func TestAddReadWriteOnlyDeployKey(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/settings/keys")
+
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 2)
+
+	addKeyForm := auth.AddKeyForm{
+		Title:      "read-write",
+		Content:    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
+		IsWritable: true,
+	}
+	DeployKeysPost(ctx, addKeyForm)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	models.AssertExistsAndLoadBean(t, &models.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    models.AccessModeWrite,
+	})
+}