aboutsummaryrefslogtreecommitdiffstats
path: root/routers/private/hook.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/private/hook.go')
-rw-r--r--routers/private/hook.go17
1 files changed, 17 insertions, 0 deletions
diff --git a/routers/private/hook.go b/routers/private/hook.go
index 40edcd9c5a..d928dc421c 100644
--- a/routers/private/hook.go
+++ b/routers/private/hook.go
@@ -343,6 +343,23 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
return
}
+ // Allow commits that only touch unprotected files
+ globs := protectBranch.GetUnprotectedFilePatterns()
+ if len(globs) > 0 {
+ unprotectedFilesOnly, err := pull_service.CheckUnprotectedFiles(oldCommitID, newCommitID, globs, env, gitRepo)
+ if err != nil {
+ log.Error("Unable to check file protection for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+ ctx.JSON(http.StatusInternalServerError, private.Response{
+ Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+ })
+ return
+ }
+ if unprotectedFilesOnly {
+ // Commit only touches unprotected files, this is allowed
+ continue
+ }
+ }
+
// Or we're simply not able to push to this protected branch
log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", opts.UserID, branchName, repo)
ctx.JSON(http.StatusForbidden, private.Response{