diff options
Diffstat (limited to 'routers/private')
| -rw-r--r-- | routers/private/hook.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/routers/private/hook.go b/routers/private/hook.go index 40edcd9c5a..d928dc421c 100644 --- a/routers/private/hook.go +++ b/routers/private/hook.go @@ -343,6 +343,23 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) { return } + // Allow commits that only touch unprotected files + globs := protectBranch.GetUnprotectedFilePatterns() + if len(globs) > 0 { + unprotectedFilesOnly, err := pull_service.CheckUnprotectedFiles(oldCommitID, newCommitID, globs, env, gitRepo) + if err != nil { + log.Error("Unable to check file protection for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err) + ctx.JSON(http.StatusInternalServerError, private.Response{ + Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err), + }) + return + } + if unprotectedFilesOnly { + // Commit only touches unprotected files, this is allowed + continue + } + } + // Or we're simply not able to push to this protected branch log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", opts.UserID, branchName, repo) ctx.JSON(http.StatusForbidden, private.Response{ |