diff options
Diffstat (limited to 'routers/private')
-rw-r--r-- | routers/private/hook.go | 142 | ||||
-rw-r--r-- | routers/private/internal.go | 1 | ||||
-rw-r--r-- | routers/private/serv.go | 6 |
3 files changed, 148 insertions, 1 deletions
diff --git a/routers/private/hook.go b/routers/private/hook.go index 9f5579b6ae..4bed86f38a 100644 --- a/routers/private/hook.go +++ b/routers/private/hook.go @@ -23,6 +23,7 @@ import ( "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" + "code.gitea.io/gitea/services/agit" pull_service "code.gitea.io/gitea/services/pull" repo_service "code.gitea.io/gitea/services/repository" ) @@ -155,6 +156,56 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) { private.GitQuarantinePath+"="+opts.GitQuarantinePath) } + if git.SupportProcReceive { + pusher, err := models.GetUserByID(opts.UserID) + if err != nil { + log.Error("models.GetUserByID:%v", err) + ctx.Error(http.StatusInternalServerError, "") + return + } + + perm, err := models.GetUserRepoPermission(repo, pusher) + if err != nil { + log.Error("models.GetUserRepoPermission:%v", err) + ctx.Error(http.StatusInternalServerError, "") + return + } + + canCreatePullRequest := perm.CanRead(models.UnitTypePullRequests) + + for _, refFullName := range opts.RefFullNames { + // if user want update other refs (branch or tag), + // should check code write permission because + // this check was delayed. + if !strings.HasPrefix(refFullName, git.PullRequestPrefix) { + if !perm.CanWrite(models.UnitTypeCode) { + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "err": "User permission denied.", + }) + return + } + + break + } else if repo.IsEmpty { + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "err": "Can't create pull request for an empty repository.", + }) + return + } else if !canCreatePullRequest { + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "err": "User permission denied.", + }) + return + } else if opts.IsWiki { + // TODO: maybe can do it ... + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "err": "not support send pull request to wiki.", + }) + return + } + } + } + protectedTags, err := repo.GetProtectedTags() if err != nil { log.Error("Unable to get protected tags for %-v Error: %v", repo, err) @@ -392,11 +443,35 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) { }) return } + } else if git.SupportProcReceive && strings.HasPrefix(refFullName, git.PullRequestPrefix) { + baseBranchName := opts.RefFullNames[i][len(git.PullRequestPrefix):] + + baseBranchExist := false + if gitRepo.IsBranchExist(baseBranchName) { + baseBranchExist = true + } + + if !baseBranchExist { + for p, v := range baseBranchName { + if v == '/' && gitRepo.IsBranchExist(baseBranchName[:p]) && p != len(baseBranchName)-1 { + baseBranchExist = true + break + } + } + } + + if !baseBranchExist { + ctx.JSON(http.StatusForbidden, private.Response{ + Err: fmt.Sprintf("Unexpected ref: %s", refFullName), + }) + return + } } else { log.Error("Unexpected ref: %s", refFullName) ctx.JSON(http.StatusInternalServerError, private.Response{ Err: fmt.Sprintf("Unexpected ref: %s", refFullName), }) + return } } @@ -537,7 +612,7 @@ func HookPostReceive(ctx *gitea_context.PrivateContext) { continue } - pr, err := models.GetUnmergedPullRequest(repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch) + pr, err := models.GetUnmergedPullRequest(repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch, models.PullRequestFlowGithub) if err != nil && !models.IsErrPullRequestNotExist(err) { log.Error("Failed to get active PR in: %-v Branch: %s to: %-v Branch: %s Error: %v", repo, branch, baseRepo, baseRepo.DefaultBranch, err) ctx.JSON(http.StatusInternalServerError, private.HookPostReceiveResult{ @@ -574,6 +649,30 @@ func HookPostReceive(ctx *gitea_context.PrivateContext) { }) } +// HookProcReceive proc-receive hook +func HookProcReceive(ctx *gitea_context.PrivateContext) { + opts := web.GetForm(ctx).(*private.HookOptions) + if !git.SupportProcReceive { + ctx.Status(http.StatusNotFound) + return + } + + cancel := loadRepositoryAndGitRepoByParams(ctx) + if ctx.Written() { + return + } + defer cancel() + + results := agit.ProcRecive(ctx, opts) + if ctx.Written() { + return + } + + ctx.JSON(http.StatusOK, private.HockProcReceiveResult{ + Results: results, + }) +} + // SetDefaultBranch updates the default branch func SetDefaultBranch(ctx *gitea_context.PrivateContext) { ownerName := ctx.Params(":owner") @@ -618,3 +717,44 @@ func SetDefaultBranch(ctx *gitea_context.PrivateContext) { } ctx.PlainText(http.StatusOK, []byte("success")) } + +func loadRepositoryAndGitRepoByParams(ctx *gitea_context.PrivateContext) context.CancelFunc { + ownerName := ctx.Params(":owner") + repoName := ctx.Params(":repo") + + repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName) + if err != nil { + log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err) + ctx.JSON(http.StatusInternalServerError, map[string]interface{}{ + "Err": fmt.Sprintf("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err), + }) + return nil + } + if repo.OwnerName == "" { + repo.OwnerName = ownerName + } + + gitRepo, err := git.OpenRepository(repo.RepoPath()) + if err != nil { + log.Error("Failed to open repository: %s/%s Error: %v", ownerName, repoName, err) + ctx.JSON(http.StatusInternalServerError, map[string]interface{}{ + "Err": fmt.Sprintf("Failed to open repository: %s/%s Error: %v", ownerName, repoName, err), + }) + return nil + } + + ctx.Repo = &gitea_context.Repository{ + Repository: repo, + GitRepo: gitRepo, + } + + // We opened it, we should close it + cancel := func() { + // If it's been set to nil then assume someone else has closed it. + if ctx.Repo.GitRepo != nil { + ctx.Repo.GitRepo.Close() + } + } + + return cancel +} diff --git a/routers/private/internal.go b/routers/private/internal.go index 9202e67218..155e8c036b 100644 --- a/routers/private/internal.go +++ b/routers/private/internal.go @@ -58,6 +58,7 @@ func Routes() *web.Route { r.Post("/ssh/log", bind(private.SSHLogOption{}), SSHLog) r.Post("/hook/pre-receive/{owner}/{repo}", bind(private.HookOptions{}), HookPreReceive) r.Post("/hook/post-receive/{owner}/{repo}", bind(private.HookOptions{}), HookPostReceive) + r.Post("/hook/proc-receive/{owner}/{repo}", bind(private.HookOptions{}), HookProcReceive) r.Post("/hook/set-default-branch/{owner}/{repo}/{branch}", SetDefaultBranch) r.Get("/serv/none/{keyid}", ServNoCommand) r.Get("/serv/command/{keyid}/{owner}/{repo}", ServCommand) diff --git a/routers/private/serv.go b/routers/private/serv.go index 6e39790eb5..f80d16a7f8 100644 --- a/routers/private/serv.go +++ b/routers/private/serv.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/private" "code.gitea.io/gitea/modules/setting" @@ -288,6 +289,11 @@ func ServCommand(ctx *context.PrivateContext) { return } } else { + // Because of special ref "refs/for" .. , need delay write permission check + if git.SupportProcReceive && unitType == models.UnitTypeCode { + mode = models.AccessModeRead + } + perm, err := models.GetUserRepoPermission(repo, user) if err != nil { log.Error("Unable to get permissions for %-v with key %d in %-v Error: %v", user, key.ID, repo, err) |