mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8388 Commits
17 Branches
Tree: 86cff86b46
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '86cff86b46'
${ noResults }
gitea/models/branches.go

branches.go 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498 
  1. // Copyright 2016 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"fmt"

  9. 	"time"

  10. 

  11. 	"code.gitea.io/gitea/modules/base"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 	"code.gitea.io/gitea/modules/timeutil"

  15. 	"code.gitea.io/gitea/modules/util"

  16. 

  17. 	"github.com/unknwon/com"

  18. )

  19. 

  20. const (

  21. 	// ProtectedBranchRepoID protected Repo ID

  22. 	ProtectedBranchRepoID = "GITEA_REPO_ID"

  23. 	// ProtectedBranchPRID protected Repo PR ID

  24. 	ProtectedBranchPRID = "GITEA_PR_ID"

  25. )

  26. 

  27. // ProtectedBranch struct

  28. type ProtectedBranch struct {

  29. 	ID                        int64  `xorm:"pk autoincr"`

  30. 	RepoID                    int64  `xorm:"UNIQUE(s)"`

  31. 	BranchName                string `xorm:"UNIQUE(s)"`

  32. 	CanPush                   bool   `xorm:"NOT NULL DEFAULT false"`

  33. 	EnableWhitelist           bool

  34. 	WhitelistUserIDs          []int64            `xorm:"JSON TEXT"`

  35. 	WhitelistTeamIDs          []int64            `xorm:"JSON TEXT"`

  36. 	EnableMergeWhitelist      bool               `xorm:"NOT NULL DEFAULT false"`

  37. 	WhitelistDeployKeys       bool               `xorm:"NOT NULL DEFAULT false"`

  38. 	MergeWhitelistUserIDs     []int64            `xorm:"JSON TEXT"`

  39. 	MergeWhitelistTeamIDs     []int64            `xorm:"JSON TEXT"`

  40. 	EnableStatusCheck         bool               `xorm:"NOT NULL DEFAULT false"`

  41. 	StatusCheckContexts       []string           `xorm:"JSON TEXT"`

  42. 	ApprovalsWhitelistUserIDs []int64            `xorm:"JSON TEXT"`

  43. 	ApprovalsWhitelistTeamIDs []int64            `xorm:"JSON TEXT"`

  44. 	RequiredApprovals         int64              `xorm:"NOT NULL DEFAULT 0"`

  45. 	CreatedUnix               timeutil.TimeStamp `xorm:"created"`

  46. 	UpdatedUnix               timeutil.TimeStamp `xorm:"updated"`

  47. }

  48. 

  49. // IsProtected returns if the branch is protected

  50. func (protectBranch *ProtectedBranch) IsProtected() bool {

  51. 	return protectBranch.ID > 0

  52. }

  53. 

  54. // CanUserPush returns if some user could push to this protected branch

  55. func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {

  56. 	if !protectBranch.EnableWhitelist {

  57. 		return false

  58. 	}

  59. 

  60. 	if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {

  61. 		return true

  62. 	}

  63. 

  64. 	if len(protectBranch.WhitelistTeamIDs) == 0 {

  65. 		return false

  66. 	}

  67. 

  68. 	in, err := IsUserInTeams(userID, protectBranch.WhitelistTeamIDs)

  69. 	if err != nil {

  70. 		log.Error("IsUserInTeams: %v", err)

  71. 		return false

  72. 	}

  73. 	return in

  74. }

  75. 

  76. // CanUserMerge returns if some user could merge a pull request to this protected branch

  77. func (protectBranch *ProtectedBranch) CanUserMerge(userID int64) bool {

  78. 	if !protectBranch.EnableMergeWhitelist {

  79. 		return true

  80. 	}

  81. 

  82. 	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {

  83. 		return true

  84. 	}

  85. 

  86. 	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {

  87. 		return false

  88. 	}

  89. 

  90. 	in, err := IsUserInTeams(userID, protectBranch.MergeWhitelistTeamIDs)

  91. 	if err != nil {

  92. 		log.Error("IsUserInTeams: %v", err)

  93. 		return false

  94. 	}

  95. 	return in

  96. }

  97. 

  98. // HasEnoughApprovals returns true if pr has enough granted approvals.

  99. func (protectBranch *ProtectedBranch) HasEnoughApprovals(pr *PullRequest) bool {

  100. 	if protectBranch.RequiredApprovals == 0 {

  101. 		return true

  102. 	}

  103. 	return protectBranch.GetGrantedApprovalsCount(pr) >= protectBranch.RequiredApprovals

  104. }

  105. 

  106. // GetGrantedApprovalsCount returns the number of granted approvals for pr. A granted approval must be authored by a user in an approval whitelist.

  107. func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest) int64 {

  108. 	reviews, err := GetReviewersByPullID(pr.IssueID)

  109. 	if err != nil {

  110. 		log.Error("GetReviewersByPullID: %v", err)

  111. 		return 0

  112. 	}

  113. 

  114. 	approvals := int64(0)

  115. 	userIDs := make([]int64, 0)

  116. 	for _, review := range reviews {

  117. 		if review.Type != ReviewTypeApprove {

  118. 			continue

  119. 		}

  120. 		if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, review.ID) {

  121. 			approvals++

  122. 			continue

  123. 		}

  124. 		userIDs = append(userIDs, review.ID)

  125. 	}

  126. 	approvalTeamCount, err := UsersInTeamsCount(userIDs, protectBranch.ApprovalsWhitelistTeamIDs)

  127. 	if err != nil {

  128. 		log.Error("UsersInTeamsCount: %v", err)

  129. 		return 0

  130. 	}

  131. 	return approvalTeamCount + approvals

  132. }

  133. 

  134. // GetProtectedBranchByRepoID getting protected branch by repo ID

  135. func GetProtectedBranchByRepoID(repoID int64) ([]*ProtectedBranch, error) {

  136. 	protectedBranches := make([]*ProtectedBranch, 0)

  137. 	return protectedBranches, x.Where("repo_id = ?", repoID).Desc("updated_unix").Find(&protectedBranches)

  138. }

  139. 

  140. // GetProtectedBranchBy getting protected branch by ID/Name

  141. func GetProtectedBranchBy(repoID int64, branchName string) (*ProtectedBranch, error) {

  142. 	rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}

  143. 	has, err := x.Get(rel)

  144. 	if err != nil {

  145. 		return nil, err

  146. 	}

  147. 	if !has {

  148. 		return nil, nil

  149. 	}

  150. 	return rel, nil

  151. }

  152. 

  153. // GetProtectedBranchByID getting protected branch by ID

  154. func GetProtectedBranchByID(id int64) (*ProtectedBranch, error) {

  155. 	rel := &ProtectedBranch{ID: id}

  156. 	has, err := x.Get(rel)

  157. 	if err != nil {

  158. 		return nil, err

  159. 	}

  160. 	if !has {

  161. 		return nil, nil

  162. 	}

  163. 	return rel, nil

  164. }

  165. 

  166. // WhitelistOptions represent all sorts of whitelists used for protected branches

  167. type WhitelistOptions struct {

  168. 	UserIDs []int64

  169. 	TeamIDs []int64

  170. 

  171. 	MergeUserIDs []int64

  172. 	MergeTeamIDs []int64

  173. 

  174. 	ApprovalsUserIDs []int64

  175. 	ApprovalsTeamIDs []int64

  176. }

  177. 

  178. // UpdateProtectBranch saves branch protection options of repository.

  179. // If ID is 0, it creates a new record. Otherwise, updates existing record.

  180. // This function also performs check if whitelist user and team's IDs have been changed

  181. // to avoid unnecessary whitelist delete and regenerate.

  182. func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {

  183. 	if err = repo.GetOwner(); err != nil {

  184. 		return fmt.Errorf("GetOwner: %v", err)

  185. 	}

  186. 

  187. 	whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)

  188. 	if err != nil {

  189. 		return err

  190. 	}

  191. 	protectBranch.WhitelistUserIDs = whitelist

  192. 

  193. 	whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)

  194. 	if err != nil {

  195. 		return err

  196. 	}

  197. 	protectBranch.MergeWhitelistUserIDs = whitelist

  198. 

  199. 	whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)

  200. 	if err != nil {

  201. 		return err

  202. 	}

  203. 	protectBranch.ApprovalsWhitelistUserIDs = whitelist

  204. 

  205. 	// if the repo is in an organization

  206. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)

  207. 	if err != nil {

  208. 		return err

  209. 	}

  210. 	protectBranch.WhitelistTeamIDs = whitelist

  211. 

  212. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)

  213. 	if err != nil {

  214. 		return err

  215. 	}

  216. 	protectBranch.MergeWhitelistTeamIDs = whitelist

  217. 

  218. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)

  219. 	if err != nil {

  220. 		return err

  221. 	}

  222. 	protectBranch.ApprovalsWhitelistTeamIDs = whitelist

  223. 

  224. 	// Make sure protectBranch.ID is not 0 for whitelists

  225. 	if protectBranch.ID == 0 {

  226. 		if _, err = x.Insert(protectBranch); err != nil {

  227. 			return fmt.Errorf("Insert: %v", err)

  228. 		}

  229. 		return nil

  230. 	}

  231. 

  232. 	if _, err = x.ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {

  233. 		return fmt.Errorf("Update: %v", err)

  234. 	}

  235. 

  236. 	return nil

  237. }

  238. 

  239. // GetProtectedBranches get all protected branches

  240. func (repo *Repository) GetProtectedBranches() ([]*ProtectedBranch, error) {

  241. 	protectedBranches := make([]*ProtectedBranch, 0)

  242. 	return protectedBranches, x.Find(&protectedBranches, &ProtectedBranch{RepoID: repo.ID})

  243. }

  244. 

  245. // GetBranchProtection get the branch protection of a branch

  246. func (repo *Repository) GetBranchProtection(branchName string) (*ProtectedBranch, error) {

  247. 	return GetProtectedBranchBy(repo.ID, branchName)

  248. }

  249. 

  250. // IsProtectedBranch checks if branch is protected

  251. func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool, error) {

  252. 	if doer == nil {

  253. 		return true, nil

  254. 	}

  255. 

  256. 	protectedBranch := &ProtectedBranch{

  257. 		RepoID:     repo.ID,

  258. 		BranchName: branchName,

  259. 	}

  260. 

  261. 	has, err := x.Exist(protectedBranch)

  262. 	if err != nil {

  263. 		return true, err

  264. 	}

  265. 	return has, nil

  266. }

  267. 

  268. // IsProtectedBranchForPush checks if branch is protected for push

  269. func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {

  270. 	if doer == nil {

  271. 		return true, nil

  272. 	}

  273. 

  274. 	protectedBranch := &ProtectedBranch{

  275. 		RepoID:     repo.ID,

  276. 		BranchName: branchName,

  277. 	}

  278. 

  279. 	has, err := x.Get(protectedBranch)

  280. 	if err != nil {

  281. 		return true, err

  282. 	} else if has {

  283. 		return !protectedBranch.CanUserPush(doer.ID), nil

  284. 	}

  285. 

  286. 	return false, nil

  287. }

  288. 

  289. // IsProtectedBranchForMerging checks if branch is protected for merging

  290. func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName string, doer *User) (bool, error) {

  291. 	if doer == nil {

  292. 		return true, nil

  293. 	}

  294. 

  295. 	protectedBranch := &ProtectedBranch{

  296. 		RepoID:     repo.ID,

  297. 		BranchName: branchName,

  298. 	}

  299. 

  300. 	has, err := x.Get(protectedBranch)

  301. 	if err != nil {

  302. 		return true, err

  303. 	} else if has {

  304. 		return !protectedBranch.CanUserMerge(doer.ID) || !protectedBranch.HasEnoughApprovals(pr), nil

  305. 	}

  306. 

  307. 	return false, nil

  308. }

  309. 

  310. // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with

  311. // the users from newWhitelist which have explicit read or write access to the repo.

  312. func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  313. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  314. 	if !hasUsersChanged {

  315. 		return currentWhitelist, nil

  316. 	}

  317. 

  318. 	whitelist = make([]int64, 0, len(newWhitelist))

  319. 	for _, userID := range newWhitelist {

  320. 		if reader, err := repo.IsReader(userID); err != nil {

  321. 			return nil, err

  322. 		} else if !reader {

  323. 			continue

  324. 		}

  325. 		whitelist = append(whitelist, userID)

  326. 	}

  327. 

  328. 	return

  329. }

  330. 

  331. // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with

  332. // the users from newWhitelist which have write access to the repo.

  333. func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  334. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  335. 	if !hasUsersChanged {

  336. 		return currentWhitelist, nil

  337. 	}

  338. 

  339. 	whitelist = make([]int64, 0, len(newWhitelist))

  340. 	for _, userID := range newWhitelist {

  341. 		user, err := GetUserByID(userID)

  342. 		if err != nil {

  343. 			return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  344. 		}

  345. 		perm, err := GetUserRepoPermission(repo, user)

  346. 		if err != nil {

  347. 			return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  348. 		}

  349. 

  350. 		if !perm.CanWrite(UnitTypeCode) {

  351. 			continue // Drop invalid user ID

  352. 		}

  353. 

  354. 		whitelist = append(whitelist, userID)

  355. 	}

  356. 

  357. 	return

  358. }

  359. 

  360. // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with

  361. // the teams from newWhitelist which have write access to the repo.

  362. func updateTeamWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  363. 	hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  364. 	if !hasTeamsChanged {

  365. 		return currentWhitelist, nil

  366. 	}

  367. 

  368. 	teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)

  369. 	if err != nil {

  370. 		return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)

  371. 	}

  372. 

  373. 	whitelist = make([]int64, 0, len(teams))

  374. 	for i := range teams {

  375. 		if com.IsSliceContainsInt64(newWhitelist, teams[i].ID) {

  376. 			whitelist = append(whitelist, teams[i].ID)

  377. 		}

  378. 	}

  379. 

  380. 	return

  381. }

  382. 

  383. // DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.

  384. func (repo *Repository) DeleteProtectedBranch(id int64) (err error) {

  385. 	protectedBranch := &ProtectedBranch{

  386. 		RepoID: repo.ID,

  387. 		ID:     id,

  388. 	}

  389. 

  390. 	sess := x.NewSession()

  391. 	defer sess.Close()

  392. 	if err = sess.Begin(); err != nil {

  393. 		return err

  394. 	}

  395. 

  396. 	if affected, err := sess.Delete(protectedBranch); err != nil {

  397. 		return err

  398. 	} else if affected != 1 {

  399. 		return fmt.Errorf("delete protected branch ID(%v) failed", id)

  400. 	}

  401. 

  402. 	return sess.Commit()

  403. }

  404. 

  405. // DeletedBranch struct

  406. type DeletedBranch struct {

  407. 	ID          int64              `xorm:"pk autoincr"`

  408. 	RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`

  409. 	Name        string             `xorm:"UNIQUE(s) NOT NULL"`

  410. 	Commit      string             `xorm:"UNIQUE(s) NOT NULL"`

  411. 	DeletedByID int64              `xorm:"INDEX"`

  412. 	DeletedBy   *User              `xorm:"-"`

  413. 	DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`

  414. }

  415. 

  416. // AddDeletedBranch adds a deleted branch to the database

  417. func (repo *Repository) AddDeletedBranch(branchName, commit string, deletedByID int64) error {

  418. 	deletedBranch := &DeletedBranch{

  419. 		RepoID:      repo.ID,

  420. 		Name:        branchName,

  421. 		Commit:      commit,

  422. 		DeletedByID: deletedByID,

  423. 	}

  424. 

  425. 	sess := x.NewSession()

  426. 	defer sess.Close()

  427. 	if err := sess.Begin(); err != nil {

  428. 		return err

  429. 	}

  430. 

  431. 	if _, err := sess.InsertOne(deletedBranch); err != nil {

  432. 		return err

  433. 	}

  434. 

  435. 	return sess.Commit()

  436. }

  437. 

  438. // GetDeletedBranches returns all the deleted branches

  439. func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {

  440. 	deletedBranches := make([]*DeletedBranch, 0)

  441. 	return deletedBranches, x.Where("repo_id = ?", repo.ID).Desc("deleted_unix").Find(&deletedBranches)

  442. }

  443. 

  444. // GetDeletedBranchByID get a deleted branch by its ID

  445. func (repo *Repository) GetDeletedBranchByID(ID int64) (*DeletedBranch, error) {

  446. 	deletedBranch := &DeletedBranch{ID: ID}

  447. 	has, err := x.Get(deletedBranch)

  448. 	if err != nil {

  449. 		return nil, err

  450. 	}

  451. 	if !has {

  452. 		return nil, nil

  453. 	}

  454. 	return deletedBranch, nil

  455. }

  456. 

  457. // RemoveDeletedBranch removes a deleted branch from the database

  458. func (repo *Repository) RemoveDeletedBranch(id int64) (err error) {

  459. 	deletedBranch := &DeletedBranch{

  460. 		RepoID: repo.ID,

  461. 		ID:     id,

  462. 	}

  463. 

  464. 	sess := x.NewSession()

  465. 	defer sess.Close()

  466. 	if err = sess.Begin(); err != nil {

  467. 		return err

  468. 	}

  469. 

  470. 	if affected, err := sess.Delete(deletedBranch); err != nil {

  471. 		return err

  472. 	} else if affected != 1 {

  473. 		return fmt.Errorf("remove deleted branch ID(%v) failed", id)

  474. 	}

  475. 

  476. 	return sess.Commit()

  477. }

  478. 

  479. // LoadUser loads the user that deleted the branch

  480. // When there's no user found it returns a NewGhostUser

  481. func (deletedBranch *DeletedBranch) LoadUser() {

  482. 	user, err := GetUserByID(deletedBranch.DeletedByID)

  483. 	if err != nil {

  484. 		user = NewGhostUser()

  485. 	}

  486. 	deletedBranch.DeletedBy = user

  487. }

  488. 

  489. // RemoveOldDeletedBranches removes old deleted branches

  490. func RemoveOldDeletedBranches() {

  491. 	log.Trace("Doing: DeletedBranchesCleanup")

  492. 

  493. 	deleteBefore := time.Now().Add(-setting.Cron.DeletedBranchesCleanup.OlderThan)

  494. 	_, err := x.Where("deleted_unix < ?", deleteBefore.Unix()).Delete(new(DeletedBranch))

  495. 	if err != nil {

  496. 		log.Error("DeletedBranchesCleanup: %v", err)

  497. 	}

  498. }