mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8155 Commits
17 Branches
Tree: d151503d34
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd151503d34'
${ noResults }
gitea/models/branches.go

branches.go 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492 
  1. // Copyright 2016 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"fmt"

  9. 	"time"

  10. 

  11. 	"code.gitea.io/gitea/modules/base"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 	"code.gitea.io/gitea/modules/timeutil"

  15. 	"code.gitea.io/gitea/modules/util"

  16. 

  17. 	"github.com/unknwon/com"

  18. )

  19. 

  20. const (

  21. 	// ProtectedBranchRepoID protected Repo ID

  22. 	ProtectedBranchRepoID = "GITEA_REPO_ID"

  23. 	// ProtectedBranchPRID protected Repo PR ID

  24. 	ProtectedBranchPRID = "GITEA_PR_ID"

  25. )

  26. 

  27. // ProtectedBranch struct

  28. type ProtectedBranch struct {

  29. 	ID                        int64  `xorm:"pk autoincr"`

  30. 	RepoID                    int64  `xorm:"UNIQUE(s)"`

  31. 	BranchName                string `xorm:"UNIQUE(s)"`

  32. 	CanPush                   bool   `xorm:"NOT NULL DEFAULT false"`

  33. 	EnableWhitelist           bool

  34. 	WhitelistUserIDs          []int64            `xorm:"JSON TEXT"`

  35. 	WhitelistTeamIDs          []int64            `xorm:"JSON TEXT"`

  36. 	EnableMergeWhitelist      bool               `xorm:"NOT NULL DEFAULT false"`

  37. 	MergeWhitelistUserIDs     []int64            `xorm:"JSON TEXT"`

  38. 	MergeWhitelistTeamIDs     []int64            `xorm:"JSON TEXT"`

  39. 	EnableStatusCheck         bool               `xorm:"NOT NULL DEFAULT false"`

  40. 	StatusCheckContexts       []string           `xorm:"JSON TEXT"`

  41. 	ApprovalsWhitelistUserIDs []int64            `xorm:"JSON TEXT"`

  42. 	ApprovalsWhitelistTeamIDs []int64            `xorm:"JSON TEXT"`

  43. 	RequiredApprovals         int64              `xorm:"NOT NULL DEFAULT 0"`

  44. 	CreatedUnix               timeutil.TimeStamp `xorm:"created"`

  45. 	UpdatedUnix               timeutil.TimeStamp `xorm:"updated"`

  46. }

  47. 

  48. // IsProtected returns if the branch is protected

  49. func (protectBranch *ProtectedBranch) IsProtected() bool {

  50. 	return protectBranch.ID > 0

  51. }

  52. 

  53. // CanUserPush returns if some user could push to this protected branch

  54. func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {

  55. 	if !protectBranch.EnableWhitelist {

  56. 		return false

  57. 	}

  58. 

  59. 	if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {

  60. 		return true

  61. 	}

  62. 

  63. 	if len(protectBranch.WhitelistTeamIDs) == 0 {

  64. 		return false

  65. 	}

  66. 

  67. 	in, err := IsUserInTeams(userID, protectBranch.WhitelistTeamIDs)

  68. 	if err != nil {

  69. 		log.Error("IsUserInTeams: %v", err)

  70. 		return false

  71. 	}

  72. 	return in

  73. }

  74. 

  75. // CanUserMerge returns if some user could merge a pull request to this protected branch

  76. func (protectBranch *ProtectedBranch) CanUserMerge(userID int64) bool {

  77. 	if !protectBranch.EnableMergeWhitelist {

  78. 		return true

  79. 	}

  80. 

  81. 	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {

  82. 		return true

  83. 	}

  84. 

  85. 	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {

  86. 		return false

  87. 	}

  88. 

  89. 	in, err := IsUserInTeams(userID, protectBranch.MergeWhitelistTeamIDs)

  90. 	if err != nil {

  91. 		log.Error("IsUserInTeams: %v", err)

  92. 		return false

  93. 	}

  94. 	return in

  95. }

  96. 

  97. // HasEnoughApprovals returns true if pr has enough granted approvals.

  98. func (protectBranch *ProtectedBranch) HasEnoughApprovals(pr *PullRequest) bool {

  99. 	if protectBranch.RequiredApprovals == 0 {

  100. 		return true

  101. 	}

  102. 	return protectBranch.GetGrantedApprovalsCount(pr) >= protectBranch.RequiredApprovals

  103. }

  104. 

  105. // GetGrantedApprovalsCount returns the number of granted approvals for pr. A granted approval must be authored by a user in an approval whitelist.

  106. func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest) int64 {

  107. 	reviews, err := GetReviewersByPullID(pr.IssueID)

  108. 	if err != nil {

  109. 		log.Error("GetReviewersByPullID: %v", err)

  110. 		return 0

  111. 	}

  112. 

  113. 	approvals := int64(0)

  114. 	userIDs := make([]int64, 0)

  115. 	for _, review := range reviews {

  116. 		if review.Type != ReviewTypeApprove {

  117. 			continue

  118. 		}

  119. 		if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, review.ID) {

  120. 			approvals++

  121. 			continue

  122. 		}

  123. 		userIDs = append(userIDs, review.ID)

  124. 	}

  125. 	approvalTeamCount, err := UsersInTeamsCount(userIDs, protectBranch.ApprovalsWhitelistTeamIDs)

  126. 	if err != nil {

  127. 		log.Error("UsersInTeamsCount: %v", err)

  128. 		return 0

  129. 	}

  130. 	return approvalTeamCount + approvals

  131. }

  132. 

  133. // GetProtectedBranchByRepoID getting protected branch by repo ID

  134. func GetProtectedBranchByRepoID(repoID int64) ([]*ProtectedBranch, error) {

  135. 	protectedBranches := make([]*ProtectedBranch, 0)

  136. 	return protectedBranches, x.Where("repo_id = ?", repoID).Desc("updated_unix").Find(&protectedBranches)

  137. }

  138. 

  139. // GetProtectedBranchBy getting protected branch by ID/Name

  140. func GetProtectedBranchBy(repoID int64, branchName string) (*ProtectedBranch, error) {

  141. 	rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}

  142. 	has, err := x.Get(rel)

  143. 	if err != nil {

  144. 		return nil, err

  145. 	}

  146. 	if !has {

  147. 		return nil, nil

  148. 	}

  149. 	return rel, nil

  150. }

  151. 

  152. // GetProtectedBranchByID getting protected branch by ID

  153. func GetProtectedBranchByID(id int64) (*ProtectedBranch, error) {

  154. 	rel := &ProtectedBranch{ID: id}

  155. 	has, err := x.Get(rel)

  156. 	if err != nil {

  157. 		return nil, err

  158. 	}

  159. 	if !has {

  160. 		return nil, nil

  161. 	}

  162. 	return rel, nil

  163. }

  164. 

  165. // WhitelistOptions represent all sorts of whitelists used for protected branches

  166. type WhitelistOptions struct {

  167. 	UserIDs []int64

  168. 	TeamIDs []int64

  169. 

  170. 	MergeUserIDs []int64

  171. 	MergeTeamIDs []int64

  172. 

  173. 	ApprovalsUserIDs []int64

  174. 	ApprovalsTeamIDs []int64

  175. }

  176. 

  177. // UpdateProtectBranch saves branch protection options of repository.

  178. // If ID is 0, it creates a new record. Otherwise, updates existing record.

  179. // This function also performs check if whitelist user and team's IDs have been changed

  180. // to avoid unnecessary whitelist delete and regenerate.

  181. func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {

  182. 	if err = repo.GetOwner(); err != nil {

  183. 		return fmt.Errorf("GetOwner: %v", err)

  184. 	}

  185. 

  186. 	whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)

  187. 	if err != nil {

  188. 		return err

  189. 	}

  190. 	protectBranch.WhitelistUserIDs = whitelist

  191. 

  192. 	whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)

  193. 	if err != nil {

  194. 		return err

  195. 	}

  196. 	protectBranch.MergeWhitelistUserIDs = whitelist

  197. 

  198. 	whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)

  199. 	if err != nil {

  200. 		return err

  201. 	}

  202. 	protectBranch.ApprovalsWhitelistUserIDs = whitelist

  203. 

  204. 	// if the repo is in an organization

  205. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)

  206. 	if err != nil {

  207. 		return err

  208. 	}

  209. 	protectBranch.WhitelistTeamIDs = whitelist

  210. 

  211. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)

  212. 	if err != nil {

  213. 		return err

  214. 	}

  215. 	protectBranch.MergeWhitelistTeamIDs = whitelist

  216. 

  217. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)

  218. 	if err != nil {

  219. 		return err

  220. 	}

  221. 	protectBranch.ApprovalsWhitelistTeamIDs = whitelist

  222. 

  223. 	// Make sure protectBranch.ID is not 0 for whitelists

  224. 	if protectBranch.ID == 0 {

  225. 		if _, err = x.Insert(protectBranch); err != nil {

  226. 			return fmt.Errorf("Insert: %v", err)

  227. 		}

  228. 		return nil

  229. 	}

  230. 

  231. 	if _, err = x.ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {

  232. 		return fmt.Errorf("Update: %v", err)

  233. 	}

  234. 

  235. 	return nil

  236. }

  237. 

  238. // GetProtectedBranches get all protected branches

  239. func (repo *Repository) GetProtectedBranches() ([]*ProtectedBranch, error) {

  240. 	protectedBranches := make([]*ProtectedBranch, 0)

  241. 	return protectedBranches, x.Find(&protectedBranches, &ProtectedBranch{RepoID: repo.ID})

  242. }

  243. 

  244. // IsProtectedBranch checks if branch is protected

  245. func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool, error) {

  246. 	if doer == nil {

  247. 		return true, nil

  248. 	}

  249. 

  250. 	protectedBranch := &ProtectedBranch{

  251. 		RepoID:     repo.ID,

  252. 		BranchName: branchName,

  253. 	}

  254. 

  255. 	has, err := x.Exist(protectedBranch)

  256. 	if err != nil {

  257. 		return true, err

  258. 	}

  259. 	return has, nil

  260. }

  261. 

  262. // IsProtectedBranchForPush checks if branch is protected for push

  263. func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {

  264. 	if doer == nil {

  265. 		return true, nil

  266. 	}

  267. 

  268. 	protectedBranch := &ProtectedBranch{

  269. 		RepoID:     repo.ID,

  270. 		BranchName: branchName,

  271. 	}

  272. 

  273. 	has, err := x.Get(protectedBranch)

  274. 	if err != nil {

  275. 		return true, err

  276. 	} else if has {

  277. 		return !protectedBranch.CanUserPush(doer.ID), nil

  278. 	}

  279. 

  280. 	return false, nil

  281. }

  282. 

  283. // IsProtectedBranchForMerging checks if branch is protected for merging

  284. func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName string, doer *User) (bool, error) {

  285. 	if doer == nil {

  286. 		return true, nil

  287. 	}

  288. 

  289. 	protectedBranch := &ProtectedBranch{

  290. 		RepoID:     repo.ID,

  291. 		BranchName: branchName,

  292. 	}

  293. 

  294. 	has, err := x.Get(protectedBranch)

  295. 	if err != nil {

  296. 		return true, err

  297. 	} else if has {

  298. 		return !protectedBranch.CanUserMerge(doer.ID) || !protectedBranch.HasEnoughApprovals(pr), nil

  299. 	}

  300. 

  301. 	return false, nil

  302. }

  303. 

  304. // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with

  305. // the users from newWhitelist which have explicit read or write access to the repo.

  306. func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  307. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  308. 	if !hasUsersChanged {

  309. 		return currentWhitelist, nil

  310. 	}

  311. 

  312. 	whitelist = make([]int64, 0, len(newWhitelist))

  313. 	for _, userID := range newWhitelist {

  314. 		if reader, err := repo.IsReader(userID); err != nil {

  315. 			return nil, err

  316. 		} else if !reader {

  317. 			continue

  318. 		}

  319. 		whitelist = append(whitelist, userID)

  320. 	}

  321. 

  322. 	return

  323. }

  324. 

  325. // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with

  326. // the users from newWhitelist which have write access to the repo.

  327. func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  328. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  329. 	if !hasUsersChanged {

  330. 		return currentWhitelist, nil

  331. 	}

  332. 

  333. 	whitelist = make([]int64, 0, len(newWhitelist))

  334. 	for _, userID := range newWhitelist {

  335. 		user, err := GetUserByID(userID)

  336. 		if err != nil {

  337. 			return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  338. 		}

  339. 		perm, err := GetUserRepoPermission(repo, user)

  340. 		if err != nil {

  341. 			return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  342. 		}

  343. 

  344. 		if !perm.CanWrite(UnitTypeCode) {

  345. 			continue // Drop invalid user ID

  346. 		}

  347. 

  348. 		whitelist = append(whitelist, userID)

  349. 	}

  350. 

  351. 	return

  352. }

  353. 

  354. // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with

  355. // the teams from newWhitelist which have write access to the repo.

  356. func updateTeamWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  357. 	hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  358. 	if !hasTeamsChanged {

  359. 		return currentWhitelist, nil

  360. 	}

  361. 

  362. 	teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)

  363. 	if err != nil {

  364. 		return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)

  365. 	}

  366. 

  367. 	whitelist = make([]int64, 0, len(teams))

  368. 	for i := range teams {

  369. 		if com.IsSliceContainsInt64(newWhitelist, teams[i].ID) {

  370. 			whitelist = append(whitelist, teams[i].ID)

  371. 		}

  372. 	}

  373. 

  374. 	return

  375. }

  376. 

  377. // DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.

  378. func (repo *Repository) DeleteProtectedBranch(id int64) (err error) {

  379. 	protectedBranch := &ProtectedBranch{

  380. 		RepoID: repo.ID,

  381. 		ID:     id,

  382. 	}

  383. 

  384. 	sess := x.NewSession()

  385. 	defer sess.Close()

  386. 	if err = sess.Begin(); err != nil {

  387. 		return err

  388. 	}

  389. 

  390. 	if affected, err := sess.Delete(protectedBranch); err != nil {

  391. 		return err

  392. 	} else if affected != 1 {

  393. 		return fmt.Errorf("delete protected branch ID(%v) failed", id)

  394. 	}

  395. 

  396. 	return sess.Commit()

  397. }

  398. 

  399. // DeletedBranch struct

  400. type DeletedBranch struct {

  401. 	ID          int64              `xorm:"pk autoincr"`

  402. 	RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`

  403. 	Name        string             `xorm:"UNIQUE(s) NOT NULL"`

  404. 	Commit      string             `xorm:"UNIQUE(s) NOT NULL"`

  405. 	DeletedByID int64              `xorm:"INDEX"`

  406. 	DeletedBy   *User              `xorm:"-"`

  407. 	DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`

  408. }

  409. 

  410. // AddDeletedBranch adds a deleted branch to the database

  411. func (repo *Repository) AddDeletedBranch(branchName, commit string, deletedByID int64) error {

  412. 	deletedBranch := &DeletedBranch{

  413. 		RepoID:      repo.ID,

  414. 		Name:        branchName,

  415. 		Commit:      commit,

  416. 		DeletedByID: deletedByID,

  417. 	}

  418. 

  419. 	sess := x.NewSession()

  420. 	defer sess.Close()

  421. 	if err := sess.Begin(); err != nil {

  422. 		return err

  423. 	}

  424. 

  425. 	if _, err := sess.InsertOne(deletedBranch); err != nil {

  426. 		return err

  427. 	}

  428. 

  429. 	return sess.Commit()

  430. }

  431. 

  432. // GetDeletedBranches returns all the deleted branches

  433. func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {

  434. 	deletedBranches := make([]*DeletedBranch, 0)

  435. 	return deletedBranches, x.Where("repo_id = ?", repo.ID).Desc("deleted_unix").Find(&deletedBranches)

  436. }

  437. 

  438. // GetDeletedBranchByID get a deleted branch by its ID

  439. func (repo *Repository) GetDeletedBranchByID(ID int64) (*DeletedBranch, error) {

  440. 	deletedBranch := &DeletedBranch{ID: ID}

  441. 	has, err := x.Get(deletedBranch)

  442. 	if err != nil {

  443. 		return nil, err

  444. 	}

  445. 	if !has {

  446. 		return nil, nil

  447. 	}

  448. 	return deletedBranch, nil

  449. }

  450. 

  451. // RemoveDeletedBranch removes a deleted branch from the database

  452. func (repo *Repository) RemoveDeletedBranch(id int64) (err error) {

  453. 	deletedBranch := &DeletedBranch{

  454. 		RepoID: repo.ID,

  455. 		ID:     id,

  456. 	}

  457. 

  458. 	sess := x.NewSession()

  459. 	defer sess.Close()

  460. 	if err = sess.Begin(); err != nil {

  461. 		return err

  462. 	}

  463. 

  464. 	if affected, err := sess.Delete(deletedBranch); err != nil {

  465. 		return err

  466. 	} else if affected != 1 {

  467. 		return fmt.Errorf("remove deleted branch ID(%v) failed", id)

  468. 	}

  469. 

  470. 	return sess.Commit()

  471. }

  472. 

  473. // LoadUser loads the user that deleted the branch

  474. // When there's no user found it returns a NewGhostUser

  475. func (deletedBranch *DeletedBranch) LoadUser() {

  476. 	user, err := GetUserByID(deletedBranch.DeletedByID)

  477. 	if err != nil {

  478. 		user = NewGhostUser()

  479. 	}

  480. 	deletedBranch.DeletedBy = user

  481. }

  482. 

  483. // RemoveOldDeletedBranches removes old deleted branches

  484. func RemoveOldDeletedBranches() {

  485. 	log.Trace("Doing: DeletedBranchesCleanup")

  486. 

  487. 	deleteBefore := time.Now().Add(-setting.Cron.DeletedBranchesCleanup.OlderThan)

  488. 	_, err := x.Where("deleted_unix < ?", deleteBefore.Unix()).Delete(new(DeletedBranch))

  489. 	if err != nil {

  490. 		log.Error("DeletedBranchesCleanup: %v", err)

  491. 	}

  492. }