mirrors
/
gitea
mirror da https://github.com/go-gitea/gitea.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 211 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16872 Commit
17 Rami (Branch)
Albero (Tree): v1.21.5
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'v1.21.5'
${ noResults }
gitea/models/git/protected_branch.go

protected_branch.go 16KB
Originale Permalink Blame Cronologia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package git

  5. 

  6. import (

  7. 	"context"

  8. 	"errors"

  9. 	"fmt"

  10. 	"slices"

  11. 	"strings"

  12. 

  13. 	"code.gitea.io/gitea/models/db"

  14. 	"code.gitea.io/gitea/models/organization"

  15. 	"code.gitea.io/gitea/models/perm"

  16. 	access_model "code.gitea.io/gitea/models/perm/access"

  17. 	repo_model "code.gitea.io/gitea/models/repo"

  18. 	"code.gitea.io/gitea/models/unit"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/base"

  21. 	"code.gitea.io/gitea/modules/log"

  22. 	"code.gitea.io/gitea/modules/timeutil"

  23. 	"code.gitea.io/gitea/modules/util"

  24. 

  25. 	"github.com/gobwas/glob"

  26. 	"github.com/gobwas/glob/syntax"

  27. )

  28. 

  29. var ErrBranchIsProtected = errors.New("branch is protected")

  30. 

  31. // ProtectedBranch struct

  32. type ProtectedBranch struct {

  33. 	ID                            int64                  `xorm:"pk autoincr"`

  34. 	RepoID                        int64                  `xorm:"UNIQUE(s)"`

  35. 	Repo                          *repo_model.Repository `xorm:"-"`

  36. 	RuleName                      string                 `xorm:"'branch_name' UNIQUE(s)"` // a branch name or a glob match to branch name

  37. 	globRule                      glob.Glob              `xorm:"-"`

  38. 	isPlainName                   bool                   `xorm:"-"`

  39. 	CanPush                       bool                   `xorm:"NOT NULL DEFAULT false"`

  40. 	EnableWhitelist               bool

  41. 	WhitelistUserIDs              []int64  `xorm:"JSON TEXT"`

  42. 	WhitelistTeamIDs              []int64  `xorm:"JSON TEXT"`

  43. 	EnableMergeWhitelist          bool     `xorm:"NOT NULL DEFAULT false"`

  44. 	WhitelistDeployKeys           bool     `xorm:"NOT NULL DEFAULT false"`

  45. 	MergeWhitelistUserIDs         []int64  `xorm:"JSON TEXT"`

  46. 	MergeWhitelistTeamIDs         []int64  `xorm:"JSON TEXT"`

  47. 	EnableStatusCheck             bool     `xorm:"NOT NULL DEFAULT false"`

  48. 	StatusCheckContexts           []string `xorm:"JSON TEXT"`

  49. 	EnableApprovalsWhitelist      bool     `xorm:"NOT NULL DEFAULT false"`

  50. 	ApprovalsWhitelistUserIDs     []int64  `xorm:"JSON TEXT"`

  51. 	ApprovalsWhitelistTeamIDs     []int64  `xorm:"JSON TEXT"`

  52. 	RequiredApprovals             int64    `xorm:"NOT NULL DEFAULT 0"`

  53. 	BlockOnRejectedReviews        bool     `xorm:"NOT NULL DEFAULT false"`

  54. 	BlockOnOfficialReviewRequests bool     `xorm:"NOT NULL DEFAULT false"`

  55. 	BlockOnOutdatedBranch         bool     `xorm:"NOT NULL DEFAULT false"`

  56. 	DismissStaleApprovals         bool     `xorm:"NOT NULL DEFAULT false"`

  57. 	RequireSignedCommits          bool     `xorm:"NOT NULL DEFAULT false"`

  58. 	ProtectedFilePatterns         string   `xorm:"TEXT"`

  59. 	UnprotectedFilePatterns       string   `xorm:"TEXT"`

  60. 

  61. 	CreatedUnix timeutil.TimeStamp `xorm:"created"`

  62. 	UpdatedUnix timeutil.TimeStamp `xorm:"updated"`

  63. }

  64. 

  65. func init() {

  66. 	db.RegisterModel(new(ProtectedBranch))

  67. }

  68. 

  69. // IsRuleNameSpecial return true if it contains special character

  70. func IsRuleNameSpecial(ruleName string) bool {

  71. 	for i := 0; i < len(ruleName); i++ {

  72. 		if syntax.Special(ruleName[i]) {

  73. 			return true

  74. 		}

  75. 	}

  76. 	return false

  77. }

  78. 

  79. func (protectBranch *ProtectedBranch) loadGlob() {

  80. 	if protectBranch.globRule == nil {

  81. 		var err error

  82. 		protectBranch.globRule, err = glob.Compile(protectBranch.RuleName, '/')

  83. 		if err != nil {

  84. 			log.Warn("Invalid glob rule for ProtectedBranch[%d]: %s %v", protectBranch.ID, protectBranch.RuleName, err)

  85. 			protectBranch.globRule = glob.MustCompile(glob.QuoteMeta(protectBranch.RuleName), '/')

  86. 		}

  87. 		protectBranch.isPlainName = !IsRuleNameSpecial(protectBranch.RuleName)

  88. 	}

  89. }

  90. 

  91. // Match tests if branchName matches the rule

  92. func (protectBranch *ProtectedBranch) Match(branchName string) bool {

  93. 	protectBranch.loadGlob()

  94. 	if protectBranch.isPlainName {

  95. 		return strings.EqualFold(protectBranch.RuleName, branchName)

  96. 	}

  97. 

  98. 	return protectBranch.globRule.Match(branchName)

  99. }

  100. 

  101. func (protectBranch *ProtectedBranch) LoadRepo(ctx context.Context) (err error) {

  102. 	if protectBranch.Repo != nil {

  103. 		return nil

  104. 	}

  105. 	protectBranch.Repo, err = repo_model.GetRepositoryByID(ctx, protectBranch.RepoID)

  106. 	return err

  107. }

  108. 

  109. // CanUserPush returns if some user could push to this protected branch

  110. func (protectBranch *ProtectedBranch) CanUserPush(ctx context.Context, user *user_model.User) bool {

  111. 	if !protectBranch.CanPush {

  112. 		return false

  113. 	}

  114. 

  115. 	if !protectBranch.EnableWhitelist {

  116. 		if err := protectBranch.LoadRepo(ctx); err != nil {

  117. 			log.Error("LoadRepo: %v", err)

  118. 			return false

  119. 		}

  120. 

  121. 		writeAccess, err := access_model.HasAccessUnit(ctx, user, protectBranch.Repo, unit.TypeCode, perm.AccessModeWrite)

  122. 		if err != nil {

  123. 			log.Error("HasAccessUnit: %v", err)

  124. 			return false

  125. 		}

  126. 		return writeAccess

  127. 	}

  128. 

  129. 	if base.Int64sContains(protectBranch.WhitelistUserIDs, user.ID) {

  130. 		return true

  131. 	}

  132. 

  133. 	if len(protectBranch.WhitelistTeamIDs) == 0 {

  134. 		return false

  135. 	}

  136. 

  137. 	in, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.WhitelistTeamIDs)

  138. 	if err != nil {

  139. 		log.Error("IsUserInTeams: %v", err)

  140. 		return false

  141. 	}

  142. 	return in

  143. }

  144. 

  145. // IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch

  146. func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, userID int64, permissionInRepo access_model.Permission) bool {

  147. 	if !protectBranch.EnableMergeWhitelist {

  148. 		// Then we need to fall back on whether the user has write permission

  149. 		return permissionInRepo.CanWrite(unit.TypeCode)

  150. 	}

  151. 

  152. 	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {

  153. 		return true

  154. 	}

  155. 

  156. 	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {

  157. 		return false

  158. 	}

  159. 

  160. 	in, err := organization.IsUserInTeams(ctx, userID, protectBranch.MergeWhitelistTeamIDs)

  161. 	if err != nil {

  162. 		log.Error("IsUserInTeams: %v", err)

  163. 		return false

  164. 	}

  165. 	return in

  166. }

  167. 

  168. // IsUserOfficialReviewer check if user is official reviewer for the branch (counts towards required approvals)

  169. func IsUserOfficialReviewer(ctx context.Context, protectBranch *ProtectedBranch, user *user_model.User) (bool, error) {

  170. 	repo, err := repo_model.GetRepositoryByID(ctx, protectBranch.RepoID)

  171. 	if err != nil {

  172. 		return false, err

  173. 	}

  174. 

  175. 	if !protectBranch.EnableApprovalsWhitelist {

  176. 		// Anyone with write access is considered official reviewer

  177. 		writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite)

  178. 		if err != nil {

  179. 			return false, err

  180. 		}

  181. 		return writeAccess, nil

  182. 	}

  183. 

  184. 	if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {

  185. 		return true, nil

  186. 	}

  187. 

  188. 	inTeam, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.ApprovalsWhitelistTeamIDs)

  189. 	if err != nil {

  190. 		return false, err

  191. 	}

  192. 

  193. 	return inTeam, nil

  194. }

  195. 

  196. // GetProtectedFilePatterns parses a semicolon separated list of protected file patterns and returns a glob.Glob slice

  197. func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {

  198. 	return getFilePatterns(protectBranch.ProtectedFilePatterns)

  199. }

  200. 

  201. // GetUnprotectedFilePatterns parses a semicolon separated list of unprotected file patterns and returns a glob.Glob slice

  202. func (protectBranch *ProtectedBranch) GetUnprotectedFilePatterns() []glob.Glob {

  203. 	return getFilePatterns(protectBranch.UnprotectedFilePatterns)

  204. }

  205. 

  206. func getFilePatterns(filePatterns string) []glob.Glob {

  207. 	extarr := make([]glob.Glob, 0, 10)

  208. 	for _, expr := range strings.Split(strings.ToLower(filePatterns), ";") {

  209. 		expr = strings.TrimSpace(expr)

  210. 		if expr != "" {

  211. 			if g, err := glob.Compile(expr, '.', '/'); err != nil {

  212. 				log.Info("Invalid glob expression '%s' (skipped): %v", expr, err)

  213. 			} else {

  214. 				extarr = append(extarr, g)

  215. 			}

  216. 		}

  217. 	}

  218. 	return extarr

  219. }

  220. 

  221. // MergeBlockedByProtectedFiles returns true if merge is blocked by protected files change

  222. func (protectBranch *ProtectedBranch) MergeBlockedByProtectedFiles(changedProtectedFiles []string) bool {

  223. 	glob := protectBranch.GetProtectedFilePatterns()

  224. 	if len(glob) == 0 {

  225. 		return false

  226. 	}

  227. 

  228. 	return len(changedProtectedFiles) > 0

  229. }

  230. 

  231. // IsProtectedFile return if path is protected

  232. func (protectBranch *ProtectedBranch) IsProtectedFile(patterns []glob.Glob, path string) bool {

  233. 	if len(patterns) == 0 {

  234. 		patterns = protectBranch.GetProtectedFilePatterns()

  235. 		if len(patterns) == 0 {

  236. 			return false

  237. 		}

  238. 	}

  239. 

  240. 	lpath := strings.ToLower(strings.TrimSpace(path))

  241. 

  242. 	r := false

  243. 	for _, pat := range patterns {

  244. 		if pat.Match(lpath) {

  245. 			r = true

  246. 			break

  247. 		}

  248. 	}

  249. 

  250. 	return r

  251. }

  252. 

  253. // IsUnprotectedFile return if path is unprotected

  254. func (protectBranch *ProtectedBranch) IsUnprotectedFile(patterns []glob.Glob, path string) bool {

  255. 	if len(patterns) == 0 {

  256. 		patterns = protectBranch.GetUnprotectedFilePatterns()

  257. 		if len(patterns) == 0 {

  258. 			return false

  259. 		}

  260. 	}

  261. 

  262. 	lpath := strings.ToLower(strings.TrimSpace(path))

  263. 

  264. 	r := false

  265. 	for _, pat := range patterns {

  266. 		if pat.Match(lpath) {

  267. 			r = true

  268. 			break

  269. 		}

  270. 	}

  271. 

  272. 	return r

  273. }

  274. 

  275. // GetProtectedBranchRuleByName getting protected branch rule by name

  276. func GetProtectedBranchRuleByName(ctx context.Context, repoID int64, ruleName string) (*ProtectedBranch, error) {

  277. 	rel := &ProtectedBranch{RepoID: repoID, RuleName: ruleName}

  278. 	has, err := db.GetByBean(ctx, rel)

  279. 	if err != nil {

  280. 		return nil, err

  281. 	}

  282. 	if !has {

  283. 		return nil, nil

  284. 	}

  285. 	return rel, nil

  286. }

  287. 

  288. // GetProtectedBranchRuleByID getting protected branch rule by rule ID

  289. func GetProtectedBranchRuleByID(ctx context.Context, repoID, ruleID int64) (*ProtectedBranch, error) {

  290. 	rel := &ProtectedBranch{ID: ruleID, RepoID: repoID}

  291. 	has, err := db.GetByBean(ctx, rel)

  292. 	if err != nil {

  293. 		return nil, err

  294. 	}

  295. 	if !has {

  296. 		return nil, nil

  297. 	}

  298. 	return rel, nil

  299. }

  300. 

  301. // WhitelistOptions represent all sorts of whitelists used for protected branches

  302. type WhitelistOptions struct {

  303. 	UserIDs []int64

  304. 	TeamIDs []int64

  305. 

  306. 	MergeUserIDs []int64

  307. 	MergeTeamIDs []int64

  308. 

  309. 	ApprovalsUserIDs []int64

  310. 	ApprovalsTeamIDs []int64

  311. }

  312. 

  313. // UpdateProtectBranch saves branch protection options of repository.

  314. // If ID is 0, it creates a new record. Otherwise, updates existing record.

  315. // This function also performs check if whitelist user and team's IDs have been changed

  316. // to avoid unnecessary whitelist delete and regenerate.

  317. func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {

  318. 	if err = repo.LoadOwner(ctx); err != nil {

  319. 		return fmt.Errorf("LoadOwner: %v", err)

  320. 	}

  321. 

  322. 	whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)

  323. 	if err != nil {

  324. 		return err

  325. 	}

  326. 	protectBranch.WhitelistUserIDs = whitelist

  327. 

  328. 	whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)

  329. 	if err != nil {

  330. 		return err

  331. 	}

  332. 	protectBranch.MergeWhitelistUserIDs = whitelist

  333. 

  334. 	whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)

  335. 	if err != nil {

  336. 		return err

  337. 	}

  338. 	protectBranch.ApprovalsWhitelistUserIDs = whitelist

  339. 

  340. 	// if the repo is in an organization

  341. 	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)

  342. 	if err != nil {

  343. 		return err

  344. 	}

  345. 	protectBranch.WhitelistTeamIDs = whitelist

  346. 

  347. 	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)

  348. 	if err != nil {

  349. 		return err

  350. 	}

  351. 	protectBranch.MergeWhitelistTeamIDs = whitelist

  352. 

  353. 	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)

  354. 	if err != nil {

  355. 		return err

  356. 	}

  357. 	protectBranch.ApprovalsWhitelistTeamIDs = whitelist

  358. 

  359. 	// Make sure protectBranch.ID is not 0 for whitelists

  360. 	if protectBranch.ID == 0 {

  361. 		if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {

  362. 			return fmt.Errorf("Insert: %v", err)

  363. 		}

  364. 		return nil

  365. 	}

  366. 

  367. 	if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {

  368. 		return fmt.Errorf("Update: %v", err)

  369. 	}

  370. 

  371. 	return nil

  372. }

  373. 

  374. // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with

  375. // the users from newWhitelist which have explicit read or write access to the repo.

  376. func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  377. 	hasUsersChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)

  378. 	if !hasUsersChanged {

  379. 		return currentWhitelist, nil

  380. 	}

  381. 

  382. 	whitelist = make([]int64, 0, len(newWhitelist))

  383. 	for _, userID := range newWhitelist {

  384. 		if reader, err := access_model.IsRepoReader(ctx, repo, userID); err != nil {

  385. 			return nil, err

  386. 		} else if !reader {

  387. 			continue

  388. 		}

  389. 		whitelist = append(whitelist, userID)

  390. 	}

  391. 

  392. 	return whitelist, err

  393. }

  394. 

  395. // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with

  396. // the users from newWhitelist which have write access to the repo.

  397. func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  398. 	hasUsersChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)

  399. 	if !hasUsersChanged {

  400. 		return currentWhitelist, nil

  401. 	}

  402. 

  403. 	whitelist = make([]int64, 0, len(newWhitelist))

  404. 	for _, userID := range newWhitelist {

  405. 		user, err := user_model.GetUserByID(ctx, userID)

  406. 		if err != nil {

  407. 			return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  408. 		}

  409. 		perm, err := access_model.GetUserRepoPermission(ctx, repo, user)

  410. 		if err != nil {

  411. 			return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  412. 		}

  413. 

  414. 		if !perm.CanWrite(unit.TypeCode) {

  415. 			continue // Drop invalid user ID

  416. 		}

  417. 

  418. 		whitelist = append(whitelist, userID)

  419. 	}

  420. 

  421. 	return whitelist, err

  422. }

  423. 

  424. // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with

  425. // the teams from newWhitelist which have write access to the repo.

  426. func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  427. 	hasTeamsChanged := !util.SliceSortedEqual(currentWhitelist, newWhitelist)

  428. 	if !hasTeamsChanged {

  429. 		return currentWhitelist, nil

  430. 	}

  431. 

  432. 	teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)

  433. 	if err != nil {

  434. 		return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)

  435. 	}

  436. 

  437. 	whitelist = make([]int64, 0, len(teams))

  438. 	for i := range teams {

  439. 		if slices.Contains(newWhitelist, teams[i].ID) {

  440. 			whitelist = append(whitelist, teams[i].ID)

  441. 		}

  442. 	}

  443. 

  444. 	return whitelist, err

  445. }

  446. 

  447. // DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.

  448. func DeleteProtectedBranch(ctx context.Context, repoID, id int64) (err error) {

  449. 	protectedBranch := &ProtectedBranch{

  450. 		RepoID: repoID,

  451. 		ID:     id,

  452. 	}

  453. 

  454. 	if affected, err := db.GetEngine(ctx).Delete(protectedBranch); err != nil {

  455. 		return err

  456. 	} else if affected != 1 {

  457. 		return fmt.Errorf("delete protected branch ID(%v) failed", id)

  458. 	}

  459. 

  460. 	return nil

  461. }

  462. 

  463. // RemoveUserIDFromProtectedBranch remove all user ids from protected branch options

  464. func RemoveUserIDFromProtectedBranch(ctx context.Context, p *ProtectedBranch, userID int64) error {

  465. 	lenIDs, lenApprovalIDs, lenMergeIDs := len(p.WhitelistUserIDs), len(p.ApprovalsWhitelistUserIDs), len(p.MergeWhitelistUserIDs)

  466. 	p.WhitelistUserIDs = util.SliceRemoveAll(p.WhitelistUserIDs, userID)

  467. 	p.ApprovalsWhitelistUserIDs = util.SliceRemoveAll(p.ApprovalsWhitelistUserIDs, userID)

  468. 	p.MergeWhitelistUserIDs = util.SliceRemoveAll(p.MergeWhitelistUserIDs, userID)

  469. 

  470. 	if lenIDs != len(p.WhitelistUserIDs) || lenApprovalIDs != len(p.ApprovalsWhitelistUserIDs) ||

  471. 		lenMergeIDs != len(p.MergeWhitelistUserIDs) {

  472. 		if _, err := db.GetEngine(ctx).ID(p.ID).Cols(

  473. 			"whitelist_user_i_ds",

  474. 			"merge_whitelist_user_i_ds",

  475. 			"approvals_whitelist_user_i_ds",

  476. 		).Update(p); err != nil {

  477. 			return fmt.Errorf("updateProtectedBranches: %v", err)

  478. 		}

  479. 	}

  480. 	return nil

  481. }

  482. 

  483. // RemoveTeamIDFromProtectedBranch remove all team ids from protected branch options

  484. func RemoveTeamIDFromProtectedBranch(ctx context.Context, p *ProtectedBranch, teamID int64) error {

  485. 	lenIDs, lenApprovalIDs, lenMergeIDs := len(p.WhitelistTeamIDs), len(p.ApprovalsWhitelistTeamIDs), len(p.MergeWhitelistTeamIDs)

  486. 	p.WhitelistTeamIDs = util.SliceRemoveAll(p.WhitelistTeamIDs, teamID)

  487. 	p.ApprovalsWhitelistTeamIDs = util.SliceRemoveAll(p.ApprovalsWhitelistTeamIDs, teamID)

  488. 	p.MergeWhitelistTeamIDs = util.SliceRemoveAll(p.MergeWhitelistTeamIDs, teamID)

  489. 

  490. 	if lenIDs != len(p.WhitelistTeamIDs) ||

  491. 		lenApprovalIDs != len(p.ApprovalsWhitelistTeamIDs) ||

  492. 		lenMergeIDs != len(p.MergeWhitelistTeamIDs) {

  493. 		if _, err := db.GetEngine(ctx).ID(p.ID).Cols(

  494. 			"whitelist_team_i_ds",

  495. 			"merge_whitelist_team_i_ds",

  496. 			"approvals_whitelist_team_i_ds",

  497. 		).Update(p); err != nil {

  498. 			return fmt.Errorf("updateProtectedBranches: %v", err)

  499. 		}

  500. 	}

  501. 	return nil

  502. }