ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2012-02-15 22:02:33 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2012-02-15 22:02:33 +0200
commit: 37224dc9c1ee80ba9030b616e2bc87bd96919e09 (patch)
tree: 5291abadd8748ea47685c326df4b137d0d6a2194 /lib/gitlabhq
parent: 3a9e5a9357b6b0cac2acdefa203136c9b572e102 (diff)
download: gitlab-ce-37224dc9c1ee80ba9030b616e2bc87bd96919e09.tar.gz
1 files changed, 34 insertions, 28 deletions
diff --git a/lib/gitlabhq/gitolite.rb b/lib/gitlabhq/gitolite.rb
index e6eb8e5144b..4f911113ea0 100644
--- a/lib/gitlabhq/gitolite.rb
+++ b/lib/gitlabhq/gitolite.rb
@@ -64,21 +64,9 @@ module Gitlabhq
     def update_project(repo_name, project)
       ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
       conf = ga_repo.config
-
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else 
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-
-      name_readers = project.repository_readers
-      name_writers = project.repository_writers
-
-      repo.clean_permissions
-      repo.add_permission("R", "", name_readers) unless name_readers.blank?
-      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
+      repo = update_project_config(project, conf)
       conf.add_repo(repo, true)
-
+      
       ga_repo.save
     end
 
@@ -89,25 +77,43 @@ module Gitlabhq
       conf = ga_repo.config
 
       projects.each do |project|
-        repo_name = project.path
-
-        repo = if conf.has_repo?(repo_name)
-                 conf.get_repo(repo_name)
-               else 
-                 ::Gitolite::Config::Repo.new(repo_name)
-               end
-
-        name_readers = project.repository_readers
-        name_writers = project.repository_writers
-
-        repo.clean_permissions
-        repo.add_permission("R", "", name_readers) unless name_readers.blank?
-        repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
+        repo = update_project_config(project, conf)
         conf.add_repo(repo, true)
       end
 
       ga_repo.save
     end
 
+    def update_project_config(project, conf)
+      repo_name = project.path
+
+      repo = if conf.has_repo?(repo_name)
+               conf.get_repo(repo_name)
+             else 
+               ::Gitolite::Config::Repo.new(repo_name)
+             end
+
+      name_readers = project.repository_readers
+      name_writers = project.repository_writers
+      name_masters = project.repository_masters
+
+      pr_br = project.protected_branches.map(&:name).join(" ")
+
+      repo.clean_permissions
+
+      # Deny access to protected branches for writers
+      unless name_writers.blank? || pr_br.blank?
+        repo.add_permission("-", pr_br, name_writers)
+      end
+
+      # Add read permissions
+      repo.add_permission("R", "", name_readers) unless name_readers.blank?
+
+      # Add write permissions
+      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
+      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
+
+      repo
+    end
   end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2012-02-15 22:02:33 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2012-02-15 22:02:33 +0200
commit	37224dc9c1ee80ba9030b616e2bc87bd96919e09 (patch)
tree	5291abadd8748ea47685c326df4b137d0d6a2194 /lib/gitlabhq
parent	3a9e5a9357b6b0cac2acdefa203136c9b572e102 (diff)
download	gitlab-ce-37224dc9c1ee80ba9030b616e2bc87bd96919e09.tar.gz