diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-09-02 09:20:15 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-09-02 09:20:15 +0000 |
| commit | 3a3c4ea436c7e2b65c93e54e6f110722c8371fb9 (patch) | |
| tree | 1ffab592d96867cdac0ec3fb5dfb46e3ccfc38cf /lib | |
| parent | 7e7f52862b2953f0b36a6fea37ca179e0182d0d8 (diff) | |
| parent | 7f99aa57a28f56c6e04263cd7c2785ed867ec9a1 (diff) | |
| download | gitlab-ce-3a3c4ea436c7e2b65c93e54e6f110722c8371fb9.tar.gz | |
Merge branch 'gitlab-shell-2-0' into 'master'
Modify GitLab to work with gitlab-shell 2.0
Related to #1516
See merge request !1057
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/internal.rb | 5 | ||||
| -rw-r--r-- | lib/gitlab/git_access.rb | 39 |
2 files changed, 32 insertions, 12 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 5850892df07..86fa149d050 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -34,10 +34,7 @@ module API actor, params[:action], project, - params[:ref], - params[:oldrev], - params[:newrev], - params[:forced_push] + params[:changes] ) end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 38b3d82e2f4..e75a5a1d62e 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -5,7 +5,7 @@ module Gitlab attr_reader :params, :project, :git_cmd, :user - def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil, forced_push = false) + def allowed?(actor, cmd, project, changes = nil) case cmd when *DOWNLOAD_COMMANDS if actor.is_a? User @@ -19,12 +19,12 @@ module Gitlab end when *PUSH_COMMANDS if actor.is_a? User - push_allowed?(actor, project, ref, oldrev, newrev, forced_push) + push_allowed?(actor, project, changes) elsif actor.is_a? DeployKey # Deploy key not allowed to push return false elsif actor.is_a? Key - push_allowed?(actor.user, project, ref, oldrev, newrev, forced_push) + push_allowed?(actor.user, project, changes) else raise 'Wrong actor' end @@ -41,13 +41,21 @@ module Gitlab end end - def push_allowed?(user, project, ref, oldrev, newrev, forced_push) - if user && user_allowed?(user) + def push_allowed?(user, project, changes) + return false unless user && user_allowed?(user) + return true if changes.blank? + + changes = changes.lines if changes.kind_of?(String) + + # Iterate over all changes to find if user allowed all of them to be applied + changes.each do |change| + oldrev, newrev, ref = changes.split('') + action = if project.protected_branch?(ref) # we dont allow force push to protected branch - if forced_push.to_s == 'true' + if forced_push?(oldrev, newrev) :force_push_code_to_protected_branches - # and we dont allow remove of protected branch + # and we dont allow remove of protected branch elsif newrev =~ /0000000/ :remove_protected_branches else @@ -59,7 +67,22 @@ module Gitlab else :push_code end - user.can?(action, project) + unless user.can?(action, project) + # If user does not have access to make at least one change - cancel all push + return false + end + end + + # If user has access to make all changes + true + end + + def forced_push?(oldrev, newrev) + return false if project.empty_repo? + + if oldrev !~ /00000000/ && newrev !~ /00000000/ + missed_refs = IO.popen(%W(git --git-dir=#{project.repository.path_to_repo} rev-list #{oldrev} ^#{newrev})).read + missed_refs.split("\n").size > 0 else false end |