diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/services/merge_requests/base_service.rb | 4 | ||||
| -rw-r--r-- | app/views/projects/protected_branches/index.html.haml | 1 | ||||
| -rw-r--r-- | doc/install/installation.md | 4 | ||||
| -rw-r--r-- | doc/update/6.0-to-6.7.md | 3 | ||||
| -rw-r--r-- | doc/update/6.6-to-6.7.md | 3 | ||||
| -rw-r--r-- | doc/update/upgrader.md | 7 | ||||
| -rw-r--r-- | lib/api/internal.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/git_access.rb | 20 | ||||
| -rw-r--r-- | spec/services/merge_requests/close_service_spec.rb | 35 | ||||
| -rw-r--r-- | spec/services/merge_requests/create_service_spec.rb | 25 | ||||
| -rw-r--r-- | spec/services/merge_requests/update_service_spec.rb | 44 |
12 files changed, 140 insertions, 11 deletions
diff --git a/CHANGELOG b/CHANGELOG index 64a40ca6936..59e3e22524b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -7,6 +7,7 @@ v 6.8.0 - Make the repository downloads path configurable - Create branches via API (sponsored by O'Reilly Media) - Changed permission of gitlab-satellites directory not to be world accessible + - Protected branch does not allow force push v 6.7.3 - Fix the merge notification email not being sent (Pierre de La Morinerie) diff --git a/app/services/merge_requests/base_service.rb b/app/services/merge_requests/base_service.rb index a1261972157..c77f5d664ef 100644 --- a/app/services/merge_requests/base_service.rb +++ b/app/services/merge_requests/base_service.rb @@ -3,6 +3,10 @@ module MergeRequests private + def create_assignee_note(merge_request) + Note.create_assignee_change_note(merge_request, merge_request.project, current_user, merge_request.assignee) + end + def create_note(merge_request) Note.create_status_change_note(merge_request, merge_request.target_project, current_user, merge_request.state, nil) end diff --git a/app/views/projects/protected_branches/index.html.haml b/app/views/projects/protected_branches/index.html.haml index 8b100766e97..4a6e8943a9f 100644 --- a/app/views/projects/protected_branches/index.html.haml +++ b/app/views/projects/protected_branches/index.html.haml @@ -9,6 +9,7 @@ %ul %li keep stable branches secured %li forced code review before merge to protected branches + %li prevents branch from force push %p Read more about project permissions #{link_to "here", help_permissions_path, class: "underlined-link"} - if can? current_user, :admin_project, @project diff --git a/doc/install/installation.md b/doc/install/installation.md index efcba2f69bf..bc194d33927 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -93,7 +93,7 @@ Then select 'Internet Site' and press enter to confirm the hostname. # 2. Ruby -The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https://github.com/sstephenson/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we stronly advise everyone to follow the instructions below to use a system ruby. +The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https://github.com/sstephenson/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab in production frequently leads to hard to diagnose problems. For example, GitLab Shell is called from OpenSSH and having a version manager can prevent pushing and pulling over SSH. Version managers are not supported and we stronly advise everyone to follow the instructions below to use a system ruby. Remove the old Ruby 1.8 if present @@ -202,7 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version, # Create directory for satellites sudo -u git -H mkdir /home/git/gitlab-satellites - sudo chmod o-rwx /home/git/gitlab-satellites + sudo chmod u+rwx,g+rx,o-rwx /home/git/gitlab-satellites # Create directories for sockets/pids and make sure GitLab can write to them sudo -u git -H mkdir tmp/pids/ diff --git a/doc/update/6.0-to-6.7.md b/doc/update/6.0-to-6.7.md index 5023e34f189..aa1b388fa9a 100644 --- a/doc/update/6.0-to-6.7.md +++ b/doc/update/6.0-to-6.7.md @@ -80,6 +80,9 @@ sudo -u git -H bundle exec rake migrate_iids RAILS_ENV=production # Clean up assets and cache sudo -u git -H bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production + +# Close access to gitlab-satellites for others +sudo chmod u+rwx,g+rx,o-rwx /home/git/gitlab-satellites ``` ### 6. Update config files diff --git a/doc/update/6.6-to-6.7.md b/doc/update/6.6-to-6.7.md index 8a16e5d67be..0f39c037c9f 100644 --- a/doc/update/6.6-to-6.7.md +++ b/doc/update/6.6-to-6.7.md @@ -63,6 +63,9 @@ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab # Update the logrotate configuration (keep logs for 90 days instead of 52 weeks) sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab + +# Close access to gitlab-satellites for others +sudo chmod u+rwx,g+rx,o-rwx /home/git/gitlab-satellites ``` diff --git a/doc/update/upgrader.md b/doc/update/upgrader.md index 305ef961be5..fd45154ac82 100644 --- a/doc/update/upgrader.md +++ b/doc/update/upgrader.md @@ -40,3 +40,10 @@ To make sure you didn't miss anything run a more thorough check with: sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production If all items are green, then congratulations upgrade is complete! + + +### One line upgrade command + +You've read through the entire guide, and probably did all the steps manually. Here is a one liner for convenience, the next time you upgrade: + + cd /home/git/gitlab; sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production; sudo service gitlab stop; sudo -u git -H ruby script/upgrade.rb -y; sudo service gitlab start; sudo service nginx restart; sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production diff --git a/lib/api/internal.rb b/lib/api/internal.rb index bcf97574673..06c66ba0b35 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -10,6 +10,7 @@ module API # project - project path with namespace # action - git action (git-upload-pack or git-receive-pack) # ref - branch name + # forced_push - forced_push # get "/allowed" do # Check for *.wiki repositories. @@ -35,7 +36,8 @@ module API project, params[:ref], params[:oldrev], - params[:newrev] + params[:newrev], + params[:forced_push] ) end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 1ab8f9213a3..eefdb1833fc 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -5,7 +5,7 @@ module Gitlab attr_reader :params, :project, :git_cmd, :user - def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil) + def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil, forced_push = false) case cmd when *DOWNLOAD_COMMANDS if actor.is_a? User @@ -19,12 +19,12 @@ module Gitlab end when *PUSH_COMMANDS if actor.is_a? User - push_allowed?(actor, project, ref, oldrev, newrev) + push_allowed?(actor, project, ref, oldrev, newrev, forced_push) elsif actor.is_a? DeployKey # Deploy key not allowed to push return false elsif actor.is_a? Key - push_allowed?(actor.user, project, ref, oldrev, newrev) + push_allowed?(actor.user, project, ref, oldrev, newrev, forced_push) else raise 'Wrong actor' end @@ -41,13 +41,17 @@ module Gitlab end end - def push_allowed?(user, project, ref, oldrev, newrev) + def push_allowed?(user, project, ref, oldrev, newrev, forced_push) if user && user_allowed?(user) action = if project.protected_branch?(ref) - :push_code_to_protected_branches - else - :push_code - end + if forced_push.to_s == 'true' + :force_push_code_to_protected_branches + else + :push_code_to_protected_branches + end + else + :push_code + end user.can?(action, project) else false diff --git a/spec/services/merge_requests/close_service_spec.rb b/spec/services/merge_requests/close_service_spec.rb new file mode 100644 index 00000000000..a504f916b08 --- /dev/null +++ b/spec/services/merge_requests/close_service_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' + +describe MergeRequests::CloseService do + let(:user) { create(:user) } + let(:user2) { create(:user) } + let(:merge_request) { create(:merge_request, assignee: user2) } + let(:project) { merge_request.project } + + before do + project.team << [user, :master] + project.team << [user2, :developer] + end + + describe :execute do + context "valid params" do + before do + @merge_request = MergeRequests::CloseService.new(project, user, {}).execute(merge_request) + end + + it { @merge_request.should be_valid } + it { @merge_request.should be_closed } + + it 'should send email to user2 about assign of new merge_request' do + email = ActionMailer::Base.deliveries.last + email.to.first.should == user2.email + email.subject.should include(merge_request.title) + end + + it 'should create system note about merge_request reassign' do + note = @merge_request.notes.last + note.note.should include "Status changed to closed" + end + end + end +end diff --git a/spec/services/merge_requests/create_service_spec.rb b/spec/services/merge_requests/create_service_spec.rb new file mode 100644 index 00000000000..cebeb0644d0 --- /dev/null +++ b/spec/services/merge_requests/create_service_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper' + +describe MergeRequests::CreateService do + let(:project) { create(:project) } + let(:user) { create(:user) } + + describe :execute do + context "valid params" do + before do + project.team << [user, :master] + opts = { + title: 'Awesome merge_request', + description: 'please fix', + source_branch: 'stable', + target_branch: 'master' + } + + @merge_request = MergeRequests::CreateService.new(project, user, opts).execute + end + + it { @merge_request.should be_valid } + it { @merge_request.title.should == 'Awesome merge_request' } + end + end +end diff --git a/spec/services/merge_requests/update_service_spec.rb b/spec/services/merge_requests/update_service_spec.rb new file mode 100644 index 00000000000..af5d3a3dc81 --- /dev/null +++ b/spec/services/merge_requests/update_service_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe MergeRequests::UpdateService do + let(:user) { create(:user) } + let(:user2) { create(:user) } + let(:merge_request) { create(:merge_request, :simple) } + let(:project) { merge_request.project } + + before do + project.team << [user, :master] + project.team << [user2, :developer] + end + + describe :execute do + context "valid params" do + before do + opts = { + title: 'New title', + description: 'Also please fix', + assignee_id: user2.id, + state_event: 'close' + } + + @merge_request = MergeRequests::UpdateService.new(project, user, opts).execute(merge_request) + end + + it { @merge_request.should be_valid } + it { @merge_request.title.should == 'New title' } + it { @merge_request.assignee.should == user2 } + it { @merge_request.should be_closed } + + it 'should send email to user2 about assign of new merge_request' do + email = ActionMailer::Base.deliveries.last + email.to.first.should == user2.email + email.subject.should include(merge_request.title) + end + + it 'should create system note about merge_request reassign' do + note = @merge_request.notes.last + note.note.should include "Reassigned to \@#{user2.username}" + end + end + end +end |