From d8c7efa626ba925aa9c1bf1efaf6289cd5db4f0b Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 30 May 2014 16:26:45 +0300
Subject: Dont allow git tag rewrite/removal unless you are master

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 lib/gitlab/git_access.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 2f8b55aaca0..38b3d82e2f4 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -53,6 +53,9 @@ module Gitlab
                    else
                      :push_code_to_protected_branches
                    end
+                 elsif project.repository && project.repository.tag_names.include?(ref)
+                   # Prevent any changes to existing git tag unless user has permissions
+                   :admin_project
                  else
                    :push_code
                  end
-- 
cgit v1.2.1