Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4ca35889
Commit
4ca35889
authored
Jan 23, 2018
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Backport changes to Gitlab::Checks::ChangeAccess from EE
parent
68cc9ea2
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
21 additions
and
17 deletions
+21
-17
lib/gitlab/checks/change_access.rb
lib/gitlab/checks/change_access.rb
+21
-17
No files found.
lib/gitlab/checks/change_access.rb
View file @
4ca35889
...
@@ -16,7 +16,7 @@ module Gitlab
...
@@ -16,7 +16,7 @@ module Gitlab
lfs_objects_missing:
'LFS objects are missing. Ensure LFS is properly set up or try a manual "git lfs push --all".'
lfs_objects_missing:
'LFS objects are missing. Ensure LFS is properly set up or try a manual "git lfs push --all".'
}.
freeze
}.
freeze
attr_reader
:user_access
,
:project
,
:skip_authorization
,
:protocol
attr_reader
:user_access
,
:project
,
:skip_authorization
,
:protocol
,
:oldrev
,
:newrev
,
:ref
,
:branch_name
,
:tag_name
def
initialize
(
def
initialize
(
change
,
user_access
:,
project
:,
skip_authorization:
false
,
change
,
user_access
:,
project
:,
skip_authorization:
false
,
...
@@ -51,9 +51,9 @@ module Gitlab
...
@@ -51,9 +51,9 @@ module Gitlab
end
end
def
branch_checks
def
branch_checks
return
unless
@
branch_name
return
unless
branch_name
if
deletion?
&&
@
branch_name
==
project
.
default_branch
if
deletion?
&&
branch_name
==
project
.
default_branch
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:delete_default_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:delete_default_branch
]
end
end
...
@@ -61,7 +61,7 @@ module Gitlab
...
@@ -61,7 +61,7 @@ module Gitlab
end
end
def
protected_branch_checks
def
protected_branch_checks
return
unless
ProtectedBranch
.
protected?
(
project
,
@
branch_name
)
return
unless
ProtectedBranch
.
protected?
(
project
,
branch_name
)
if
forced_push?
if
forced_push?
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:force_push_protected_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:force_push_protected_branch
]
...
@@ -75,29 +75,29 @@ module Gitlab
...
@@ -75,29 +75,29 @@ module Gitlab
end
end
def
protected_branch_deletion_checks
def
protected_branch_deletion_checks
unless
user_access
.
can_delete_branch?
(
@
branch_name
)
unless
user_access
.
can_delete_branch?
(
branch_name
)
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:non_master_delete_protected_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:non_master_delete_protected_branch
]
end
end
unless
protocol
==
'web'
unless
updated_from_web?
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:non_web_delete_protected_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:non_web_delete_protected_branch
]
end
end
end
end
def
protected_branch_push_checks
def
protected_branch_push_checks
if
matching_merge_request?
if
matching_merge_request?
unless
user_access
.
can_merge_to_branch?
(
@branch_name
)
||
user_access
.
can_push_to_branch?
(
@
branch_name
)
unless
user_access
.
can_merge_to_branch?
(
branch_name
)
||
user_access
.
can_push_to_branch?
(
branch_name
)
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:merge_protected_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:merge_protected_branch
]
end
end
else
else
unless
user_access
.
can_push_to_branch?
(
@
branch_name
)
unless
user_access
.
can_push_to_branch?
(
branch_name
)
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:push_protected_branch
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:push_protected_branch
]
end
end
end
end
end
end
def
tag_checks
def
tag_checks
return
unless
@
tag_name
return
unless
tag_name
if
tag_exists?
&&
user_access
.
cannot_do_action?
(
:admin_project
)
if
tag_exists?
&&
user_access
.
cannot_do_action?
(
:admin_project
)
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:change_existing_tags
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:change_existing_tags
]
...
@@ -107,40 +107,44 @@ module Gitlab
...
@@ -107,40 +107,44 @@ module Gitlab
end
end
def
protected_tag_checks
def
protected_tag_checks
return
unless
ProtectedTag
.
protected?
(
project
,
@
tag_name
)
return
unless
ProtectedTag
.
protected?
(
project
,
tag_name
)
raise
(
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:update_protected_tag
])
if
update?
raise
(
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:update_protected_tag
])
if
update?
raise
(
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:delete_protected_tag
])
if
deletion?
raise
(
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:delete_protected_tag
])
if
deletion?
unless
user_access
.
can_create_tag?
(
@
tag_name
)
unless
user_access
.
can_create_tag?
(
tag_name
)
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:create_protected_tag
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:create_protected_tag
]
end
end
end
end
private
private
def
updated_from_web?
protocol
==
'web'
end
def
tag_exists?
def
tag_exists?
project
.
repository
.
tag_exists?
(
@
tag_name
)
project
.
repository
.
tag_exists?
(
tag_name
)
end
end
def
forced_push?
def
forced_push?
Gitlab
::
Checks
::
ForcePush
.
force_push?
(
@project
,
@oldrev
,
@
newrev
)
Gitlab
::
Checks
::
ForcePush
.
force_push?
(
project
,
oldrev
,
newrev
)
end
end
def
update?
def
update?
!
Gitlab
::
Git
.
blank_ref?
(
@
oldrev
)
&&
!
deletion?
!
Gitlab
::
Git
.
blank_ref?
(
oldrev
)
&&
!
deletion?
end
end
def
deletion?
def
deletion?
Gitlab
::
Git
.
blank_ref?
(
@
newrev
)
Gitlab
::
Git
.
blank_ref?
(
newrev
)
end
end
def
matching_merge_request?
def
matching_merge_request?
Checks
::
MatchingMergeRequest
.
new
(
@newrev
,
@branch_name
,
@
project
).
match?
Checks
::
MatchingMergeRequest
.
new
(
newrev
,
branch_name
,
project
).
match?
end
end
def
lfs_objects_exist_check
def
lfs_objects_exist_check
lfs_check
=
Checks
::
LfsIntegrity
.
new
(
project
,
@
newrev
)
lfs_check
=
Checks
::
LfsIntegrity
.
new
(
project
,
newrev
)
if
lfs_check
.
objects_missing?
if
lfs_check
.
objects_missing?
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:lfs_objects_missing
]
raise
GitAccess
::
UnauthorizedError
,
ERROR_MESSAGES
[
:lfs_objects_missing
]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment