Git Hook to check whether author is a GitLab member

76764338 · Valery Sizov · a62ad80a · 76764338 · 76764338 · 76764338
Commit 76764338 authored Oct 31, 2014 by Valery Sizov
7 changed files
--- a/app/controllers/projects/git_hooks_controller.rb
+++ b/app/controllers/projects/git_hooks_controller.rb
@@ -27,6 +27,7 @@ class Projects::GitHooksController < Projects::ApplicationController

  # Only allow a trusted parameter "white list" through.
  def git_hook_params
-    params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex, :commit_message_regex, :force_push_regex, :author_email_regex)
+    params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
+      :commit_message_regex, :force_push_regex, :author_email_regex, :member_check)
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -213,6 +213,11 @@ class User < ActiveRecord::Base
        User.where(name: name).first
    end

+    def existing_member?(email)
+      !!(User.where(email: email).first ||
+        User.joins(:emails).where(emails: { email: email }).first)
+    end
+
    def filter(filter_name)
      case filter_name
      when "admins"; self.admins

--- a/app/views/projects/git_hooks/index.html.haml
+++ b/app/views/projects/git_hooks/index.html.haml
@@ -13,13 +13,23 @@
  .form-group
    = f.label :deny_delete_tag, "Prevent tag removal", class: 'control-label'
    .col-sm-10
-      .checkbox
-        = f.check_box :deny_delete_tag
-        %span.descr
-          Do not allow users to remove git tags with
-          = succeed '.' do
-            %code git push
-          Tags can still be deleted through the web UI.
+      %label
+        .checkbox
+          = f.check_box :deny_delete_tag
+          %span.descr
+            Do not allow users to remove git tags with
+            = succeed '.' do
+              %code git push
+            Tags can still be deleted through the web UI.
+
+  .form-group
+    = f.label :member_check, "Restrict commit authors to existing Gitlab users", class: 'control-label'
+    .col-sm-10
+      %label
+        .checkbox
+          = f.check_box :member_check
+          %span.descr
+            Check whether author is a GitLab member

  -#.form-group
    = f.label :force_push_regex, "Force push", class: 'control-label'

--- a/db/migrate/20141030133853_add_member_check_to_git_hooks.rb
+++ b/db/migrate/20141030133853_add_member_check_to_git_hooks.rb
+class AddMemberCheckToGitHooks < ActiveRecord::Migration
+  def change
+    add_column :git_hooks, :member_check, :boolean, default: false, null: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20141027173526) do
+ActiveRecord::Schema.define(version: 20141030133853) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -91,7 +91,10 @@ ActiveRecord::Schema.define(version: 20141027173526) do
    t.integer  "project_id"
    t.datetime "created_at"
    t.datetime "updated_at"
+    t.string   "username_regex"
+    t.string   "email_regex"
    t.string   "author_email_regex"
+    t.boolean  "member_check",         default: false, null: false
  end

  create_table "issues", force: true do |t|

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -109,7 +109,7 @@ module Gitlab
      end

      # Check commit messages unless its branch removal
-      if (git_hook.commit_message_regex.present? || git_hook.author_email_regex.present?) && newrev !~ /00000000/
+      if (git_hook.commit_message_regex.present? || git_hook.author_email_regex.present? || git_hook.member_check) && newrev !~ /00000000/
        commits = project.repository.commits_between(oldrev, newrev)
        commits.each do |commit|
          if git_hook.commit_message_regex.present?
@@ -119,6 +119,14 @@ module Gitlab
            return false unless commit.committer_email =~ Regexp.new(git_hook.author_email_regex)
            return false unless commit.author_email =~ Regexp.new(git_hook.author_email_regex)
          end
+
+          # Check whether author is a GitLab member
+          if git_hook.member_check
+            return false unless User.existing_member?(commit.author_email)
+            if commit.author_email != commit.committer_email
+              return false unless User.existing_member?(commit.committer_email)
+            end
+          end
        end
      end


--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -449,6 +449,27 @@ describe User do
    end
  end

+  describe "#existing_member?" do
+    it "returns true for exisitng user" do
+      create :user, email: "bruno@example.com"
+
+      expect(User.existing_member?("bruno@example.com")).to be_true
+    end
+
+    it "returns false for unknown exisitng user" do
+      create :user, email: "bruno@example.com"
+
+      expect(User.existing_member?("rendom@example.com")).to be_false
+    end
+
+    it "returns true if additional email exists" do
+      user = create :user
+      user.emails.create(email: "bruno@example.com")
+
+      expect(User.existing_member?("bruno@example.com")).to be_true
+    end
+  end
+
  describe "#sort" do
    before do
      User.delete_all