Commit 76764338 authored by Valery Sizov's avatar Valery Sizov

Git Hook to check whether author is a GitLab member

parent a62ad80a
......@@ -27,6 +27,7 @@ class Projects::GitHooksController < Projects::ApplicationController
# Only allow a trusted parameter "white list" through.
def git_hook_params
params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex, :commit_message_regex, :force_push_regex, :author_email_regex)
params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
:commit_message_regex, :force_push_regex, :author_email_regex, :member_check)
end
end
......@@ -213,6 +213,11 @@ class User < ActiveRecord::Base
User.where(name: name).first
end
def existing_member?(email)
!!(User.where(email: email).first ||
User.joins(:emails).where(emails: { email: email }).first)
end
def filter(filter_name)
case filter_name
when "admins"; self.admins
......
......@@ -13,6 +13,7 @@
.form-group
= f.label :deny_delete_tag, "Prevent tag removal", class: 'control-label'
.col-sm-10
%label
.checkbox
= f.check_box :deny_delete_tag
%span.descr
......@@ -21,6 +22,15 @@
%code git push
Tags can still be deleted through the web UI.
.form-group
= f.label :member_check, "Restrict commit authors to existing Gitlab users", class: 'control-label'
.col-sm-10
%label
.checkbox
= f.check_box :member_check
%span.descr
Check whether author is a GitLab member
-#.form-group
= f.label :force_push_regex, "Force push", class: 'control-label'
.col-sm-10
......
class AddMemberCheckToGitHooks < ActiveRecord::Migration
def change
add_column :git_hooks, :member_check, :boolean, default: false, null: false
end
end
......@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20141027173526) do
ActiveRecord::Schema.define(version: 20141030133853) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
......@@ -91,7 +91,10 @@ ActiveRecord::Schema.define(version: 20141027173526) do
t.integer "project_id"
t.datetime "created_at"
t.datetime "updated_at"
t.string "username_regex"
t.string "email_regex"
t.string "author_email_regex"
t.boolean "member_check", default: false, null: false
end
create_table "issues", force: true do |t|
......
......@@ -109,7 +109,7 @@ module Gitlab
end
# Check commit messages unless its branch removal
if (git_hook.commit_message_regex.present? || git_hook.author_email_regex.present?) && newrev !~ /00000000/
if (git_hook.commit_message_regex.present? || git_hook.author_email_regex.present? || git_hook.member_check) && newrev !~ /00000000/
commits = project.repository.commits_between(oldrev, newrev)
commits.each do |commit|
if git_hook.commit_message_regex.present?
......@@ -119,6 +119,14 @@ module Gitlab
return false unless commit.committer_email =~ Regexp.new(git_hook.author_email_regex)
return false unless commit.author_email =~ Regexp.new(git_hook.author_email_regex)
end
# Check whether author is a GitLab member
if git_hook.member_check
return false unless User.existing_member?(commit.author_email)
if commit.author_email != commit.committer_email
return false unless User.existing_member?(commit.committer_email)
end
end
end
end
......
......@@ -449,6 +449,27 @@ describe User do
end
end
describe "#existing_member?" do
it "returns true for exisitng user" do
create :user, email: "bruno@example.com"
expect(User.existing_member?("bruno@example.com")).to be_true
end
it "returns false for unknown exisitng user" do
create :user, email: "bruno@example.com"
expect(User.existing_member?("rendom@example.com")).to be_false
end
it "returns true if additional email exists" do
user = create :user
user.emails.create(email: "bruno@example.com")
expect(User.existing_member?("bruno@example.com")).to be_true
end
end
describe "#sort" do
before do
User.delete_all
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment