Merge branch 'hooks_checkbox' into 'master'

Ability to block commits with certain filenames Implementing of this issue https://dev.gitlab.org/gitlab/gitlabhq/issues/1574 ![prohibited file names](https://dl.dropboxusercontent.com/u/936096/prohibited.png) See merge request !230

Merge branch 'hooks_checkbox' into 'master'
Ability to block commits with certain filenames Implementing of this issue https://dev.gitlab.org/gitlab/gitlabhq/issues/1574 ![prohibited file names](https://dl.dropboxusercontent.com/u/936096/prohibited.png) See merge request !230
994c2b1c · Dmitriy Zaporozhets · da86eace · b2e48f27 · 994c2b1c · 994c2b1c
Commit 994c2b1c authored Nov 05, 2014 by Dmitriy Zaporozhets
7 changed files
--- a/app/controllers/projects/git_hooks_controller.rb
+++ b/app/controllers/projects/git_hooks_controller.rb
@@ -28,6 +28,6 @@ class Projects::GitHooksController < Projects::ApplicationController
  # Only allow a trusted parameter "white list" through.
  def git_hook_params
    params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
-      :commit_message_regex, :force_push_regex, :author_email_regex, :member_check)
+      :commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex)
  end
 end
--- a/app/models/git_hook.rb
+++ b/app/models/git_hook.rb
@@ -15,6 +15,6 @@ class GitHook < ActiveRecord::Base
  end

  def commit_validation?
-    commit_message_regex.present? || author_email_regex.present? || member_check
+    commit_message_regex.present? || author_email_regex.present? || member_check || file_name_regex.present?
  end
 end
--- a/app/views/projects/git_hooks/index.html.haml
+++ b/app/views/projects/git_hooks/index.html.haml
@@ -64,5 +64,15 @@
        to be pushed.
        If this field is empty it allows any email.

+  .form-group
+    = f.label :file_name_regex, "Prohibited file names", class: 'control-label'
+    .col-sm-10
+      = f.text_field :file_name_regex, class: "form-control", placeholder: 'Example: (jar|exe)$'
+      %p.hint
+        All commited filenames must not match this
+        = link_to 'Ruby regular expression', 'http://www.ruby-doc.org/core-2.1.1/Regexp.html'
+        to be pushed.
+        If this field is empty it allows any filenames.
+    
  .form-actions
    = f.submit "Save Git hooks", class: "btn btn-create"
--- a/db/migrate/20141103160516_add_file_name_regex_to_git_hooks.rb
+++ b/db/migrate/20141103160516_add_file_name_regex_to_git_hooks.rb
+class AddFileNameRegexToGitHooks < ActiveRecord::Migration
+  def change
+    add_column :git_hooks, :file_name_regex, :string
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20141030133853) do
+ActiveRecord::Schema.define(version: 20141103160516) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -93,6 +93,7 @@ ActiveRecord::Schema.define(version: 20141030133853) do
    t.datetime "updated_at"
    t.string   "author_email_regex"
    t.boolean  "member_check",         default: false, null: false
+    t.string   "file_name_regex"
  end

  create_table "issues", force: true do |t|

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -128,6 +128,14 @@ module Gitlab
              return false unless User.existing_member?(commit.committer_email)
            end
          end
+
+          if git_hook.file_name_regex.present?
+            commit.diffs.each do |diff|
+              if diff.renamed_file || diff.new_file
+                return false if diff.new_path =~ Regexp.new(git_hook.file_name_regex)
+              end
+            end
+          end
        end
      end


--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -124,4 +124,48 @@ describe Gitlab::GitAccess do
      end
    end
  end
+
+  describe "pass_git_hooks?" do
+    describe "author email check" do
+      it 'returns true' do
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '6f6d7e7ed', '570e7b2ab').should be_true
+      end
+
+      it 'returns false' do
+        project.create_git_hook
+        project.git_hook.update(commit_message_regex: "@only.com")
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '6f6d7e7ed', '570e7b2ab').should be_false
+      end
+    end
+
+    describe "member_check" do
+      before do
+        project.create_git_hook
+        project.git_hook.update(member_check: true)
+      end
+
+      it 'returns false for non-member user' do
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '6f6d7e7ed', '570e7b2ab').should be_false
+      end
+
+      it 'returns true if committer is a gitlab member' do
+        create(:user, email: 'dmitriy.zaporozhets@gmail.com')
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '6f6d7e7ed', '570e7b2ab').should be_true
+      end
+    end
+
+    describe "file names check" do
+      it 'returns false when filename is prohibited' do
+        project.create_git_hook
+        project.git_hook.update(file_name_regex: "jpg$")
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '913c66a37', '33f3729a4').should be_false
+      end
+
+      it 'returns true if file name is allowed' do
+        project.create_git_hook
+        project.git_hook.update(file_name_regex: "exe$")
+        access.pass_git_hooks?(user, project, 'refs/heads/master', '913c66a37', '33f3729a4').should be_true
+      end
+    end
+  end
 end