diff --git a/config/initializers/grack_auth.rb b/config/initializers/grack_auth.rb index 27a0a1db9037a98ac8d1f44dc60c1141d1469d62..bb34ce6dc54c266b8a0356670aa2106b3f781d21 100644 --- a/config/initializers/grack_auth.rb +++ b/config/initializers/grack_auth.rb @@ -18,14 +18,29 @@ module Grack elsif @env['REQUEST_METHOD'] == 'POST' if @env['REQUEST_URI'].end_with?('git-upload-pack') return project.dev_access_for?(user) - elsif @env['REQUEST_URI'].end_with?('git-upload-pack') - #TODO master branch protection - return project.dev_access_for?(user) + elsif @env['REQUEST_URI'].end_with?('git-receive-pack') + if project.protected_branches.map(&:name).include?(current_ref) + project.master_access_for?(user) + else + project.dev_access_for?(user) + end else false end + else + false end - end# valid? + + def current_ref + if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/ + input = Zlib::GzipReader.new(@request.body).string + else + input = @request.body.string + end + + oldrev, newrev, ref = input.split(' ') + /refs\/heads\/([\w-]+)/.match(ref).to_a.last + end end# Auth end# Grack