BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
1050f523
Commit
1050f523
authored
Jan 21, 2015
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'protected_branches' into 'master'
Developer can push to protected branch if allowed #1876 See merge request !1418
parents
148740cc
ab7a79bf
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
80 additions
and
40 deletions
+80
-40
merge_requests_controller.rb
app/controllers/projects/merge_requests_controller.rb
+1
-7
branches_helper.rb
app/helpers/branches_helper.rb
+2
-7
tree_helper.rb
app/helpers/tree_helper.rb
+1
-5
create_service.rb
app/services/files/create_service.rb
+1
-5
delete_service.rb
app/services/files/delete_service.rb
+1
-5
update_service.rb
app/services/files/update_service.rb
+1
-5
merge_requests.rb
lib/api/merge_requests.rb
+2
-6
git_access.rb
lib/gitlab/git_access.rb
+9
-0
git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+62
-0
No files found.
app/controllers/projects/merge_requests_controller.rb
View file @
1050f523
...
...
@@ -233,13 +233,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
end
def
allowed_to_push_code?
(
project
,
branch
)
action
=
if
project
.
protected_branch?
(
branch
)
:push_code_to_protected_branches
else
:push_code
end
can?
(
current_user
,
action
,
project
)
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
branch
)
end
def
merge_request_params
...
...
app/helpers/branches_helper.rb
View file @
1050f523
...
...
@@ -11,12 +11,7 @@ module BranchesHelper
def
can_push_branch?
(
project
,
branch_name
)
return
false
unless
project
.
repository
.
branch_names
.
include?
(
branch_name
)
action
=
if
project
.
protected_branch?
(
branch_name
)
:push_code_to_protected_branches
else
:push_code
end
current_user
.
can?
(
action
,
project
)
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
branch_name
)
end
end
app/helpers/tree_helper.rb
View file @
1050f523
...
...
@@ -58,11 +58,7 @@ module TreeHelper
ref
||=
@ref
return
false
unless
project
.
repository
.
branch_names
.
include?
(
ref
)
if
project
.
protected_branch?
ref
can?
(
current_user
,
:push_code_to_protected_branches
,
project
)
else
can?
(
current_user
,
:push_code
,
project
)
end
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
ref
)
end
def
edit_blob_link
(
project
,
ref
,
path
,
options
=
{})
...
...
app/services/files/create_service.rb
View file @
1050f523
...
...
@@ -3,11 +3,7 @@ require_relative "base_service"
module
Files
class
CreateService
<
BaseService
def
execute
allowed
=
if
project
.
protected_branch?
(
ref
)
can?
(
current_user
,
:push_code_to_protected_branches
,
project
)
else
can?
(
current_user
,
:push_code
,
project
)
end
allowed
=
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
ref
)
unless
allowed
return
error
(
"You are not allowed to create file in this branch"
)
...
...
app/services/files/delete_service.rb
View file @
1050f523
...
...
@@ -3,11 +3,7 @@ require_relative "base_service"
module
Files
class
DeleteService
<
BaseService
def
execute
allowed
=
if
project
.
protected_branch?
(
ref
)
can?
(
current_user
,
:push_code_to_protected_branches
,
project
)
else
can?
(
current_user
,
:push_code
,
project
)
end
allowed
=
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
ref
)
unless
allowed
return
error
(
"You are not allowed to push into this branch"
)
...
...
app/services/files/update_service.rb
View file @
1050f523
...
...
@@ -3,11 +3,7 @@ require_relative "base_service"
module
Files
class
UpdateService
<
BaseService
def
execute
allowed
=
if
project
.
protected_branch?
(
ref
)
can?
(
current_user
,
:push_code_to_protected_branches
,
project
)
else
can?
(
current_user
,
:push_code
,
project
)
end
allowed
=
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
project
,
ref
)
unless
allowed
return
error
(
"You are not allowed to push into this branch"
)
...
...
lib/api/merge_requests.rb
View file @
1050f523
...
...
@@ -167,13 +167,9 @@ module API
put
":id/merge_request/:merge_request_id/merge"
do
merge_request
=
user_project
.
merge_requests
.
find
(
params
[
:merge_request_id
])
action
=
if
user_project
.
protected_branch?
(
merge_request
.
target_branch
)
:push_code_to_protected_branches
else
:push_code
end
allowed
=
::
Gitlab
::
GitAccess
.
can_push_to_branch?
(
current_user
,
user_project
,
merge_request
.
target_branch
)
if
can?
(
current_user
,
action
,
user_project
)
if
allowed
if
merge_request
.
unchecked?
merge_request
.
check_if_can_be_merged
end
...
...
lib/gitlab/git_access.rb
View file @
1050f523
...
...
@@ -5,6 +5,15 @@ module Gitlab
attr_reader
:params
,
:project
,
:git_cmd
,
:user
def
self
.
can_push_to_branch?
(
user
,
project
,
ref
)
if
project
.
protected_branch?
(
ref
)
&&
!
(
project
.
developers_can_push_to_protected_branch?
(
ref
)
&&
project
.
team
.
developer?
(
user
))
user
.
can?
(
:push_code_to_protected_branches
,
project
)
else
user
.
can?
(
:push_code
,
project
)
end
end
def
check
(
actor
,
cmd
,
project
,
changes
=
nil
)
case
cmd
when
*
DOWNLOAD_COMMANDS
...
...
spec/lib/gitlab/git_access_spec.rb
View file @
1050f523
...
...
@@ -5,6 +5,68 @@ describe Gitlab::GitAccess do
let
(
:project
)
{
create
(
:project
)
}
let
(
:user
)
{
create
(
:user
)
}
describe
'can_push_to_branch?'
do
describe
'push to none protected branch'
do
it
"returns true if user is a master"
do
project
.
team
<<
[
user
,
:master
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
"random_branch"
).
should
be_true
end
it
"returns true if user is a developer"
do
project
.
team
<<
[
user
,
:developer
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
"random_branch"
).
should
be_true
end
it
"returns false if user is a reporter"
do
project
.
team
<<
[
user
,
:reporter
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
"random_branch"
).
should
be_false
end
end
describe
'push to protected branch'
do
before
do
@branch
=
create
:protected_branch
,
project:
project
end
it
"returns true if user is a master"
do
project
.
team
<<
[
user
,
:master
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_true
end
it
"returns false if user is a developer"
do
project
.
team
<<
[
user
,
:developer
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_false
end
it
"returns false if user is a reporter"
do
project
.
team
<<
[
user
,
:reporter
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_false
end
end
describe
'push to protected branch if allowed for developers'
do
before
do
@branch
=
create
:protected_branch
,
project:
project
,
developers_can_push:
true
end
it
"returns true if user is a master"
do
project
.
team
<<
[
user
,
:master
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_true
end
it
"returns true if user is a developer"
do
project
.
team
<<
[
user
,
:developer
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_true
end
it
"returns false if user is a reporter"
do
project
.
team
<<
[
user
,
:reporter
]
Gitlab
::
GitAccess
.
can_push_to_branch?
(
user
,
project
,
@branch
.
name
).
should
be_false
end
end
end
describe
'download_access_check'
do
describe
'master permissions'
do
before
{
project
.
team
<<
[
user
,
:master
]
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment