Commit d8c7efa6 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow git tag rewrite/removal unless you are master

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 7ba18536
...@@ -12,6 +12,7 @@ v 7.0.0 ...@@ -12,6 +12,7 @@ v 7.0.0
- Make it easier to implement other CI services for GitLab - Make it easier to implement other CI services for GitLab
- Group masters can create projects in group - Group masters can create projects in group
- Deprecate ruby 1.9.3 support - Deprecate ruby 1.9.3 support
- Only masters can rewrite/remove git tags
v 6.9.2 v 6.9.2
- Revert the commit that broke the LDAP user filter - Revert the commit that broke the LDAP user filter
......
...@@ -17,6 +17,6 @@ ...@@ -17,6 +17,6 @@
- if can? current_user, :download_code, @project - if can? current_user, :download_code, @project
= render 'projects/repositories/download_archive', ref: tag.name, btn_class: 'btn-grouped btn-group-small' = render 'projects/repositories/download_archive', ref: tag.name, btn_class: 'btn-grouped btn-group-small'
- if can?(current_user, :admin_project, @project) - if can?(current_user, :admin_project, @project)
= link_to project_tag_path(@project, tag.name), class: 'btn btn-small remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do = link_to project_tag_path(@project, tag.name), class: 'btn btn-small btn-remove remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do
%i.icon-trash %i.icon-trash
...@@ -27,6 +27,7 @@ If a user is a GitLab administrator they receive all permissions. ...@@ -27,6 +27,7 @@ If a user is a GitLab administrator they receive all permissions.
|Add new team members| |||✓|✓| |Add new team members| |||✓|✓|
|Push to protected branches| |||✓|✓| |Push to protected branches| |||✓|✓|
|Enable/Disable branch protection| |||✓|✓| |Enable/Disable branch protection| |||✓|✓|
|Rewrite/remove git tags| |||✓|✓|
|Edit project| |||✓|✓| |Edit project| |||✓|✓|
|Add Deploy Keys to project| |||✓|✓| |Add Deploy Keys to project| |||✓|✓|
|Configure Project Hooks| |||✓|✓| |Configure Project Hooks| |||✓|✓|
......
...@@ -53,6 +53,9 @@ module Gitlab ...@@ -53,6 +53,9 @@ module Gitlab
else else
:push_code_to_protected_branches :push_code_to_protected_branches
end end
elsif project.repository && project.repository.tag_names.include?(ref)
# Prevent any changes to existing git tag unless user has permissions
:admin_project
else else
:push_code :push_code
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment