Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3b6f8309
Commit
3b6f8309
authored
Oct 08, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'developer-can-push-wiki' into 'master'
Developer can push wiki Fixes #1630 See merge request !1159
parents
51ed8b7e
06c91aa2
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
63 additions
and
22 deletions
+63
-22
lib/api/internal.rb
lib/api/internal.rb
+10
-3
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+24
-19
lib/gitlab/git_access_wiki.rb
lib/gitlab/git_access_wiki.rb
+7
-0
spec/lib/gitlab/git_access_wiki_spec.rb
spec/lib/gitlab/git_access_wiki_spec.rb
+22
-0
No files found.
lib/api/internal.rb
View file @
3b6f8309
...
@@ -14,13 +14,20 @@ module API
...
@@ -14,13 +14,20 @@ module API
#
#
post
"/allowed"
do
post
"/allowed"
do
status
200
status
200
project_path
=
params
[
:project
]
# Check for *.wiki repositories.
# Check for *.wiki repositories.
# Strip out the .wiki from the pathname before finding the
# Strip out the .wiki from the pathname before finding the
# project. This applies the correct project permissions to
# project. This applies the correct project permissions to
# the wiki repository as well.
# the wiki repository as well.
project_path
=
params
[
:project
]
access
=
project_path
.
gsub!
(
/\.wiki/
,
''
)
if
project_path
=~
/\.wiki/
if
project_path
=~
/\.wiki\Z/
project_path
.
sub!
(
/\.wiki\Z/
,
''
)
Gitlab
::
GitAccessWiki
.
new
else
Gitlab
::
GitAccess
.
new
end
project
=
Project
.
find_with_namespace
(
project_path
)
project
=
Project
.
find_with_namespace
(
project_path
)
return
false
unless
project
return
false
unless
project
...
@@ -32,7 +39,7 @@ module API
...
@@ -32,7 +39,7 @@ module API
return
false
unless
actor
return
false
unless
actor
Gitlab
::
GitAccess
.
new
.
allowed?
(
access
.
allowed?
(
actor
,
actor
,
params
[
:action
],
params
[
:action
],
project
,
project
,
...
...
lib/gitlab/git_access.rb
View file @
3b6f8309
...
@@ -49,25 +49,7 @@ module Gitlab
...
@@ -49,25 +49,7 @@ module Gitlab
# Iterate over all changes to find if user allowed all of them to be applied
# Iterate over all changes to find if user allowed all of them to be applied
changes
.
each
do
|
change
|
changes
.
each
do
|
change
|
oldrev
,
newrev
,
ref
=
change
.
split
(
' '
)
unless
change_allowed?
(
user
,
project
,
change
)
action
=
if
project
.
protected_branch?
(
branch_name
(
ref
))
# we dont allow force push to protected branch
if
forced_push?
(
project
,
oldrev
,
newrev
)
:force_push_code_to_protected_branches
# and we dont allow remove of protected branch
elsif
newrev
=~
/0000000/
:remove_protected_branches
else
:push_code_to_protected_branches
end
elsif
project
.
repository
&&
project
.
repository
.
tag_names
.
include?
(
tag_name
(
ref
))
# Prevent any changes to existing git tag unless user has permissions
:admin_project
else
:push_code
end
unless
user
.
can?
(
action
,
project
)
# If user does not have access to make at least one change - cancel all push
# If user does not have access to make at least one change - cancel all push
return
false
return
false
end
end
...
@@ -77,6 +59,29 @@ module Gitlab
...
@@ -77,6 +59,29 @@ module Gitlab
true
true
end
end
def
change_allowed?
(
user
,
project
,
change
)
oldrev
,
newrev
,
ref
=
change
.
split
(
' '
)
action
=
if
project
.
protected_branch?
(
branch_name
(
ref
))
# we dont allow force push to protected branch
if
forced_push?
(
project
,
oldrev
,
newrev
)
:force_push_code_to_protected_branches
# and we dont allow remove of protected branch
elsif
newrev
=~
/0000000/
:remove_protected_branches
else
:push_code_to_protected_branches
end
elsif
project
.
repository
&&
project
.
repository
.
tag_names
.
include?
(
tag_name
(
ref
))
# Prevent any changes to existing git tag unless user has permissions
:admin_project
else
:push_code
end
user
.
can?
(
action
,
project
)
end
def
forced_push?
(
project
,
oldrev
,
newrev
)
def
forced_push?
(
project
,
oldrev
,
newrev
)
return
false
if
project
.
empty_repo?
return
false
if
project
.
empty_repo?
...
...
lib/gitlab/git_access_wiki.rb
0 → 100644
View file @
3b6f8309
module
Gitlab
class
GitAccessWiki
<
GitAccess
def
change_allowed?
(
user
,
project
,
change
)
user
.
can?
(
:write_wiki
,
project
)
end
end
end
spec/lib/gitlab/git_access_wiki_spec.rb
0 → 100644
View file @
3b6f8309
require
'spec_helper'
describe
Gitlab
::
GitAccessWiki
do
let
(
:access
)
{
Gitlab
::
GitAccessWiki
.
new
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:user
)
{
create
(
:user
)
}
describe
'push_allowed?'
do
before
do
create
(
:protected_branch
,
name:
'master'
,
project:
project
)
project
.
team
<<
[
user
,
:developer
]
end
subject
{
access
.
push_allowed?
(
user
,
project
,
changes
)
}
it
{
should
be_true
}
end
def
changes
[
'6f6d7e7ed 570e7b2ab refs/heads/master'
]
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment