Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
0306a4e2
Commit
0306a4e2
authored
Sep 01, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rewrite GitAccess for gitlab-shell v2
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
4102eb3b
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
13 deletions
+33
-13
GITLAB_SHELL_VERSION
GITLAB_SHELL_VERSION
+1
-1
lib/api/internal.rb
lib/api/internal.rb
+1
-4
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+31
-8
No files found.
GITLAB_SHELL_VERSION
View file @
0306a4e2
1.9.7
2.0.0
lib/api/internal.rb
View file @
0306a4e2
...
@@ -34,10 +34,7 @@ module API
...
@@ -34,10 +34,7 @@ module API
actor
,
actor
,
params
[
:action
],
params
[
:action
],
project
,
project
,
params
[
:ref
],
params
[
:changes
]
params
[
:oldrev
],
params
[
:newrev
],
params
[
:forced_push
]
)
)
end
end
...
...
lib/gitlab/git_access.rb
View file @
0306a4e2
...
@@ -5,7 +5,7 @@ module Gitlab
...
@@ -5,7 +5,7 @@ module Gitlab
attr_reader
:params
,
:project
,
:git_cmd
,
:user
attr_reader
:params
,
:project
,
:git_cmd
,
:user
def
allowed?
(
actor
,
cmd
,
project
,
ref
=
nil
,
oldrev
=
nil
,
newrev
=
nil
,
forced_push
=
false
)
def
allowed?
(
actor
,
cmd
,
project
,
changes
=
nil
)
case
cmd
case
cmd
when
*
DOWNLOAD_COMMANDS
when
*
DOWNLOAD_COMMANDS
if
actor
.
is_a?
User
if
actor
.
is_a?
User
...
@@ -19,12 +19,12 @@ module Gitlab
...
@@ -19,12 +19,12 @@ module Gitlab
end
end
when
*
PUSH_COMMANDS
when
*
PUSH_COMMANDS
if
actor
.
is_a?
User
if
actor
.
is_a?
User
push_allowed?
(
actor
,
project
,
ref
,
oldrev
,
newrev
,
forced_push
)
push_allowed?
(
actor
,
project
,
changes
)
elsif
actor
.
is_a?
DeployKey
elsif
actor
.
is_a?
DeployKey
# Deploy key not allowed to push
# Deploy key not allowed to push
return
false
return
false
elsif
actor
.
is_a?
Key
elsif
actor
.
is_a?
Key
push_allowed?
(
actor
.
user
,
project
,
ref
,
oldrev
,
newrev
,
forced_push
)
push_allowed?
(
actor
.
user
,
project
,
changes
)
else
else
raise
'Wrong actor'
raise
'Wrong actor'
end
end
...
@@ -41,13 +41,21 @@ module Gitlab
...
@@ -41,13 +41,21 @@ module Gitlab
end
end
end
end
def
push_allowed?
(
user
,
project
,
ref
,
oldrev
,
newrev
,
forced_push
)
def
push_allowed?
(
user
,
project
,
changes
)
if
user
&&
user_allowed?
(
user
)
return
false
unless
user
&&
user_allowed?
(
user
)
return
true
if
changes
.
blank?
changes
=
changes
.
lines
if
changes
.
kind_of?
(
String
)
# Iterate over all changes to find if user allowed all of them to be applied
changes
.
each
do
|
change
|
oldrev
,
newrev
,
ref
=
changes
.
split
(
''
)
action
=
if
project
.
protected_branch?
(
ref
)
action
=
if
project
.
protected_branch?
(
ref
)
# we dont allow force push to protected branch
# we dont allow force push to protected branch
if
forced_push
.
to_s
==
'true'
if
forced_push
?
(
oldrev
,
newrev
)
:force_push_code_to_protected_branches
:force_push_code_to_protected_branches
# and we dont allow remove of protected branch
# and we dont allow remove of protected branch
elsif
newrev
=~
/0000000/
elsif
newrev
=~
/0000000/
:remove_protected_branches
:remove_protected_branches
else
else
...
@@ -59,7 +67,22 @@ module Gitlab
...
@@ -59,7 +67,22 @@ module Gitlab
else
else
:push_code
:push_code
end
end
user
.
can?
(
action
,
project
)
unless
user
.
can?
(
action
,
project
)
# If user does not have access to make at least one change - cancel all push
return
false
end
end
# If user has access to make all changes
true
end
def
forced_push?
(
oldrev
,
newrev
)
return
false
if
project
.
empty_repo?
if
oldrev
!~
/00000000/
&&
newrev
!~
/00000000/
missed_refs
=
IO
.
popen
(
%W(git --git-dir=
#{
project
.
repository
.
path_to_repo
}
rev-list
#{
oldrev
}
^
#{
newrev
}
)
).
read
missed_refs
.
split
(
"
\n
"
).
size
>
0
else
else
false
false
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment