Adding upstream version 9.0.3.

Signed-off-by: Daniel Baumann <daniel@debian.org>

1 files changed, 629 insertions, 0 deletions

diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
new file mode 100644
index 0000000..4b8439d
--- /dev/null
+++ b/routers/private/hook_pre_receive.go
@@ -0,0 +1,629 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package private
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+
+	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	git_model "code.gitea.io/gitea/models/git"
+	issues_model "code.gitea.io/gitea/models/issues"
+	perm_model "code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
+	quota_model "code.gitea.io/gitea/models/quota"
+	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	gitea_context "code.gitea.io/gitea/services/context"
+	pull_service "code.gitea.io/gitea/services/pull"
+)
+
+type preReceiveContext struct {
+	*gitea_context.PrivateContext
+
+	// loadedPusher indicates that where the following information are loaded
+	loadedPusher        bool
+	user                *user_model.User // it's the org user if a DeployKey is used
+	userPerm            access_model.Permission
+	deployKeyAccessMode perm_model.AccessMode
+
+	canCreatePullRequest        bool
+	checkedCanCreatePullRequest bool
+
+	canWriteCode        bool
+	checkedCanWriteCode bool
+
+	protectedTags    []*git_model.ProtectedTag
+	gotProtectedTags bool
+
+	env []string
+
+	opts *private.HookOptions
+
+	isOverQuota bool
+
+	branchName string
+}
+
+// CanWriteCode returns true if pusher can write code
+func (ctx *preReceiveContext) CanWriteCode() bool {
+	if !ctx.checkedCanWriteCode {
+		if !ctx.loadPusherAndPermission() {
+			return false
+		}
+		ctx.canWriteCode = issues_model.CanMaintainerWriteToBranch(ctx, ctx.userPerm, ctx.branchName, ctx.user) || ctx.deployKeyAccessMode >= perm_model.AccessModeWrite
+		ctx.checkedCanWriteCode = true
+	}
+	return ctx.canWriteCode
+}
+
+// AssertCanWriteCode returns true if pusher can write code
+func (ctx *preReceiveContext) AssertCanWriteCode() bool {
+	if !ctx.CanWriteCode() {
+		if ctx.Written() {
+			return false
+		}
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: "User permission denied for writing.",
+		})
+		return false
+	}
+	return true
+}
+
+// CanCreatePullRequest returns true if pusher can create pull requests
+func (ctx *preReceiveContext) CanCreatePullRequest() bool {
+	if !ctx.checkedCanCreatePullRequest {
+		if !ctx.loadPusherAndPermission() {
+			return false
+		}
+		ctx.canCreatePullRequest = ctx.userPerm.CanRead(unit.TypePullRequests)
+		ctx.checkedCanCreatePullRequest = true
+	}
+	return ctx.canCreatePullRequest
+}
+
+// AssertCreatePullRequest returns true if can create pull requests
+func (ctx *preReceiveContext) AssertCreatePullRequest() bool {
+	if !ctx.CanCreatePullRequest() {
+		if ctx.Written() {
+			return false
+		}
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: "User permission denied for creating pull-request.",
+		})
+		return false
+	}
+	return true
+}
+
+var errPermissionDenied = errors.New("permission denied for changing repo settings")
+
+func (ctx *preReceiveContext) canChangeSettings() error {
+	if !ctx.loadPusherAndPermission() {
+		return errPermissionDenied
+	}
+
+	if !ctx.userPerm.IsOwner() && !ctx.userPerm.IsAdmin() {
+		return errPermissionDenied
+	}
+
+	if ctx.Repo.Repository.IsFork {
+		return errPermissionDenied
+	}
+
+	return nil
+}
+
+func (ctx *preReceiveContext) validatePushOptions() error {
+	opts := web.GetForm(ctx).(*private.HookOptions)
+
+	if opts.GetGitPushOptions().ChangeRepoSettings() {
+		return ctx.canChangeSettings()
+	}
+
+	return nil
+}
+
+func (ctx *preReceiveContext) assertPushOptions() bool {
+	if err := ctx.validatePushOptions(); err != nil {
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: fmt.Sprintf("options validation failed: %v", err),
+		})
+		return false
+	}
+	return true
+}
+
+func (ctx *preReceiveContext) checkQuota() error {
+	if !setting.Quota.Enabled {
+		ctx.isOverQuota = false
+		return nil
+	}
+
+	if !ctx.loadPusherAndPermission() {
+		ctx.isOverQuota = true
+		return nil
+	}
+
+	ok, err := quota_model.EvaluateForUser(ctx, ctx.PrivateContext.Repo.Repository.OwnerID, quota_model.LimitSubjectSizeReposAll)
+	if err != nil {
+		log.Error("quota_model.EvaluateForUser: %v", err)
+		ctx.JSON(http.StatusInternalServerError, private.Response{
+			UserMsg: "Error checking user quota",
+		})
+		return err
+	}
+
+	ctx.isOverQuota = !ok
+	return nil
+}
+
+func (ctx *preReceiveContext) quotaExceeded() {
+	ctx.JSON(http.StatusRequestEntityTooLarge, private.Response{
+		UserMsg: "Quota exceeded",
+	})
+}
+
+// HookPreReceive checks whether a individual commit is acceptable
+func HookPreReceive(ctx *gitea_context.PrivateContext) {
+	opts := web.GetForm(ctx).(*private.HookOptions)
+
+	ourCtx := &preReceiveContext{
+		PrivateContext: ctx,
+		env:            generateGitEnv(opts), // Generate git environment for checking commits
+		opts:           opts,
+	}
+
+	if !ourCtx.assertPushOptions() {
+		log.Trace("Git push options validation failed")
+		return
+	}
+	log.Trace("Git push options validation succeeded")
+
+	if err := ourCtx.checkQuota(); err != nil {
+		return
+	}
+
+	// Iterate across the provided old commit IDs
+	for i := range opts.OldCommitIDs {
+		oldCommitID := opts.OldCommitIDs[i]
+		newCommitID := opts.NewCommitIDs[i]
+		refFullName := opts.RefFullNames[i]
+
+		switch {
+		case refFullName.IsBranch():
+			preReceiveBranch(ourCtx, oldCommitID, newCommitID, refFullName)
+		case refFullName.IsTag():
+			preReceiveTag(ourCtx, oldCommitID, newCommitID, refFullName)
+		case git.SupportProcReceive && refFullName.IsFor():
+			preReceiveFor(ourCtx, oldCommitID, newCommitID, refFullName)
+		default:
+			if ourCtx.isOverQuota {
+				ourCtx.quotaExceeded()
+				return
+			}
+			ourCtx.AssertCanWriteCode()
+		}
+		if ctx.Written() {
+			return
+		}
+	}
+
+	ctx.PlainText(http.StatusOK, "ok")
+}
+
+func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, refFullName git.RefName) {
+	branchName := refFullName.BranchName()
+	ctx.branchName = branchName
+
+	if !ctx.AssertCanWriteCode() {
+		return
+	}
+
+	repo := ctx.Repo.Repository
+	gitRepo := ctx.Repo.GitRepo
+	objectFormat := ctx.Repo.GetObjectFormat()
+
+	if branchName == repo.DefaultBranch && newCommitID == objectFormat.EmptyObjectID().String() {
+		log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo)
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: fmt.Sprintf("branch %s is the default branch and cannot be deleted", branchName),
+		})
+		return
+	}
+
+	protectBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, branchName)
+	if err != nil {
+		log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
+		ctx.JSON(http.StatusInternalServerError, private.Response{
+			Err: err.Error(),
+		})
+		return
+	}
+
+	// Allow pushes to non-protected branches
+	if protectBranch == nil {
+		// ...unless the user is over quota, and the operation is not a delete
+		if newCommitID != objectFormat.EmptyObjectID().String() && ctx.isOverQuota {
+			ctx.quotaExceeded()
+		}
+
+		return
+	}
+	protectBranch.Repo = repo
+
+	// This ref is a protected branch.
+	//
+	// First of all we need to enforce absolutely:
+	//
+	// 1. Detect and prevent deletion of the branch
+	if newCommitID == objectFormat.EmptyObjectID().String() {
+		log.Warn("Forbidden: Branch: %s in %-v is protected from deletion", branchName, repo)
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: fmt.Sprintf("branch %s is protected from deletion", branchName),
+		})
+		return
+	}
+
+	// 2. Disallow force pushes to protected branches
+	if oldCommitID != objectFormat.EmptyObjectID().String() {
+		output, _, err := git.NewCommand(ctx, "rev-list", "--max-count=1").AddDynamicArguments(oldCommitID, "^"+newCommitID).RunStdString(&git.RunOpts{Dir: repo.RepoPath(), Env: ctx.env})
+		if err != nil {
+			log.Error("Unable to detect force push between: %s and %s in %-v Error: %v", oldCommitID, newCommitID, repo, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Fail to detect force push: %v", err),
+			})
+			return
+		} else if len(output) > 0 {
+			log.Warn("Forbidden: Branch: %s in %-v is protected from force push", branchName, repo)
+			ctx.JSON(http.StatusForbidden, private.Response{
+				UserMsg: fmt.Sprintf("branch %s is protected from force push", branchName),
+			})
+			return
+		}
+	}
+
+	// 3. Enforce require signed commits
+	if protectBranch.RequireSignedCommits {
+		err := verifyCommits(oldCommitID, newCommitID, gitRepo, ctx.env)
+		if err != nil {
+			if !isErrUnverifiedCommit(err) {
+				log.Error("Unable to check commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+				ctx.JSON(http.StatusInternalServerError, private.Response{
+					Err: fmt.Sprintf("Unable to check commits from %s to %s: %v", oldCommitID, newCommitID, err),
+				})
+				return
+			}
+			unverifiedCommit := err.(*errUnverifiedCommit).sha
+			log.Warn("Forbidden: Branch: %s in %-v is protected from unverified commit %s", branchName, repo, unverifiedCommit)
+			ctx.JSON(http.StatusForbidden, private.Response{
+				UserMsg: fmt.Sprintf("branch %s is protected from unverified commit %s", branchName, unverifiedCommit),
+			})
+			return
+		}
+	}
+
+	// Now there are several tests which can be overridden:
+	//
+	// 4. Check protected file patterns - this is overridable from the UI
+	changedProtectedfiles := false
+	protectedFilePath := ""
+
+	globs := protectBranch.GetProtectedFilePatterns()
+	if len(globs) > 0 {
+		_, err := pull_service.CheckFileProtection(gitRepo, oldCommitID, newCommitID, globs, 1, ctx.env)
+		if err != nil {
+			if !models.IsErrFilePathProtected(err) {
+				log.Error("Unable to check file protection for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+				ctx.JSON(http.StatusInternalServerError, private.Response{
+					Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+				})
+				return
+			}
+
+			changedProtectedfiles = true
+			protectedFilePath = err.(models.ErrFilePathProtected).Path
+		}
+	}
+
+	// 5. Check if the doer is allowed to push
+	var canPush bool
+	if ctx.opts.DeployKeyID != 0 {
+		canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableWhitelist || protectBranch.WhitelistDeployKeys)
+	} else {
+		user, err := user_model.GetUserByID(ctx, ctx.opts.UserID)
+		if err != nil {
+			log.Error("Unable to GetUserByID for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to GetUserByID for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+			})
+			return
+		}
+		canPush = !changedProtectedfiles && protectBranch.CanUserPush(ctx, user)
+	}
+
+	// 6. If we're not allowed to push directly
+	if !canPush {
+		// Is this is a merge from the UI/API?
+		if ctx.opts.PullRequestID == 0 {
+			// 6a. If we're not merging from the UI/API then there are two ways we got here:
+			//
+			// We are changing a protected file and we're not allowed to do that
+			if changedProtectedfiles {
+				log.Warn("Forbidden: Branch: %s in %-v is protected from changing file %s", branchName, repo, protectedFilePath)
+				ctx.JSON(http.StatusForbidden, private.Response{
+					UserMsg: fmt.Sprintf("branch %s is protected from changing file %s", branchName, protectedFilePath),
+				})
+				return
+			}
+
+			// Allow commits that only touch unprotected files
+			globs := protectBranch.GetUnprotectedFilePatterns()
+			if len(globs) > 0 {
+				unprotectedFilesOnly, err := pull_service.CheckUnprotectedFiles(gitRepo, oldCommitID, newCommitID, globs, ctx.env)
+				if err != nil {
+					log.Error("Unable to check file protection for commits from %s to %s in %-v: %v", oldCommitID, newCommitID, repo, err)
+					ctx.JSON(http.StatusInternalServerError, private.Response{
+						Err: fmt.Sprintf("Unable to check file protection for commits from %s to %s: %v", oldCommitID, newCommitID, err),
+					})
+					return
+				}
+				if unprotectedFilesOnly {
+					// Commit only touches unprotected files, this is allowed
+					return
+				}
+			}
+
+			// Or we're simply not able to push to this protected branch
+			log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", ctx.opts.UserID, branchName, repo)
+			ctx.JSON(http.StatusForbidden, private.Response{
+				UserMsg: fmt.Sprintf("Not allowed to push to protected branch %s", branchName),
+			})
+			return
+		}
+		// 6b. Merge (from UI or API)
+
+		// Get the PR, user and permissions for the user in the repository
+		pr, err := issues_model.GetPullRequestByID(ctx, ctx.opts.PullRequestID)
+		if err != nil {
+			log.Error("Unable to get PullRequest %d Error: %v", ctx.opts.PullRequestID, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get PullRequest %d Error: %v", ctx.opts.PullRequestID, err),
+			})
+			return
+		}
+
+		// although we should have called `loadPusherAndPermission` before, here we call it explicitly again because we need to access ctx.user below
+		if !ctx.loadPusherAndPermission() {
+			// if error occurs, loadPusherAndPermission had written the error response
+			return
+		}
+
+		// Now check if the user is allowed to merge PRs for this repository
+		// Note: we can use ctx.perm and ctx.user directly as they will have been loaded above
+		allowedMerge, err := pull_service.IsUserAllowedToMerge(ctx, pr, ctx.userPerm, ctx.user)
+		if err != nil {
+			log.Error("Error calculating if allowed to merge: %v", err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Error calculating if allowed to merge: %v", err),
+			})
+			return
+		}
+
+		if !allowedMerge {
+			log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v and is not allowed to merge pr #%d", ctx.opts.UserID, branchName, repo, pr.Index)
+			ctx.JSON(http.StatusForbidden, private.Response{
+				UserMsg: fmt.Sprintf("Not allowed to push to protected branch %s", branchName),
+			})
+			return
+		}
+
+		// If we're an admin for the instance, we can ignore checks
+		if ctx.user.IsAdmin {
+			return
+		}
+
+		// It's not allowed t overwrite protected files. Unless if the user is an
+		// admin and the protected branch rule doesn't apply to admins.
+		if changedProtectedfiles && (!ctx.userPerm.IsAdmin() || protectBranch.ApplyToAdmins) {
+			log.Warn("Forbidden: Branch: %s in %-v is protected from changing file %s", branchName, repo, protectedFilePath)
+			ctx.JSON(http.StatusForbidden, private.Response{
+				UserMsg: fmt.Sprintf("branch %s is protected from changing file %s", branchName, protectedFilePath),
+			})
+			return
+		}
+
+		// Check all status checks and reviews are ok
+		if pb, err := pull_service.CheckPullBranchProtections(ctx, pr, true); err != nil {
+			if models.IsErrDisallowedToMerge(err) {
+				// Allow this if the rule doesn't apply to admins and the user is an admin.
+				if ctx.userPerm.IsAdmin() && !pb.ApplyToAdmins {
+					return
+				}
+				log.Warn("Forbidden: User %d is not allowed push to protected branch %s in %-v and pr #%d is not ready to be merged: %s", ctx.opts.UserID, branchName, repo, pr.Index, err.Error())
+				ctx.JSON(http.StatusForbidden, private.Response{
+					UserMsg: fmt.Sprintf("Not allowed to push to protected branch %s and pr #%d is not ready to be merged: %s", branchName, ctx.opts.PullRequestID, err.Error()),
+				})
+				return
+			}
+			log.Error("Unable to check if mergeable: protected branch %s in %-v and pr #%d. Error: %v", ctx.opts.UserID, branchName, repo, pr.Index, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get status of pull request %d. Error: %v", ctx.opts.PullRequestID, err),
+			})
+			return
+		}
+	}
+}
+
+func preReceiveTag(ctx *preReceiveContext, oldCommitID, newCommitID string, refFullName git.RefName) { //nolint:unparam
+	if !ctx.AssertCanWriteCode() {
+		return
+	}
+
+	tagName := refFullName.TagName()
+
+	if !ctx.gotProtectedTags {
+		var err error
+		ctx.protectedTags, err = git_model.GetProtectedTags(ctx, ctx.Repo.Repository.ID)
+		if err != nil {
+			log.Error("Unable to get protected tags for %-v Error: %v", ctx.Repo.Repository, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: err.Error(),
+			})
+			return
+		}
+		ctx.gotProtectedTags = true
+	}
+
+	isAllowed, err := git_model.IsUserAllowedToControlTag(ctx, ctx.protectedTags, tagName, ctx.opts.UserID)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, private.Response{
+			Err: err.Error(),
+		})
+		return
+	}
+	if !isAllowed {
+		log.Warn("Forbidden: Tag %s in %-v is protected", tagName, ctx.Repo.Repository)
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: fmt.Sprintf("Tag %s is protected", tagName),
+		})
+		return
+	}
+
+	// If the user is over quota, and the push isn't a tag deletion, deny it
+	if ctx.isOverQuota {
+		objectFormat := ctx.Repo.GetObjectFormat()
+		if newCommitID != objectFormat.EmptyObjectID().String() {
+			ctx.quotaExceeded()
+			return
+		}
+	}
+}
+
+func preReceiveFor(ctx *preReceiveContext, oldCommitID, newCommitID string, refFullName git.RefName) { //nolint:unparam
+	if !ctx.AssertCreatePullRequest() {
+		return
+	}
+
+	if ctx.Repo.Repository.IsEmpty {
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: "Can't create pull request for an empty repository.",
+		})
+		return
+	}
+
+	if ctx.opts.IsWiki {
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: "Pull requests are not supported on the wiki.",
+		})
+		return
+	}
+
+	baseBranchName := refFullName.ForBranchName()
+
+	baseBranchExist := false
+	if ctx.Repo.GitRepo.IsBranchExist(baseBranchName) {
+		baseBranchExist = true
+	}
+
+	if !baseBranchExist {
+		for p, v := range baseBranchName {
+			if v == '/' && ctx.Repo.GitRepo.IsBranchExist(baseBranchName[:p]) && p != len(baseBranchName)-1 {
+				baseBranchExist = true
+				break
+			}
+		}
+	}
+
+	if !baseBranchExist {
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: fmt.Sprintf("Unexpected ref: %s", refFullName),
+		})
+		return
+	}
+}
+
+func generateGitEnv(opts *private.HookOptions) (env []string) {
+	env = os.Environ()
+	if opts.GitAlternativeObjectDirectories != "" {
+		env = append(env,
+			private.GitAlternativeObjectDirectories+"="+opts.GitAlternativeObjectDirectories)
+	}
+	if opts.GitObjectDirectory != "" {
+		env = append(env,
+			private.GitObjectDirectory+"="+opts.GitObjectDirectory)
+	}
+	if opts.GitQuarantinePath != "" {
+		env = append(env,
+			private.GitQuarantinePath+"="+opts.GitQuarantinePath)
+	}
+	return env
+}
+
+// loadPusherAndPermission returns false if an error occurs, and it writes the error response
+func (ctx *preReceiveContext) loadPusherAndPermission() bool {
+	if ctx.loadedPusher {
+		return true
+	}
+
+	if ctx.opts.UserID == user_model.ActionsUserID {
+		ctx.user = user_model.NewActionsUser()
+		ctx.userPerm.AccessMode = perm_model.AccessMode(ctx.opts.ActionPerm)
+		if err := ctx.Repo.Repository.LoadUnits(ctx); err != nil {
+			log.Error("Unable to get User id %d Error: %v", ctx.opts.UserID, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get User id %d Error: %v", ctx.opts.UserID, err),
+			})
+			return false
+		}
+		ctx.userPerm.Units = ctx.Repo.Repository.Units
+		ctx.userPerm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
+		for _, u := range ctx.Repo.Repository.Units {
+			ctx.userPerm.UnitsMode[u.Type] = ctx.userPerm.AccessMode
+		}
+	} else {
+		user, err := user_model.GetUserByID(ctx, ctx.opts.UserID)
+		if err != nil {
+			log.Error("Unable to get User id %d Error: %v", ctx.opts.UserID, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get User id %d Error: %v", ctx.opts.UserID, err),
+			})
+			return false
+		}
+		ctx.user = user
+		userPerm, err := access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, user)
+		if err != nil {
+			log.Error("Unable to get Repo permission of repo %s/%s of User %s: %v", ctx.Repo.Repository.OwnerName, ctx.Repo.Repository.Name, user.Name, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get Repo permission of repo %s/%s of User %s: %v", ctx.Repo.Repository.OwnerName, ctx.Repo.Repository.Name, user.Name, err),
+			})
+			return false
+		}
+		ctx.userPerm = userPerm
+	}
+
+	if ctx.opts.DeployKeyID != 0 {
+		deployKey, err := asymkey_model.GetDeployKeyByID(ctx, ctx.opts.DeployKeyID)
+		if err != nil {
+			log.Error("Unable to get DeployKey id %d Error: %v", ctx.opts.DeployKeyID, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get DeployKey id %d Error: %v", ctx.opts.DeployKeyID, err),
+			})
+			return false
+		}
+		ctx.deployKeyAccessMode = deployKey.Mode
+	}
+
+	ctx.loadedPusher = true
+	return true
+}