summaryrefslogtreecommitdiffstats
path: root/services/repository
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-01-16 09:00:22 +0100
committerGitHub <noreply@github.com>2023-01-16 09:00:22 +0100
commit2782c1439679402a1f8731a94dc66214781282ba (patch)
tree66739f30beb529119694290bdcdba9e02bdcfabd /services/repository
parentPrevent panic on looking at api "git" endpoints for empty repos (#22457) (diff)
downloadforgejo-2782c1439679402a1f8731a94dc66214781282ba.tar.xz
forgejo-2782c1439679402a1f8731a94dc66214781282ba.zip
Supports wildcard protected branch (#20825)
This PR introduce glob match for protected branch name. The separator is `/` and you can use `*` matching non-separator chars and use `**` across separator. It also supports input an exist or non-exist branch name as matching condition and branch name condition has high priority than glob rule. Should fix #2529 and #15705 screenshots <img width="1160" alt="image" src="https://user-images.githubusercontent.com/81045/205651179-ebb5492a-4ade-4bb4-a13c-965e8c927063.png"> Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'services/repository')
-rw-r--r--services/repository/branch.go8
-rw-r--r--services/repository/files/patch.go11
-rw-r--r--services/repository/files/update.go5
3 files changed, 13 insertions, 11 deletions
diff --git a/services/repository/branch.go b/services/repository/branch.go
index 8717fee23b..291fb4a92b 100644
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@@ -149,8 +149,7 @@ func RenameBranch(repo *repo_model.Repository, doer *user_model.User, gitRepo *g
// enmuerates all branch related errors
var (
- ErrBranchIsDefault = errors.New("branch is default")
- ErrBranchIsProtected = errors.New("branch is protected")
+ ErrBranchIsDefault = errors.New("branch is default")
)
// DeleteBranch delete branch
@@ -159,13 +158,12 @@ func DeleteBranch(doer *user_model.User, repo *repo_model.Repository, gitRepo *g
return ErrBranchIsDefault
}
- isProtected, err := git_model.IsProtectedBranch(db.DefaultContext, repo.ID, branchName)
+ isProtected, err := git_model.IsBranchProtected(db.DefaultContext, repo.ID, branchName)
if err != nil {
return err
}
-
if isProtected {
- return ErrBranchIsProtected
+ return git_model.ErrBranchIsProtected
}
commit, err := gitRepo.GetBranchCommit(branchName)
diff --git a/services/repository/files/patch.go b/services/repository/files/patch.go
index 33f4b6c9dc..73ee0fa815 100644
--- a/services/repository/files/patch.go
+++ b/services/repository/files/patch.go
@@ -66,13 +66,16 @@ func (opts *ApplyDiffPatchOptions) Validate(ctx context.Context, repo *repo_mode
return err
}
} else {
- protectedBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, opts.OldBranch)
+ protectedBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, opts.OldBranch)
if err != nil {
return err
}
- if protectedBranch != nil && !protectedBranch.CanUserPush(ctx, doer.ID) {
- return models.ErrUserCannotCommit{
- UserName: doer.LowerName,
+ if protectedBranch != nil {
+ protectedBranch.Repo = repo
+ if !protectedBranch.CanUserPush(ctx, doer) {
+ return models.ErrUserCannotCommit{
+ UserName: doer.LowerName,
+ }
}
}
if protectedBranch != nil && protectedBranch.RequireSignedCommits {
diff --git a/services/repository/files/update.go b/services/repository/files/update.go
index 30cfd9e2dd..58b7a5e082 100644
--- a/services/repository/files/update.go
+++ b/services/repository/files/update.go
@@ -463,17 +463,18 @@ func CreateOrUpdateRepoFile(ctx context.Context, repo *repo_model.Repository, do
// VerifyBranchProtection verify the branch protection for modifying the given treePath on the given branch
func VerifyBranchProtection(ctx context.Context, repo *repo_model.Repository, doer *user_model.User, branchName, treePath string) error {
- protectedBranch, err := git_model.GetProtectedBranchBy(ctx, repo.ID, branchName)
+ protectedBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, branchName)
if err != nil {
return err
}
if protectedBranch != nil {
+ protectedBranch.Repo = repo
isUnprotectedFile := false
glob := protectedBranch.GetUnprotectedFilePatterns()
if len(glob) != 0 {
isUnprotectedFile = protectedBranch.IsUnprotectedFile(glob, treePath)
}
- if !protectedBranch.CanUserPush(ctx, doer.ID) && !isUnprotectedFile {
+ if !protectedBranch.CanUserPush(ctx, doer) && !isUnprotectedFile {
return models.ErrUserCannotCommit{
UserName: doer.LowerName,
}