Skip to content

G
gitlab-ce
Commit e81fa0e6 authored by Marin Jankovski's avatar Marin Jankovski
Browse files
Options

Merge branch 'fix_git_access' into 'master' 

Fix ref parsing in Gitlab::GitAccess

See merge request !1107
parents a33d7a40 f12d6278
Show whitespace changes
Inline Side-by-side
Showing with 26 additions and 5 deletions
CHANGELOG
View file @ e81fa0e6
v 7.3.1
- Fix ref parsing in Gitlab::GitAccess
v 7.3.0 v 7.3.0
- Always set the 'origin' remote in satellite actions - Always set the 'origin' remote in satellite actions
- Write authorized_keys in tmp/ during tests - Write authorized_keys in tmp/ during tests
......
lib/gitlab/git_access.rb
View file @ e81fa0e6
...@@ -49,11 +49,11 @@ module Gitlab ...@@ -49,11 +49,11 @@ module Gitlab
# Iterate over all changes to find if user allowed all of them to be applied # Iterate over all changes to find if user allowed all of them to be applied
changes.each do |change| changes.each do |change|
oldrev, newrev, ref = changes.split('') oldrev, newrev, ref = change.split(' ')
action = if project.protected_branch?(ref) action = if project.protected_branch?(branch_name(ref))
# we dont allow force push to protected branch # we dont allow force push to protected branch
if forced_push?(oldrev, newrev) if forced_push?(project, oldrev, newrev)
:force_push_code_to_protected_branches :force_push_code_to_protected_branches
# and we dont allow remove of protected branch # and we dont allow remove of protected branch
elsif newrev =~ /0000000/ elsif newrev =~ /0000000/
...@@ -61,7 +61,7 @@ module Gitlab ...@@ -61,7 +61,7 @@ module Gitlab
else else
:push_code_to_protected_branches :push_code_to_protected_branches
end end
elsif project.repository && project.repository.tag_names.include?(ref) elsif project.repository && project.repository.tag_names.include?(tag_name(ref))
# Prevent any changes to existing git tag unless user has permissions # Prevent any changes to existing git tag unless user has permissions
:admin_project :admin_project
else else
...@@ -77,7 +77,7 @@ module Gitlab ...@@ -77,7 +77,7 @@ module Gitlab
true true
end end
def forced_push?(oldrev, newrev) def forced_push?(project, oldrev, newrev)
return false if project.empty_repo? return false if project.empty_repo?
if oldrev !~ /00000000/ && newrev !~ /00000000/ if oldrev !~ /00000000/ && newrev !~ /00000000/
...@@ -93,5 +93,23 @@ module Gitlab ...@@ -93,5 +93,23 @@ module Gitlab
def user_allowed?(user) def user_allowed?(user)
Gitlab::UserAccess.allowed?(user) Gitlab::UserAccess.allowed?(user)
end end
def branch_name(ref)
ref = ref.to_s
if ref.start_with?('refs/heads')
ref.sub(%r{\Arefs/heads/}, '')
else
nil
end
end
def tag_name(ref)
ref = ref.to_s
if ref.start_with?('refs/tags')
ref.sub(%r{\Arefs/tags/}, '')
else
nil
end
end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7