Commit a8b4756f authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'mwessel/gitlab-ce-configure-protection' into 'master'

Mwessel/gitlab ce configure protection

See merge request !1467
parents 0bcd5ca4 490cf7bf
...@@ -30,6 +30,8 @@ v 7.8.0 ...@@ -30,6 +30,8 @@ v 7.8.0
- -
- Async load a branch information at the commit page - Async load a branch information at the commit page
- -
- Allow configuring protection of the default branch upon first push (Marco Wessel)
-
- -
- Add a commit calendar to the user profile (Hannes Rosenögger) - Add a commit calendar to the user profile (Hannes Rosenögger)
- -
......
...@@ -22,6 +22,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -22,6 +22,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
def application_setting_params def application_setting_params
params.require(:application_setting).permit( params.require(:application_setting).permit(
:default_projects_limit, :default_projects_limit,
:default_branch_protection,
:signup_enabled, :signup_enabled,
:signin_enabled, :signin_enabled,
:gravatar_enabled, :gravatar_enabled,
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# default_branch_protection :integer
# signup_enabled :boolean # signup_enabled :boolean
# signin_enabled :boolean # signin_enabled :boolean
# gravatar_enabled :boolean # gravatar_enabled :boolean
...@@ -26,6 +27,7 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -26,6 +27,7 @@ class ApplicationSetting < ActiveRecord::Base
def self.create_from_defaults def self.create_from_defaults
create( create(
default_projects_limit: Settings.gitlab['default_projects_limit'], default_projects_limit: Settings.gitlab['default_projects_limit'],
default_branch_protection: Settings.gitlab['default_branch_protection'],
signup_enabled: Settings.gitlab['signup_enabled'], signup_enabled: Settings.gitlab['signup_enabled'],
signin_enabled: Settings.gitlab['signin_enabled'], signin_enabled: Settings.gitlab['signin_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
......
class GitPushService class GitPushService
attr_accessor :project, :user, :push_data, :push_commits attr_accessor :project, :user, :push_data, :push_commits
include Gitlab::CurrentSettings
include Gitlab::Access
# This method will be called after each git update # This method will be called after each git update
# and only if the provided user and project is present in GitLab. # and only if the provided user and project is present in GitLab.
...@@ -29,8 +31,12 @@ class GitPushService ...@@ -29,8 +31,12 @@ class GitPushService
if is_default_branch?(ref) if is_default_branch?(ref)
# Initial push to the default branch. Take the full history of that branch as "newly pushed". # Initial push to the default branch. Take the full history of that branch as "newly pushed".
@push_commits = project.repository.commits(newrev) @push_commits = project.repository.commits(newrev)
# Default branch is protected by default
project.protected_branches.create({ name: project.default_branch }) # Set protection on the default branch if configured
if (current_application_settings.default_branch_protection != PROTECTION_NONE)
developers_can_push = current_application_settings.default_branch_protection == PROTECTION_DEV_CAN_PUSH ? true : false
project.protected_branches.create({ name: project.default_branch, developers_can_push: developers_can_push })
end
else else
# Use the pushed commits that aren't reachable by the default branch # Use the pushed commits that aren't reachable by the default branch
# as a heuristic. This may include more commits than are actually pushed, but # as a heuristic. This may include more commits than are actually pushed, but
......
...@@ -25,6 +25,10 @@ ...@@ -25,6 +25,10 @@
= f.label :default_projects_limit, class: 'control-label' = f.label :default_projects_limit, class: 'control-label'
.col-sm-10 .col-sm-10
= f.number_field :default_projects_limit, class: 'form-control' = f.number_field :default_projects_limit, class: 'form-control'
.form-group
= f.label :default_branch_protection, class: 'control-label'
.col-sm-10
= f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
.form-group .form-group
= f.label :home_page_url, class: 'control-label' = f.label :home_page_url, class: 'control-label'
.col-sm-10 .col-sm-10
......
...@@ -87,6 +87,7 @@ Settings['issues_tracker'] ||= {} ...@@ -87,6 +87,7 @@ Settings['issues_tracker'] ||= {}
# #
Settings['gitlab'] ||= Settingslogic.new({}) Settings['gitlab'] ||= Settingslogic.new({})
Settings.gitlab['default_projects_limit'] ||= 10 Settings.gitlab['default_projects_limit'] ||= 10
Settings.gitlab['default_branch_protection'] ||= 2
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
Settings.gitlab['default_theme'] = Gitlab::Theme::MARS if Settings.gitlab['default_theme'].nil? Settings.gitlab['default_theme'] = Gitlab::Theme::MARS if Settings.gitlab['default_theme'].nil?
Settings.gitlab['host'] ||= 'localhost' Settings.gitlab['host'] ||= 'localhost'
......
class AddDefaultBranchProtectionSetting < ActiveRecord::Migration
def change
add_column :application_settings, :default_branch_protection, :integer, :default => 2
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150116234545) do ActiveRecord::Schema.define(version: 20150125163100) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -25,6 +25,7 @@ ActiveRecord::Schema.define(version: 20150116234545) do ...@@ -25,6 +25,7 @@ ActiveRecord::Schema.define(version: 20150116234545) do
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.string "home_page_url" t.string "home_page_url"
t.integer "default_branch_protection", default: 2
end end
create_table "broadcast_messages", force: true do |t| create_table "broadcast_messages", force: true do |t|
...@@ -322,12 +323,12 @@ ActiveRecord::Schema.define(version: 20150116234545) do ...@@ -322,12 +323,12 @@ ActiveRecord::Schema.define(version: 20150116234545) do
t.string "import_url" t.string "import_url"
t.integer "visibility_level", default: 0, null: false t.integer "visibility_level", default: 0, null: false
t.boolean "archived", default: false, null: false t.boolean "archived", default: false, null: false
t.string "avatar"
t.string "import_status" t.string "import_status"
t.float "repository_size", default: 0.0 t.float "repository_size", default: 0.0
t.integer "star_count", default: 0, null: false t.integer "star_count", default: 0, null: false
t.string "import_type" t.string "import_type"
t.string "import_source" t.string "import_source"
t.string "avatar"
end end
add_index "projects", ["creator_id"], name: "index_projects_on_creator_id", using: :btree add_index "projects", ["creator_id"], name: "index_projects_on_creator_id", using: :btree
...@@ -425,6 +426,7 @@ ActiveRecord::Schema.define(version: 20150116234545) do ...@@ -425,6 +426,7 @@ ActiveRecord::Schema.define(version: 20150116234545) do
t.integer "notification_level", default: 1, null: false t.integer "notification_level", default: 1, null: false
t.datetime "password_expires_at" t.datetime "password_expires_at"
t.integer "created_by_id" t.integer "created_by_id"
t.datetime "last_credential_check_at"
t.string "avatar" t.string "avatar"
t.string "confirmation_token" t.string "confirmation_token"
t.datetime "confirmed_at" t.datetime "confirmed_at"
...@@ -432,7 +434,6 @@ ActiveRecord::Schema.define(version: 20150116234545) do ...@@ -432,7 +434,6 @@ ActiveRecord::Schema.define(version: 20150116234545) do
t.string "unconfirmed_email" t.string "unconfirmed_email"
t.boolean "hide_no_ssh_key", default: false t.boolean "hide_no_ssh_key", default: false
t.string "website_url", default: "", null: false t.string "website_url", default: "", null: false
t.datetime "last_credential_check_at"
t.string "github_access_token" t.string "github_access_token"
t.string "gitlab_access_token" t.string "gitlab_access_token"
end end
......
...@@ -11,6 +11,11 @@ module Gitlab ...@@ -11,6 +11,11 @@ module Gitlab
MASTER = 40 MASTER = 40
OWNER = 50 OWNER = 50
# Branch protection settings
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
class << self class << self
def values def values
options.values options.values
...@@ -43,6 +48,18 @@ module Gitlab ...@@ -43,6 +48,18 @@ module Gitlab
master: MASTER, master: MASTER,
} }
end end
def protection_options
{
"Not protected, developers and masters can (force) push and delete the branch" => PROTECTION_NONE,
"Partially protected, developers can also push but prevent all force pushes and deletion" => PROTECTION_DEV_CAN_PUSH,
"Fully protected, only masters can push and prevent all force pushes and deletion" => PROTECTION_FULL,
}
end
def protection_values
protection_options.values
end
end end
def human_access def human_access
......
...@@ -12,6 +12,7 @@ module Gitlab ...@@ -12,6 +12,7 @@ module Gitlab
def fake_application_settings def fake_application_settings
OpenStruct.new( OpenStruct.new(
default_projects_limit: Settings.gitlab['default_projects_limit'], default_projects_limit: Settings.gitlab['default_projects_limit'],
default_branch_protection: Settings.gitlab['default_branch_protection'],
signup_enabled: Settings.gitlab['signup_enabled'], signup_enabled: Settings.gitlab['signup_enabled'],
signin_enabled: Settings.gitlab['signin_enabled'], signin_enabled: Settings.gitlab['signin_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
......
...@@ -2,15 +2,16 @@ ...@@ -2,15 +2,16 @@
# #
# Table name: application_settings # Table name: application_settings
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# signup_enabled :boolean # default_branch_protection :integer
# signin_enabled :boolean # signup_enabled :boolean
# gravatar_enabled :boolean # signin_enabled :boolean
# sign_in_text :text # gravatar_enabled :boolean
# created_at :datetime # sign_in_text :text
# updated_at :datetime # created_at :datetime
# home_page_url :string(255) # updated_at :datetime
# home_page_url :string(255)
# #
require 'spec_helper' require 'spec_helper'
......
...@@ -106,7 +106,25 @@ describe GitPushService do ...@@ -106,7 +106,25 @@ describe GitPushService do
it "when pushing a branch for the first time" do it "when pushing a branch for the first time" do
project.should_receive(:execute_hooks) project.should_receive(:execute_hooks)
project.default_branch.should == "master" project.default_branch.should == "master"
project.protected_branches.should_receive(:create).with({ name: "master" }) project.protected_branches.should_receive(:create).with({ name: "master", developers_can_push: false })
service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master')
end
it "when pushing a branch for the first time with default branch protection disabled" do
ApplicationSetting.any_instance.stub(default_branch_protection: 0)
project.should_receive(:execute_hooks)
project.default_branch.should == "master"
project.protected_branches.should_not_receive(:create)
service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master')
end
it "when pushing a branch for the first time with default branch protection set to 'developers can push'" do
ApplicationSetting.any_instance.stub(default_branch_protection: 1)
project.should_receive(:execute_hooks)
project.default_branch.should == "master"
project.protected_branches.should_receive(:create).with({ name: "master", developers_can_push: true })
service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master') service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master')
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment