Commit bf116855 authored by Mayra Cabrera's avatar Mayra Cabrera

Prevent editing commits if signed commits required

On https://gitlab.com/groups/gitlab-org/-/epics/4983, we want to allow
editing commit messages on unprotected branches. Until a better
solution is found, we can't edit commit messages that are signed, so if
"Required signed commits" option is enabled, this setting shouldn't be
enabled.

This commits prevents for editing commit setting to be enabled if signed
commits is required.

Related to https://gitlab.com/gitlab-org/gitlab/-/issues/292493
parent 567263c9
...@@ -94,7 +94,7 @@ class ProjectsController < Projects::ApplicationController ...@@ -94,7 +94,7 @@ class ProjectsController < Projects::ApplicationController
redirect_to(edit_project_path(@project, anchor: 'js-general-project-settings')) redirect_to(edit_project_path(@project, anchor: 'js-general-project-settings'))
end end
else else
flash.now[:alert] = result[:message] flash[:alert] = result[:message]
@project.reset @project.reset
format.html { render_edit } format.html { render_edit }
......
...@@ -8,6 +8,23 @@ module EE ...@@ -8,6 +8,23 @@ module EE
belongs_to :push_rule belongs_to :push_rule
scope :has_vulnerabilities, -> { where('has_vulnerabilities IS TRUE') } scope :has_vulnerabilities, -> { where('has_vulnerabilities IS TRUE') }
validate :allow_editing_commits
private
def allow_editing_commits
return unless signed_commits_required?
error_message = _("can't be enabled because signed commits are required for this project")
errors.add(:allow_editing_commit_messages, error_message)
end
def signed_commits_required?
return false unless push_rule
push_rule.reject_unsigned_commits?
end
end end
end end
end end
...@@ -13,4 +13,35 @@ RSpec.describe ProjectSetting do ...@@ -13,4 +13,35 @@ RSpec.describe ProjectSetting do
it { is_expected.to contain_exactly(setting_1) } it { is_expected.to contain_exactly(setting_1) }
end end
describe '#allow_editing_commits' do
subject(:setting) { build(:project_setting) }
context 'with a push rule' do
context 'when reject unsigned commits is enabled' do
it 'prevents editing commits' do
setting.build_push_rule
setting.push_rule.reject_unsigned_commits = true
expect(setting).not_to be_valid
expect(setting.errors[:allow_editing_commit_messages]).to be_present
end
end
context 'when reject unsigned commits is disabled' do
it 'allows editing commits' do
setting.build_push_rule
setting.push_rule.reject_unsigned_commits = false
expect(setting).to be_valid
end
end
end
context 'without a push rule' do
it 'allows editing commits' do
expect(setting).to be_valid
end
end
end
end end
...@@ -32857,6 +32857,9 @@ msgstr "" ...@@ -32857,6 +32857,9 @@ msgstr ""
msgid "can contain only letters of the Base64 alphabet (RFC4648) with the addition of '@', ':' and '.'" msgid "can contain only letters of the Base64 alphabet (RFC4648) with the addition of '@', ':' and '.'"
msgstr "" msgstr ""
msgid "can't be enabled because signed commits are required for this project"
msgstr ""
msgid "cannot be a date in the past" msgid "cannot be a date in the past"
msgstr "" msgstr ""
......
...@@ -616,7 +616,7 @@ RSpec.describe ProjectsController do ...@@ -616,7 +616,7 @@ RSpec.describe ProjectsController do
expect { update_project path: 'renamed_path' } expect { update_project path: 'renamed_path' }
.not_to change { project.reload.path } .not_to change { project.reload.path }
expect(controller).to set_flash.now[:alert].to(s_('UpdateProject|Cannot rename project because it contains container registry tags!')) expect(controller).to set_flash[:alert].to(s_('UpdateProject|Cannot rename project because it contains container registry tags!'))
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment