Commit bfc42fc7 authored by Rubén Dávila's avatar Rubén Dávila

Stop passing push_rule by making it an attribute

parent c0f35d7e
......@@ -13,6 +13,8 @@ module EE
push_rule_committer_not_allowed: "You cannot push commits for '%{committer_email}'. You can only push commits that were committed with one of your own verified emails."
}.freeze
attr_reader :push_rule
override :exec
def exec
return true if skip_authorization
......@@ -29,23 +31,23 @@ module EE
def push_rule_check
return unless newrev && oldrev && project.feature_available?(:push_rules)
push_rule = project.push_rule
@push_rule = project.push_rule
if tag_name
push_rule_tag_check(push_rule)
push_rule_tag_check
else
push_rule_branch_check(push_rule)
push_rule_branch_check
end
end
def push_rule_tag_check(push_rule)
if tag_deletion_denied_by_push_rule?(push_rule)
def push_rule_tag_check
if tag_deletion_denied_by_push_rule?
raise ::Gitlab::GitAccess::UnauthorizedError, 'You cannot delete a tag'
end
end
def push_rule_branch_check(push_rule)
unless branch_name_allowed_by_push_rule?(push_rule)
def push_rule_branch_check
unless branch_name_allowed_by_push_rule?
message = ERROR_MESSAGES[:push_rule_branch_name] % { branch_name_regex: push_rule.branch_name_regex }
raise ::Gitlab::GitAccess::UnauthorizedError.new(message)
end
......@@ -57,40 +59,40 @@ module EE
# n+1: https://gitlab.com/gitlab-org/gitlab-ee/issues/3593
::Gitlab::GitalyClient.allow_n_plus_1_calls do
commits.each do |commit|
push_rule_commit_check(commit, push_rule)
push_rule_commit_check(commit)
end
end
rescue ::PushRule::MatchError => e
raise ::Gitlab::GitAccess::UnauthorizedError, e.message
end
def branch_name_allowed_by_push_rule?(push_rule)
return true if skip_branch_name_push_rule?(push_rule)
def branch_name_allowed_by_push_rule?
return true if skip_branch_name_push_rule?
push_rule.branch_name_allowed?(branch_name)
end
def skip_branch_name_push_rule?(push_rule)
def skip_branch_name_push_rule?
push_rule.nil? ||
deletion? ||
branch_name.blank? ||
branch_name == project.default_branch
end
def tag_deletion_denied_by_push_rule?(push_rule)
def tag_deletion_denied_by_push_rule?
push_rule.try(:deny_delete_tag) &&
!updated_from_web? &&
deletion? &&
tag_exists?
end
def push_rule_commit_check(commit, push_rule)
def push_rule_commit_check(commit)
if push_rule.try(:commit_validation?)
error = check_commit(commit, push_rule)
error = check_commit(commit)
raise ::Gitlab::GitAccess::UnauthorizedError, error if error
end
if error = check_commit_diff(commit, push_rule)
if error = check_commit_diff(commit)
raise ::Gitlab::GitAccess::UnauthorizedError, error
end
end
......@@ -98,7 +100,7 @@ module EE
# If commit does not pass push rule validation the whole push should be rejected.
# This method should return nil if no error found or a string if error.
# In case of errors - all other checks will be canceled and push will be rejected.
def check_commit(commit, push_rule)
def check_commit(commit)
unless push_rule.commit_message_allowed?(commit.safe_message)
return "Commit message does not follow the pattern '#{push_rule.commit_message_regex}'"
end
......@@ -111,7 +113,7 @@ module EE
return "Author's email '#{commit.author_email}' does not follow the pattern '#{push_rule.author_email_regex}'"
end
committer_error_message = committer_check(commit, push_rule)
committer_error_message = committer_check(commit)
return committer_error_message if committer_error_message
if !updated_from_web? && !push_rule.commit_signature_allowed?(commit)
......@@ -134,7 +136,7 @@ module EE
nil
end
def committer_check(commit, push_rule)
def committer_check(commit)
unless push_rule.committer_allowed?(commit.committer_email, user_access.user)
committer_is_current_user = commit.committer == user_access.user
......@@ -146,8 +148,8 @@ module EE
end
end
def check_commit_diff(commit, push_rule)
validations = validations_for_commit(commit, push_rule)
def check_commit_diff(commit)
validations = validations_for_commit(commit)
return if validations.empty?
......@@ -162,12 +164,12 @@ module EE
nil
end
def validations_for_commit(commit, push_rule)
def validations_for_commit(commit)
validations = base_validations
return validations unless push_rule
validations << file_name_validation(push_rule)
validations << file_name_validation
if push_rule.max_file_size > 0
validations << file_size_validation(commit, push_rule.max_file_size)
......@@ -200,7 +202,7 @@ module EE
end
end
def file_name_validation(push_rule)
def file_name_validation
lambda do |diff|
if (diff.renamed_file || diff.new_file) && blacklisted_regex = push_rule.filename_blacklisted?(diff.new_path)
return nil unless blacklisted_regex.present?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment