Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
bfc42fc7
Commit
bfc42fc7
authored
Jan 23, 2018
by
Rubén Dávila
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Stop passing push_rule by making it an attribute
parent
c0f35d7e
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
25 additions
and
23 deletions
+25
-23
ee/lib/ee/gitlab/checks/change_access.rb
ee/lib/ee/gitlab/checks/change_access.rb
+25
-23
No files found.
ee/lib/ee/gitlab/checks/change_access.rb
View file @
bfc42fc7
...
...
@@ -13,6 +13,8 @@ module EE
push_rule_committer_not_allowed:
"You cannot push commits for '%{committer_email}'. You can only push commits that were committed with one of your own verified emails."
}.
freeze
attr_reader
:push_rule
override
:exec
def
exec
return
true
if
skip_authorization
...
...
@@ -29,23 +31,23 @@ module EE
def
push_rule_check
return
unless
newrev
&&
oldrev
&&
project
.
feature_available?
(
:push_rules
)
push_rule
=
project
.
push_rule
@
push_rule
=
project
.
push_rule
if
tag_name
push_rule_tag_check
(
push_rule
)
push_rule_tag_check
else
push_rule_branch_check
(
push_rule
)
push_rule_branch_check
end
end
def
push_rule_tag_check
(
push_rule
)
if
tag_deletion_denied_by_push_rule?
(
push_rule
)
def
push_rule_tag_check
if
tag_deletion_denied_by_push_rule?
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
,
'You cannot delete a tag'
end
end
def
push_rule_branch_check
(
push_rule
)
unless
branch_name_allowed_by_push_rule?
(
push_rule
)
def
push_rule_branch_check
unless
branch_name_allowed_by_push_rule?
message
=
ERROR_MESSAGES
[
:push_rule_branch_name
]
%
{
branch_name_regex:
push_rule
.
branch_name_regex
}
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
.
new
(
message
)
end
...
...
@@ -57,40 +59,40 @@ module EE
# n+1: https://gitlab.com/gitlab-org/gitlab-ee/issues/3593
::
Gitlab
::
GitalyClient
.
allow_n_plus_1_calls
do
commits
.
each
do
|
commit
|
push_rule_commit_check
(
commit
,
push_rule
)
push_rule_commit_check
(
commit
)
end
end
rescue
::
PushRule
::
MatchError
=>
e
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
,
e
.
message
end
def
branch_name_allowed_by_push_rule?
(
push_rule
)
return
true
if
skip_branch_name_push_rule?
(
push_rule
)
def
branch_name_allowed_by_push_rule?
return
true
if
skip_branch_name_push_rule?
push_rule
.
branch_name_allowed?
(
branch_name
)
end
def
skip_branch_name_push_rule?
(
push_rule
)
def
skip_branch_name_push_rule?
push_rule
.
nil?
||
deletion?
||
branch_name
.
blank?
||
branch_name
==
project
.
default_branch
end
def
tag_deletion_denied_by_push_rule?
(
push_rule
)
def
tag_deletion_denied_by_push_rule?
push_rule
.
try
(
:deny_delete_tag
)
&&
!
updated_from_web?
&&
deletion?
&&
tag_exists?
end
def
push_rule_commit_check
(
commit
,
push_rule
)
def
push_rule_commit_check
(
commit
)
if
push_rule
.
try
(
:commit_validation?
)
error
=
check_commit
(
commit
,
push_rule
)
error
=
check_commit
(
commit
)
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
,
error
if
error
end
if
error
=
check_commit_diff
(
commit
,
push_rule
)
if
error
=
check_commit_diff
(
commit
)
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
,
error
end
end
...
...
@@ -98,7 +100,7 @@ module EE
# If commit does not pass push rule validation the whole push should be rejected.
# This method should return nil if no error found or a string if error.
# In case of errors - all other checks will be canceled and push will be rejected.
def
check_commit
(
commit
,
push_rule
)
def
check_commit
(
commit
)
unless
push_rule
.
commit_message_allowed?
(
commit
.
safe_message
)
return
"Commit message does not follow the pattern '
#{
push_rule
.
commit_message_regex
}
'"
end
...
...
@@ -111,7 +113,7 @@ module EE
return
"Author's email '
#{
commit
.
author_email
}
' does not follow the pattern '
#{
push_rule
.
author_email_regex
}
'"
end
committer_error_message
=
committer_check
(
commit
,
push_rule
)
committer_error_message
=
committer_check
(
commit
)
return
committer_error_message
if
committer_error_message
if
!
updated_from_web?
&&
!
push_rule
.
commit_signature_allowed?
(
commit
)
...
...
@@ -134,7 +136,7 @@ module EE
nil
end
def
committer_check
(
commit
,
push_rule
)
def
committer_check
(
commit
)
unless
push_rule
.
committer_allowed?
(
commit
.
committer_email
,
user_access
.
user
)
committer_is_current_user
=
commit
.
committer
==
user_access
.
user
...
...
@@ -146,8 +148,8 @@ module EE
end
end
def
check_commit_diff
(
commit
,
push_rule
)
validations
=
validations_for_commit
(
commit
,
push_rule
)
def
check_commit_diff
(
commit
)
validations
=
validations_for_commit
(
commit
)
return
if
validations
.
empty?
...
...
@@ -162,12 +164,12 @@ module EE
nil
end
def
validations_for_commit
(
commit
,
push_rule
)
def
validations_for_commit
(
commit
)
validations
=
base_validations
return
validations
unless
push_rule
validations
<<
file_name_validation
(
push_rule
)
validations
<<
file_name_validation
if
push_rule
.
max_file_size
>
0
validations
<<
file_size_validation
(
commit
,
push_rule
.
max_file_size
)
...
...
@@ -200,7 +202,7 @@ module EE
end
end
def
file_name_validation
(
push_rule
)
def
file_name_validation
lambda
do
|
diff
|
if
(
diff
.
renamed_file
||
diff
.
new_file
)
&&
blacklisted_regex
=
push_rule
.
filename_blacklisted?
(
diff
.
new_path
)
return
nil
unless
blacklisted_regex
.
present?
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment