Merge pull request #6190 from...

Merge pull request #6190 from Popl7/add-better-branch-protection-against-history-rewrite-and-deletion protect protected branched to force updates

Merge pull request #6190 from...
Merge pull request #6190 from Popl7/add-better-branch-protection-against-history-rewrite-and-deletion protect protected branched to force updates
207f34b8 · Dmitriy Zaporozhets · 6594ce1d · 8b35b208 · 207f34b8 · 207f34b8
Commit 207f34b8 authored Apr 03, 2014 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 9 deletions

lib/api/internal.rb lib/api/internal.rb +3 -1

lib/gitlab/git_access.rb lib/gitlab/git_access.rb +13 -8

No files found.
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -10,6 +10,7 @@ module API
      #   project - project path with namespace
      #   action - git action (git-upload-pack or git-receive-pack)
      #   ref - branch name
+      #   forced_push - forced_push
      #
      get "/allowed" do
        # Check for *.wiki repositories.
@@ -35,7 +36,8 @@ module API
          project,
          params[:ref],
          params[:oldrev],
-          params[:newrev]
+          params[:newrev],
+          params[:forced_push]
        )
      end

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,7 +5,7 @@ module Gitlab
    attr_reader :params, :project, :git_cmd, :user
-    def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil)
+    def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil, forced_push = false)
      case cmd
      when *DOWNLOAD_COMMANDS
        if actor.is_a? User
@@ -19,12 +19,12 @@ module Gitlab
        end
      when *PUSH_COMMANDS
        if actor.is_a? User
-          push_allowed?(actor, project, ref, oldrev, newrev)
+          push_allowed?(actor, project, ref, oldrev, newrev, forced_push)
        elsif actor.is_a? DeployKey
          # Deploy key not allowed to push
          return false
        elsif actor.is_a? Key
-          push_allowed?(actor.user, project, ref, oldrev, newrev)
+          push_allowed?(actor.user, project, ref, oldrev, newrev, forced_push)
        else
          raise 'Wrong actor'
        end
@@ -41,13 +41,18 @@ module Gitlab
      end
    end
-    def push_allowed?(user, project, ref, oldrev, newrev)
+    def push_allowed?(user, project, ref, oldrev, newrev, forced_push)
      if user && user_allowed?(user)
        action = if project.protected_branch?(ref)
-                   :push_code_to_protected_branches
+                    if forced_push
-                 else
+                      :force_push_code_to_protected_branches
-                   :push_code
+                    else
-                 end
+                      :push_code_to_protected_branches
+                    end
+                  else
+                    :push_code
+                  end
        user.can?(action, project)
      else
        false