2017-02-21 10:02:10 -05:00
|
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2022-06-12 11:51:54 -04:00
|
|
|
package git
|
2017-02-21 10:02:10 -05:00
|
|
|
|
|
|
|
import (
|
2019-12-15 04:51:28 -05:00
|
|
|
"context"
|
2017-02-21 10:02:10 -05:00
|
|
|
"fmt"
|
2020-03-26 18:26:34 -04:00
|
|
|
"strings"
|
2017-02-21 10:02:10 -05:00
|
|
|
"time"
|
2017-09-14 04:16:22 -04:00
|
|
|
|
2021-09-19 07:49:59 -04:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2022-03-29 02:29:02 -04:00
|
|
|
"code.gitea.io/gitea/models/organization"
|
2021-11-28 06:58:28 -05:00
|
|
|
"code.gitea.io/gitea/models/perm"
|
2022-05-11 06:09:36 -04:00
|
|
|
access_model "code.gitea.io/gitea/models/perm/access"
|
2021-12-09 20:27:50 -05:00
|
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
2021-11-09 14:57:58 -05:00
|
|
|
"code.gitea.io/gitea/models/unit"
|
2021-11-24 04:49:20 -05:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2017-09-14 04:16:22 -04:00
|
|
|
"code.gitea.io/gitea/modules/base"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
2019-08-15 10:46:21 -04:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2017-09-14 04:16:22 -04:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
|
|
|
|
2020-03-26 18:26:34 -04:00
|
|
|
"github.com/gobwas/glob"
|
2017-02-21 10:02:10 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
// ProtectedBranch struct
|
|
|
|
type ProtectedBranch struct {
|
2020-11-28 14:30:46 -05:00
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
RepoID int64 `xorm:"UNIQUE(s)"`
|
|
|
|
BranchName string `xorm:"UNIQUE(s)"`
|
|
|
|
CanPush bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
EnableWhitelist bool
|
|
|
|
WhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
WhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
EnableMergeWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
WhitelistDeployKeys bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
MergeWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
MergeWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
EnableStatusCheck bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
StatusCheckContexts []string `xorm:"JSON TEXT"`
|
|
|
|
EnableApprovalsWhitelist bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
ApprovalsWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
ApprovalsWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
|
|
|
|
RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
|
|
|
|
BlockOnRejectedReviews bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
BlockOnOutdatedBranch bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
DismissStaleApprovals bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
|
|
|
|
ProtectedFilePatterns string `xorm:"TEXT"`
|
2021-09-11 10:21:17 -04:00
|
|
|
UnprotectedFilePatterns string `xorm:"TEXT"`
|
2020-01-08 20:47:45 -05:00
|
|
|
|
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
|
|
|
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
|
|
|
|
2021-09-19 07:49:59 -04:00
|
|
|
func init() {
|
|
|
|
db.RegisterModel(new(ProtectedBranch))
|
|
|
|
db.RegisterModel(new(DeletedBranch))
|
2021-10-08 13:03:04 -04:00
|
|
|
db.RegisterModel(new(RenamedBranch))
|
2021-09-19 07:49:59 -04:00
|
|
|
}
|
|
|
|
|
2017-09-14 04:16:22 -04:00
|
|
|
// IsProtected returns if the branch is protected
|
|
|
|
func (protectBranch *ProtectedBranch) IsProtected() bool {
|
|
|
|
return protectBranch.ID > 0
|
|
|
|
}
|
|
|
|
|
|
|
|
// CanUserPush returns if some user could push to this protected branch
|
|
|
|
func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {
|
2019-12-03 20:08:56 -05:00
|
|
|
if !protectBranch.CanPush {
|
2017-09-14 04:16:22 -04:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2019-12-03 20:08:56 -05:00
|
|
|
if !protectBranch.EnableWhitelist {
|
2021-11-24 04:49:20 -05:00
|
|
|
if user, err := user_model.GetUserByID(userID); err != nil {
|
2019-12-03 20:08:56 -05:00
|
|
|
log.Error("GetUserByID: %v", err)
|
|
|
|
return false
|
2021-12-09 20:27:50 -05:00
|
|
|
} else if repo, err := repo_model.GetRepositoryByID(protectBranch.RepoID); err != nil {
|
|
|
|
log.Error("repo_model.GetRepositoryByID: %v", err)
|
2019-12-03 20:08:56 -05:00
|
|
|
return false
|
2022-05-11 06:09:36 -04:00
|
|
|
} else if writeAccess, err := access_model.HasAccessUnit(db.DefaultContext, user, repo, unit.TypeCode, perm.AccessModeWrite); err != nil {
|
2019-12-03 20:08:56 -05:00
|
|
|
log.Error("HasAccessUnit: %v", err)
|
|
|
|
return false
|
|
|
|
} else {
|
|
|
|
return writeAccess
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-14 04:16:22 -04:00
|
|
|
if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(protectBranch.WhitelistTeamIDs) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-03-29 02:29:02 -04:00
|
|
|
in, err := organization.IsUserInTeams(db.DefaultContext, userID, protectBranch.WhitelistTeamIDs)
|
2017-09-14 04:16:22 -04:00
|
|
|
if err != nil {
|
2019-04-02 03:48:31 -04:00
|
|
|
log.Error("IsUserInTeams: %v", err)
|
2017-09-14 04:16:22 -04:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
return in
|
2017-02-21 10:02:10 -05:00
|
|
|
}
|
|
|
|
|
2020-01-11 02:29:34 -05:00
|
|
|
// IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
|
2022-05-11 06:09:36 -04:00
|
|
|
func IsUserMergeWhitelisted(ctx context.Context, protectBranch *ProtectedBranch, userID int64, permissionInRepo access_model.Permission) bool {
|
2018-03-25 06:01:32 -04:00
|
|
|
if !protectBranch.EnableMergeWhitelist {
|
2020-08-20 03:48:40 -04:00
|
|
|
// Then we need to fall back on whether the user has write permission
|
2021-11-09 14:57:58 -05:00
|
|
|
return permissionInRepo.CanWrite(unit.TypeCode)
|
2018-03-25 06:01:32 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-07-27 15:11:24 -04:00
|
|
|
if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
|
2018-03-25 06:01:32 -04:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-05-03 15:46:28 -04:00
|
|
|
in, err := organization.IsUserInTeams(ctx, userID, protectBranch.MergeWhitelistTeamIDs)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
2019-04-02 03:48:31 -04:00
|
|
|
log.Error("IsUserInTeams: %v", err)
|
2018-03-25 06:01:32 -04:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
return in
|
|
|
|
}
|
|
|
|
|
2019-12-03 20:08:56 -05:00
|
|
|
// IsUserOfficialReviewer check if user is official reviewer for the branch (counts towards required approvals)
|
2021-12-09 20:27:50 -05:00
|
|
|
func IsUserOfficialReviewer(protectBranch *ProtectedBranch, user *user_model.User) (bool, error) {
|
2022-06-12 11:51:54 -04:00
|
|
|
return IsUserOfficialReviewerCtx(db.DefaultContext, protectBranch, user)
|
2019-12-03 20:08:56 -05:00
|
|
|
}
|
|
|
|
|
2022-06-12 11:51:54 -04:00
|
|
|
// IsUserOfficialReviewerCtx check if user is official reviewer for the branch (counts towards required approvals)
|
|
|
|
func IsUserOfficialReviewerCtx(ctx context.Context, protectBranch *ProtectedBranch, user *user_model.User) (bool, error) {
|
2021-12-09 20:27:50 -05:00
|
|
|
repo, err := repo_model.GetRepositoryByIDCtx(ctx, protectBranch.RepoID)
|
2019-12-03 20:08:56 -05:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if !protectBranch.EnableApprovalsWhitelist {
|
|
|
|
// Anyone with write access is considered official reviewer
|
2022-05-11 06:09:36 -04:00
|
|
|
writeAccess, err := access_model.HasAccessUnit(ctx, user, repo, unit.TypeCode, perm.AccessModeWrite)
|
2019-12-03 20:08:56 -05:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return writeAccess, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
2022-03-29 02:29:02 -04:00
|
|
|
inTeam, err := organization.IsUserInTeams(ctx, user.ID, protectBranch.ApprovalsWhitelistTeamIDs)
|
2019-12-03 20:08:56 -05:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return inTeam, nil
|
|
|
|
}
|
|
|
|
|
2020-03-26 18:26:34 -04:00
|
|
|
// GetProtectedFilePatterns parses a semicolon separated list of protected file patterns and returns a glob.Glob slice
|
|
|
|
func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {
|
2021-09-11 10:21:17 -04:00
|
|
|
return getFilePatterns(protectBranch.ProtectedFilePatterns)
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetUnprotectedFilePatterns parses a semicolon separated list of unprotected file patterns and returns a glob.Glob slice
|
|
|
|
func (protectBranch *ProtectedBranch) GetUnprotectedFilePatterns() []glob.Glob {
|
|
|
|
return getFilePatterns(protectBranch.UnprotectedFilePatterns)
|
|
|
|
}
|
|
|
|
|
|
|
|
func getFilePatterns(filePatterns string) []glob.Glob {
|
2020-03-26 18:26:34 -04:00
|
|
|
extarr := make([]glob.Glob, 0, 10)
|
2021-09-11 10:21:17 -04:00
|
|
|
for _, expr := range strings.Split(strings.ToLower(filePatterns), ";") {
|
2020-03-26 18:26:34 -04:00
|
|
|
expr = strings.TrimSpace(expr)
|
|
|
|
if expr != "" {
|
|
|
|
if g, err := glob.Compile(expr, '.', '/'); err != nil {
|
2021-07-08 07:38:13 -04:00
|
|
|
log.Info("Invalid glob expression '%s' (skipped): %v", expr, err)
|
2020-03-26 18:26:34 -04:00
|
|
|
} else {
|
|
|
|
extarr = append(extarr, g)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return extarr
|
|
|
|
}
|
|
|
|
|
2020-10-13 14:50:57 -04:00
|
|
|
// MergeBlockedByProtectedFiles returns true if merge is blocked by protected files change
|
2022-06-12 11:51:54 -04:00
|
|
|
func (protectBranch *ProtectedBranch) MergeBlockedByProtectedFiles(changedProtectedFiles []string) bool {
|
2020-10-13 14:50:57 -04:00
|
|
|
glob := protectBranch.GetProtectedFilePatterns()
|
|
|
|
if len(glob) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-06-12 11:51:54 -04:00
|
|
|
return len(changedProtectedFiles) > 0
|
2020-10-13 14:50:57 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// IsProtectedFile return if path is protected
|
|
|
|
func (protectBranch *ProtectedBranch) IsProtectedFile(patterns []glob.Glob, path string) bool {
|
|
|
|
if len(patterns) == 0 {
|
|
|
|
patterns = protectBranch.GetProtectedFilePatterns()
|
|
|
|
if len(patterns) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
lpath := strings.ToLower(strings.TrimSpace(path))
|
|
|
|
|
|
|
|
r := false
|
|
|
|
for _, pat := range patterns {
|
|
|
|
if pat.Match(lpath) {
|
|
|
|
r = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return r
|
|
|
|
}
|
|
|
|
|
2021-09-11 10:21:17 -04:00
|
|
|
// IsUnprotectedFile return if path is unprotected
|
|
|
|
func (protectBranch *ProtectedBranch) IsUnprotectedFile(patterns []glob.Glob, path string) bool {
|
|
|
|
if len(patterns) == 0 {
|
|
|
|
patterns = protectBranch.GetUnprotectedFilePatterns()
|
|
|
|
if len(patterns) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
lpath := strings.ToLower(strings.TrimSpace(path))
|
|
|
|
|
|
|
|
r := false
|
|
|
|
for _, pat := range patterns {
|
|
|
|
if pat.Match(lpath) {
|
|
|
|
r = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return r
|
|
|
|
}
|
|
|
|
|
2017-02-21 10:02:10 -05:00
|
|
|
// GetProtectedBranchBy getting protected branch by ID/Name
|
2022-05-20 10:08:52 -04:00
|
|
|
func GetProtectedBranchBy(ctx context.Context, repoID int64, branchName string) (*ProtectedBranch, error) {
|
2019-06-12 15:41:28 -04:00
|
|
|
rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}
|
2022-05-20 10:08:52 -04:00
|
|
|
has, err := db.GetByBean(ctx, rel)
|
2017-02-21 10:02:10 -05:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if !has {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
return rel, nil
|
|
|
|
}
|
|
|
|
|
2018-12-11 06:28:37 -05:00
|
|
|
// WhitelistOptions represent all sorts of whitelists used for protected branches
|
|
|
|
type WhitelistOptions struct {
|
|
|
|
UserIDs []int64
|
|
|
|
TeamIDs []int64
|
|
|
|
|
|
|
|
MergeUserIDs []int64
|
|
|
|
MergeTeamIDs []int64
|
|
|
|
|
|
|
|
ApprovalsUserIDs []int64
|
|
|
|
ApprovalsTeamIDs []int64
|
|
|
|
}
|
|
|
|
|
2017-09-14 04:16:22 -04:00
|
|
|
// UpdateProtectBranch saves branch protection options of repository.
|
|
|
|
// If ID is 0, it creates a new record. Otherwise, updates existing record.
|
|
|
|
// This function also performs check if whitelist user and team's IDs have been changed
|
|
|
|
// to avoid unnecessary whitelist delete and regenerate.
|
2022-04-28 07:48:48 -04:00
|
|
|
func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
|
|
|
|
if err = repo.GetOwner(ctx); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("GetOwner: %w", err)
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
protectBranch.WhitelistUserIDs = whitelist
|
2017-09-14 04:16:22 -04:00
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
2018-03-25 06:01:32 -04:00
|
|
|
protectBranch.MergeWhitelistUserIDs = whitelist
|
2017-09-14 04:16:22 -04:00
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
|
2018-12-11 06:28:37 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
protectBranch.ApprovalsWhitelistUserIDs = whitelist
|
|
|
|
|
2018-03-25 06:01:32 -04:00
|
|
|
// if the repo is in an organization
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
2018-03-25 06:01:32 -04:00
|
|
|
protectBranch.WhitelistTeamIDs = whitelist
|
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
protectBranch.MergeWhitelistTeamIDs = whitelist
|
2017-09-14 04:16:22 -04:00
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
|
2018-12-11 06:28:37 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
protectBranch.ApprovalsWhitelistTeamIDs = whitelist
|
|
|
|
|
2017-09-14 04:16:22 -04:00
|
|
|
// Make sure protectBranch.ID is not 0 for whitelists
|
|
|
|
if protectBranch.ID == 0 {
|
2022-04-28 07:48:48 -04:00
|
|
|
if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("Insert: %w", err)
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("Update: %w", err)
|
2017-09-14 04:16:22 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-03-14 20:52:01 -04:00
|
|
|
// GetProtectedBranches get all protected branches
|
2021-12-09 20:27:50 -05:00
|
|
|
func GetProtectedBranches(repoID int64) ([]*ProtectedBranch, error) {
|
2017-02-21 10:02:10 -05:00
|
|
|
protectedBranches := make([]*ProtectedBranch, 0)
|
2021-12-09 20:27:50 -05:00
|
|
|
return protectedBranches, db.GetEngine(db.DefaultContext).Find(&protectedBranches, &ProtectedBranch{RepoID: repoID})
|
2019-11-16 14:39:18 -05:00
|
|
|
}
|
|
|
|
|
2017-05-01 20:49:55 -04:00
|
|
|
// IsProtectedBranch checks if branch is protected
|
2021-12-09 20:27:50 -05:00
|
|
|
func IsProtectedBranch(repoID int64, branchName string) (bool, error) {
|
2017-05-01 20:49:55 -04:00
|
|
|
protectedBranch := &ProtectedBranch{
|
2021-12-09 20:27:50 -05:00
|
|
|
RepoID: repoID,
|
2017-05-01 20:49:55 -04:00
|
|
|
BranchName: branchName,
|
|
|
|
}
|
|
|
|
|
2021-09-23 11:45:36 -04:00
|
|
|
has, err := db.GetEngine(db.DefaultContext).Exist(protectedBranch)
|
2018-08-07 23:17:11 -04:00
|
|
|
if err != nil {
|
|
|
|
return true, err
|
|
|
|
}
|
|
|
|
return has, nil
|
|
|
|
}
|
|
|
|
|
2019-10-08 15:18:17 -04:00
|
|
|
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
|
|
|
|
// the users from newWhitelist which have explicit read or write access to the repo.
|
2022-04-28 07:48:48 -04:00
|
|
|
func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
2019-10-08 15:18:17 -04:00
|
|
|
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
|
|
|
if !hasUsersChanged {
|
|
|
|
return currentWhitelist, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
whitelist = make([]int64, 0, len(newWhitelist))
|
|
|
|
for _, userID := range newWhitelist {
|
2022-05-11 06:09:36 -04:00
|
|
|
if reader, err := access_model.IsRepoReader(ctx, repo, userID); err != nil {
|
2019-10-08 15:18:17 -04:00
|
|
|
return nil, err
|
|
|
|
} else if !reader {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
whitelist = append(whitelist, userID)
|
|
|
|
}
|
|
|
|
|
2022-06-20 06:02:49 -04:00
|
|
|
return whitelist, err
|
2019-10-08 15:18:17 -04:00
|
|
|
}
|
|
|
|
|
2018-03-25 06:01:32 -04:00
|
|
|
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
|
|
|
|
// the users from newWhitelist which have write access to the repo.
|
2022-04-28 07:48:48 -04:00
|
|
|
func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
2018-03-25 06:01:32 -04:00
|
|
|
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
|
|
|
if !hasUsersChanged {
|
|
|
|
return currentWhitelist, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
whitelist = make([]int64, 0, len(newWhitelist))
|
|
|
|
for _, userID := range newWhitelist {
|
2022-04-28 07:48:48 -04:00
|
|
|
user, err := user_model.GetUserByIDCtx(ctx, userID)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %w", userID, repo.ID, err)
|
2018-11-28 06:26:14 -05:00
|
|
|
}
|
2022-05-11 06:09:36 -04:00
|
|
|
perm, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
2018-11-28 06:26:14 -05:00
|
|
|
if err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %w", userID, repo.ID, err)
|
2018-11-28 06:26:14 -05:00
|
|
|
}
|
|
|
|
|
2021-11-09 14:57:58 -05:00
|
|
|
if !perm.CanWrite(unit.TypeCode) {
|
2018-03-25 06:01:32 -04:00
|
|
|
continue // Drop invalid user ID
|
|
|
|
}
|
|
|
|
|
|
|
|
whitelist = append(whitelist, userID)
|
|
|
|
}
|
|
|
|
|
2022-06-20 06:02:49 -04:00
|
|
|
return whitelist, err
|
2018-03-25 06:01:32 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
|
|
|
|
// the teams from newWhitelist which have write access to the repo.
|
2022-04-28 07:48:48 -04:00
|
|
|
func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
|
2018-03-25 06:01:32 -04:00
|
|
|
hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
|
|
|
|
if !hasTeamsChanged {
|
|
|
|
return currentWhitelist, nil
|
|
|
|
}
|
|
|
|
|
2022-04-28 07:48:48 -04:00
|
|
|
teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)
|
2018-03-25 06:01:32 -04:00
|
|
|
if err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %w", repo.OwnerID, repo.ID, err)
|
2018-03-25 06:01:32 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
whitelist = make([]int64, 0, len(teams))
|
|
|
|
for i := range teams {
|
2020-12-25 04:59:32 -05:00
|
|
|
if util.IsInt64InSlice(teams[i].ID, newWhitelist) {
|
2018-03-25 06:01:32 -04:00
|
|
|
whitelist = append(whitelist, teams[i].ID)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-20 06:02:49 -04:00
|
|
|
return whitelist, err
|
2018-03-25 06:01:32 -04:00
|
|
|
}
|
|
|
|
|
2017-02-21 10:02:10 -05:00
|
|
|
// DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.
|
2021-12-09 20:27:50 -05:00
|
|
|
func DeleteProtectedBranch(repoID, id int64) (err error) {
|
2017-02-21 10:02:10 -05:00
|
|
|
protectedBranch := &ProtectedBranch{
|
2021-12-09 20:27:50 -05:00
|
|
|
RepoID: repoID,
|
2017-02-21 10:02:10 -05:00
|
|
|
ID: id,
|
|
|
|
}
|
|
|
|
|
2021-09-23 11:45:36 -04:00
|
|
|
if affected, err := db.GetEngine(db.DefaultContext).Delete(protectedBranch); err != nil {
|
2017-02-21 10:02:10 -05:00
|
|
|
return err
|
|
|
|
} else if affected != 1 {
|
|
|
|
return fmt.Errorf("delete protected branch ID(%v) failed", id)
|
|
|
|
}
|
|
|
|
|
2021-09-19 07:49:59 -04:00
|
|
|
return nil
|
2017-02-21 10:02:10 -05:00
|
|
|
}
|
2017-10-25 20:49:16 -04:00
|
|
|
|
|
|
|
// DeletedBranch struct
|
|
|
|
type DeletedBranch struct {
|
2019-08-15 10:46:21 -04:00
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
|
|
|
|
Name string `xorm:"UNIQUE(s) NOT NULL"`
|
|
|
|
Commit string `xorm:"UNIQUE(s) NOT NULL"`
|
|
|
|
DeletedByID int64 `xorm:"INDEX"`
|
2021-11-24 04:49:20 -05:00
|
|
|
DeletedBy *user_model.User `xorm:"-"`
|
2019-08-15 10:46:21 -04:00
|
|
|
DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// AddDeletedBranch adds a deleted branch to the database
|
2021-12-09 20:27:50 -05:00
|
|
|
func AddDeletedBranch(repoID int64, branchName, commit string, deletedByID int64) error {
|
2017-10-25 20:49:16 -04:00
|
|
|
deletedBranch := &DeletedBranch{
|
2021-12-09 20:27:50 -05:00
|
|
|
RepoID: repoID,
|
2017-10-25 20:49:16 -04:00
|
|
|
Name: branchName,
|
|
|
|
Commit: commit,
|
|
|
|
DeletedByID: deletedByID,
|
|
|
|
}
|
|
|
|
|
2021-12-09 20:27:50 -05:00
|
|
|
_, err := db.GetEngine(db.DefaultContext).Insert(deletedBranch)
|
2021-09-19 07:49:59 -04:00
|
|
|
return err
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// GetDeletedBranches returns all the deleted branches
|
2021-12-09 20:27:50 -05:00
|
|
|
func GetDeletedBranches(repoID int64) ([]*DeletedBranch, error) {
|
2017-10-25 20:49:16 -04:00
|
|
|
deletedBranches := make([]*DeletedBranch, 0)
|
2021-12-09 20:27:50 -05:00
|
|
|
return deletedBranches, db.GetEngine(db.DefaultContext).Where("repo_id = ?", repoID).Desc("deleted_unix").Find(&deletedBranches)
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// GetDeletedBranchByID get a deleted branch by its ID
|
2021-12-09 20:27:50 -05:00
|
|
|
func GetDeletedBranchByID(repoID, id int64) (*DeletedBranch, error) {
|
2020-06-17 13:50:11 -04:00
|
|
|
deletedBranch := &DeletedBranch{}
|
2021-12-09 20:27:50 -05:00
|
|
|
has, err := db.GetEngine(db.DefaultContext).Where("repo_id = ?", repoID).And("id = ?", id).Get(deletedBranch)
|
2017-10-25 20:49:16 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if !has {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
return deletedBranch, nil
|
|
|
|
}
|
|
|
|
|
2021-12-09 20:27:50 -05:00
|
|
|
// RemoveDeletedBranchByID removes a deleted branch from the database
|
|
|
|
func RemoveDeletedBranchByID(repoID, id int64) (err error) {
|
2017-10-25 20:49:16 -04:00
|
|
|
deletedBranch := &DeletedBranch{
|
2021-12-09 20:27:50 -05:00
|
|
|
RepoID: repoID,
|
2017-10-25 20:49:16 -04:00
|
|
|
ID: id,
|
|
|
|
}
|
|
|
|
|
2021-09-23 11:45:36 -04:00
|
|
|
if affected, err := db.GetEngine(db.DefaultContext).Delete(deletedBranch); err != nil {
|
2017-10-25 20:49:16 -04:00
|
|
|
return err
|
|
|
|
} else if affected != 1 {
|
|
|
|
return fmt.Errorf("remove deleted branch ID(%v) failed", id)
|
|
|
|
}
|
|
|
|
|
2021-09-19 07:49:59 -04:00
|
|
|
return nil
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// LoadUser loads the user that deleted the branch
|
2021-11-24 04:49:20 -05:00
|
|
|
// When there's no user found it returns a user_model.NewGhostUser
|
2017-10-25 20:49:16 -04:00
|
|
|
func (deletedBranch *DeletedBranch) LoadUser() {
|
2021-11-24 04:49:20 -05:00
|
|
|
user, err := user_model.GetUserByID(deletedBranch.DeletedByID)
|
2017-10-25 20:49:16 -04:00
|
|
|
if err != nil {
|
2021-11-24 04:49:20 -05:00
|
|
|
user = user_model.NewGhostUser()
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
deletedBranch.DeletedBy = user
|
|
|
|
}
|
|
|
|
|
2021-12-09 20:27:50 -05:00
|
|
|
// RemoveDeletedBranchByName removes all deleted branches
|
|
|
|
func RemoveDeletedBranchByName(repoID int64, branch string) error {
|
2021-09-23 11:45:36 -04:00
|
|
|
_, err := db.GetEngine(db.DefaultContext).Where("repo_id=? AND name=?", repoID, branch).Delete(new(DeletedBranch))
|
2019-12-27 14:17:37 -05:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2017-10-25 20:49:16 -04:00
|
|
|
// RemoveOldDeletedBranches removes old deleted branches
|
2020-05-16 19:31:38 -04:00
|
|
|
func RemoveOldDeletedBranches(ctx context.Context, olderThan time.Duration) {
|
2019-12-15 04:51:28 -05:00
|
|
|
// Nothing to do for shutdown or terminate
|
2017-10-25 20:49:16 -04:00
|
|
|
log.Trace("Doing: DeletedBranchesCleanup")
|
|
|
|
|
2020-05-16 19:31:38 -04:00
|
|
|
deleteBefore := time.Now().Add(-olderThan)
|
2021-09-23 11:45:36 -04:00
|
|
|
_, err := db.GetEngine(db.DefaultContext).Where("deleted_unix < ?", deleteBefore.Unix()).Delete(new(DeletedBranch))
|
2017-10-25 20:49:16 -04:00
|
|
|
if err != nil {
|
2019-04-02 03:48:31 -04:00
|
|
|
log.Error("DeletedBranchesCleanup: %v", err)
|
2017-10-25 20:49:16 -04:00
|
|
|
}
|
|
|
|
}
|
2021-10-08 13:03:04 -04:00
|
|
|
|
|
|
|
// RenamedBranch provide renamed branch log
|
|
|
|
// will check it when a branch can't be found
|
|
|
|
type RenamedBranch struct {
|
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
RepoID int64 `xorm:"INDEX NOT NULL"`
|
|
|
|
From string
|
|
|
|
To string
|
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// FindRenamedBranch check if a branch was renamed
|
|
|
|
func FindRenamedBranch(repoID int64, from string) (branch *RenamedBranch, exist bool, err error) {
|
|
|
|
branch = &RenamedBranch{
|
|
|
|
RepoID: repoID,
|
|
|
|
From: from,
|
|
|
|
}
|
|
|
|
exist, err = db.GetEngine(db.DefaultContext).Get(branch)
|
|
|
|
|
2022-06-20 06:02:49 -04:00
|
|
|
return branch, exist, err
|
2021-10-08 13:03:04 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// RenameBranch rename a branch
|
2021-12-09 20:27:50 -05:00
|
|
|
func RenameBranch(repo *repo_model.Repository, from, to string, gitAction func(isDefault bool) error) (err error) {
|
2021-11-21 10:41:00 -05:00
|
|
|
ctx, committer, err := db.TxContext()
|
|
|
|
if err != nil {
|
2021-10-08 13:03:04 -04:00
|
|
|
return err
|
|
|
|
}
|
2021-11-21 10:41:00 -05:00
|
|
|
defer committer.Close()
|
2021-10-08 13:03:04 -04:00
|
|
|
|
2021-11-21 10:41:00 -05:00
|
|
|
sess := db.GetEngine(ctx)
|
2021-10-08 13:03:04 -04:00
|
|
|
// 1. update default branch if needed
|
|
|
|
isDefault := repo.DefaultBranch == from
|
|
|
|
if isDefault {
|
|
|
|
repo.DefaultBranch = to
|
|
|
|
_, err = sess.ID(repo.ID).Cols("default_branch").Update(repo)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// 2. Update protected branch if needed
|
2022-05-20 10:08:52 -04:00
|
|
|
protectedBranch, err := GetProtectedBranchBy(ctx, repo.ID, from)
|
2021-10-08 13:03:04 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if protectedBranch != nil {
|
|
|
|
protectedBranch.BranchName = to
|
|
|
|
_, err = sess.ID(protectedBranch.ID).Cols("branch_name").Update(protectedBranch)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// 3. Update all not merged pull request base branch name
|
2022-06-12 11:51:54 -04:00
|
|
|
_, err = sess.Table("pull_request").Where("base_repo_id=? AND base_branch=? AND has_merged=?",
|
2021-10-08 13:03:04 -04:00
|
|
|
repo.ID, from, false).
|
|
|
|
Update(map[string]interface{}{"base_branch": to})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// 4. do git action
|
|
|
|
if err = gitAction(isDefault); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// 5. insert renamed branch record
|
|
|
|
renamedBranch := &RenamedBranch{
|
|
|
|
RepoID: repo.ID,
|
|
|
|
From: from,
|
|
|
|
To: to,
|
|
|
|
}
|
2021-11-21 10:41:00 -05:00
|
|
|
err = db.Insert(ctx, renamedBranch)
|
2021-10-08 13:03:04 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-11-21 10:41:00 -05:00
|
|
|
return committer.Commit()
|
2021-10-08 13:03:04 -04:00
|
|
|
}
|