Merge branch 'gitlab-shell-2-0' into 'master'

Modify GitLab to work with gitlab-shell 2.0 Related to #1516 See merge request !1057
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-02 13:20:15 +0400
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-02 13:20:15 +0400
commit: 3a3c4ea436c7e2b65c93e54e6f110722c8371fb9 (patch)
tree: 1ffab592d96867cdac0ec3fb5dfb46e3ccfc38cf /lib/gitlab
parent: 7e7f52862b2953f0b36a6fea37ca179e0182d0d8 (diff)
parent: 7f99aa57a28f56c6e04263cd7c2785ed867ec9a1 (diff)
1 files changed, 31 insertions, 8 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 38b3d82e2f4..e75a5a1d62e 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,7 +5,7 @@ module Gitlab
 
     attr_reader :params, :project, :git_cmd, :user
 
-    def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil, forced_push = false)
+    def allowed?(actor, cmd, project, changes = nil)
       case cmd
       when *DOWNLOAD_COMMANDS
         if actor.is_a? User
@@ -19,12 +19,12 @@ module Gitlab
         end
       when *PUSH_COMMANDS
         if actor.is_a? User
-          push_allowed?(actor, project, ref, oldrev, newrev, forced_push)
+          push_allowed?(actor, project, changes)
         elsif actor.is_a? DeployKey
           # Deploy key not allowed to push
           return false
         elsif actor.is_a? Key
-          push_allowed?(actor.user, project, ref, oldrev, newrev, forced_push)
+          push_allowed?(actor.user, project, changes)
         else
           raise 'Wrong actor'
         end
@@ -41,13 +41,21 @@ module Gitlab
       end
     end
 
-    def push_allowed?(user, project, ref, oldrev, newrev, forced_push)
-      if user && user_allowed?(user)
+    def push_allowed?(user, project, changes)
+      return false unless user && user_allowed?(user)
+      return true if changes.blank?
+
+      changes = changes.lines if changes.kind_of?(String)
+
+      # Iterate over all changes to find if user allowed all of them to be applied
+      changes.each do |change|
+        oldrev, newrev, ref = changes.split('')
+
         action = if project.protected_branch?(ref)
                    # we dont allow force push to protected branch
-                   if forced_push.to_s == 'true'
+                   if forced_push?(oldrev, newrev)
                      :force_push_code_to_protected_branches
-                   # and we dont allow remove of protected branch
+                     # and we dont allow remove of protected branch
                    elsif newrev =~ /0000000/
                      :remove_protected_branches
                    else
@@ -59,7 +67,22 @@ module Gitlab
                  else
                    :push_code
                  end
-        user.can?(action, project)
+        unless user.can?(action, project)
+          # If user does not have access to make at least one change - cancel all push
+          return false
+        end
+      end
+
+      # If user has access to make all changes
+      true
+    end
+
+    def forced_push?(oldrev, newrev)
+      return false if project.empty_repo?
+
+      if oldrev !~ /00000000/ && newrev !~ /00000000/
+        missed_refs = IO.popen(%W(git --git-dir=#{project.repository.path_to_repo} rev-list #{oldrev} ^#{newrev})).read
+        missed_refs.split("\n").size > 0
       else
         false
       end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-09-02 13:20:15 +0400
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-09-02 13:20:15 +0400
commit	3a3c4ea436c7e2b65c93e54e6f110722c8371fb9 (patch)
tree	1ffab592d96867cdac0ec3fb5dfb46e3ccfc38cf /lib/gitlab
parent	7e7f52862b2953f0b36a6fea37ca179e0182d0d8 (diff)
parent	7f99aa57a28f56c6e04263cd7c2785ed867ec9a1 (diff)