diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2016-06-23 12:28:14 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2016-07-13 10:54:56 +0300 |
commit | 495db09653bafb0371e5d5a5f12d5bc33cdb584b (patch) | |
tree | a524d76e48cb8c34e414ac4ee422f33dfa6625e2 /lib/gitlab | |
parent | f0577d838544152f558411ef1101d56c5852d92e (diff) |
Enforce "developers can merge" during `pre-receive`.
1. When a merge request is being merged, save the merge commit SHA in
the `in_progress_merge_commit_sha` database column.
2. The `pre-receive` hook looks for any locked (in progress) merge
request with `in_progress_merge_commit_sha` matching the `newrev` it
is passed.
3. If it finds a matching MR, the merge is legitimate.
4. Update `git_access_spec` to test the behaviour we added here. Also
refactored this spec a bit to make it easier to add more contexts / conditions.
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/checks/matching_merge_request.rb | 18 | ||||
-rw-r--r-- | lib/gitlab/git_access.rb | 7 |
2 files changed, 25 insertions, 0 deletions
diff --git a/lib/gitlab/checks/matching_merge_request.rb b/lib/gitlab/checks/matching_merge_request.rb new file mode 100644 index 00000000000..849848515da --- /dev/null +++ b/lib/gitlab/checks/matching_merge_request.rb @@ -0,0 +1,18 @@ +module Gitlab + module Checks + class MatchingMergeRequest + def initialize(newrev, branch_name, project) + @newrev = newrev + @branch_name = branch_name + @project = project + end + + def match? + @project.merge_requests + .with_state(:locked) + .where(in_progress_merge_commit_sha: @newrev, target_branch: @branch_name) + .exists? + end + end + end +end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index e20e3338262..feaf845209e 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -177,10 +177,15 @@ module Gitlab Gitlab::ForcePushCheck.force_push?(project, oldrev, newrev) end + def protocol_allowed? Gitlab::ProtocolAccess.allowed?(protocol) end + def matching_merge_request?(newrev, branch_name) + Checks::MatchingMergeRequest.new(newrev, branch_name, project).match? + end + private def protected_branch_action(oldrev, newrev, branch_name) @@ -190,6 +195,8 @@ module Gitlab elsif Gitlab::Git.blank_ref?(newrev) # and we dont allow remove of protected branch :remove_protected_branches + elsif matching_merge_request?(newrev, branch_name) && project.developers_can_merge_to_protected_branch?(branch_name) + :push_code elsif project.developers_can_push_to_protected_branch?(branch_name) :push_code else |