[Backported from EE] Readonly flag for Projects

This is used in EE for the storage migration, and we want to use this
in CE as well to be able to migrate projects to hashed_storage.

5 files changed, 51 insertions, 11 deletions

diff --git a/db/migrate/20160713200638_add_repository_read_only_to_projects.rb b/db/migrate/20160713200638_add_repository_read_only_to_projects.rb
new file mode 100644
index 00000000000..8ee8b55f210
--- /dev/null
+++ b/db/migrate/20160713200638_add_repository_read_only_to_projects.rb
@@ -0,0 +1,9 @@
+class AddRepositoryReadOnlyToProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    add_column :projects, :repository_read_only, :boolean
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 330336e8e61..e2acca25c5e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1215,6 +1215,7 @@ ActiveRecord::Schema.define(version: 20170921115009) do
     t.datetime "last_repository_updated_at"
     t.integer "storage_version", limit: 2
     t.boolean "resolve_outdated_diff_discussions"
+    t.boolean "repository_read_only"
   end
 
   add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 62d1ecae676..db67ede9d9e 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -16,7 +16,8 @@ module Gitlab
       account_blocked: 'Your account has been blocked.',
       command_not_allowed: "The command you're trying to execute is not allowed.",
       upload_pack_disabled_over_http: 'Pulling over HTTP is not allowed.',
-      receive_pack_disabled_over_http: 'Pushing over HTTP is not allowed.'
+      receive_pack_disabled_over_http: 'Pushing over HTTP is not allowed.',
+      readonly: 'The repository is temporarily read-only. Please try again later.'
     }.freeze
 
     DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }.freeze
@@ -159,6 +160,10 @@ module Gitlab
     end
 
     def check_push_access!(changes)
+      if project.repository_read_only?
+        raise UnauthorizedError, ERROR_MESSAGES[:readonly]
+      end
+
       if deploy_key
         check_deploy_key_push_access!
       elsif user
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb
index 7493b0a8b35..4842efc86a1 100644
--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -143,6 +143,10 @@ FactoryGirl.define do
       end
     end
 
+    trait :read_only_repository do
+      repository_read_only true
+    end
+
     trait :broken_repo do
       after(:create) do |project|
         raise "Failed to create repository!" unless project.create_repository
diff --git a/spec/lib/gitlab/shell_spec.rb b/spec/lib/gitlab/shell_spec.rb
index c7930378240..8edf83864da 100644
--- a/spec/lib/gitlab/shell_spec.rb
+++ b/spec/lib/gitlab/shell_spec.rb
@@ -48,14 +48,35 @@ describe Gitlab::Shell do
     end
   end
 
-  describe '#add_key' do
-    it 'removes trailing garbage' do
-      allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
-      expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
-        [:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
-      )
-
-      gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
+  describe 'projects commands' do
+    let(:gitlab_shell_path) { File.expand_path('tmp/tests/gitlab-shell') }
+    let(:projects_path) { File.join(gitlab_shell_path, 'bin/gitlab-projects') }
+    let(:gitlab_shell_hooks_path) { File.join(gitlab_shell_path, 'hooks') }
+
+    before do
+      allow(Gitlab.config.gitlab_shell).to receive(:path).and_return(gitlab_shell_path)
+      allow(Gitlab.config.gitlab_shell).to receive(:hooks_path).and_return(gitlab_shell_hooks_path)
+      allow(Gitlab.config.gitlab_shell).to receive(:git_timeout).and_return(800)
+    end
+
+    describe '#mv_repository' do
+      it 'executes the command' do
+        expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
+          [projects_path, 'mv-project', 'storage/path', 'project/path.git', 'new/path.git']
+        )
+        gitlab_shell.mv_repository('storage/path', 'project/path', 'new/path')
+      end
+    end
+
+    describe '#add_key' do
+      it 'removes trailing garbage' do
+        allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
+        expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
+          [:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
+        )
+
+        gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
+      end
     end
   end
 
@@ -136,7 +157,7 @@ describe Gitlab::Shell do
       it 'returns true when the command succeeds' do
         expect(Gitlab::Popen).to receive(:popen)
           .with([projects_path, 'rm-project', 'current/storage', 'project/path.git'],
-                nil, popen_vars).and_return([nil, 0])
+            nil, popen_vars).and_return([nil, 0])
 
         expect(gitlab_shell.remove_repository('current/storage', 'project/path')).to be true
       end
@@ -144,7 +165,7 @@ describe Gitlab::Shell do
       it 'returns false when the command fails' do
         expect(Gitlab::Popen).to receive(:popen)
           .with([projects_path, 'rm-project', 'current/storage', 'project/path.git'],
-                nil, popen_vars).and_return(["error", 1])
+            nil, popen_vars).and_return(["error", 1])
 
         expect(gitlab_shell.remove_repository('current/storage', 'project/path')).to be false
       end