diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-05-30 16:26:45 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-05-30 16:26:45 +0300 |
commit | d8c7efa626ba925aa9c1bf1efaf6289cd5db4f0b (patch) | |
tree | 879a832f29c1b8a78404ba7a724d6391bb173af0 | |
parent | 7ba1853660e09bc997d829fc596ea576c122086b (diff) | |
download | gitlab-ce-d8c7efa626ba925aa9c1bf1efaf6289cd5db4f0b.tar.gz |
Dont allow git tag rewrite/removal unless you are master
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/views/projects/tags/_tag.html.haml | 2 | ||||
-rw-r--r-- | doc/permissions/permissions.md | 1 | ||||
-rw-r--r-- | lib/gitlab/git_access.rb | 3 |
4 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 151db5dd30e..97d1299bae6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,7 @@ v 7.0.0 - Make it easier to implement other CI services for GitLab - Group masters can create projects in group - Deprecate ruby 1.9.3 support + - Only masters can rewrite/remove git tags v 6.9.2 - Revert the commit that broke the LDAP user filter diff --git a/app/views/projects/tags/_tag.html.haml b/app/views/projects/tags/_tag.html.haml index 6629e47ad38..67d771c9707 100644 --- a/app/views/projects/tags/_tag.html.haml +++ b/app/views/projects/tags/_tag.html.haml @@ -17,6 +17,6 @@ - if can? current_user, :download_code, @project = render 'projects/repositories/download_archive', ref: tag.name, btn_class: 'btn-grouped btn-group-small' - if can?(current_user, :admin_project, @project) - = link_to project_tag_path(@project, tag.name), class: 'btn btn-small remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do + = link_to project_tag_path(@project, tag.name), class: 'btn btn-small btn-remove remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do %i.icon-trash diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md index 95b47a86129..40d748c057e 100644 --- a/doc/permissions/permissions.md +++ b/doc/permissions/permissions.md @@ -27,6 +27,7 @@ If a user is a GitLab administrator they receive all permissions. |Add new team members| |||✓|✓| |Push to protected branches| |||✓|✓| |Enable/Disable branch protection| |||✓|✓| +|Rewrite/remove git tags| |||✓|✓| |Edit project| |||✓|✓| |Add Deploy Keys to project| |||✓|✓| |Configure Project Hooks| |||✓|✓| diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 2f8b55aaca0..38b3d82e2f4 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -53,6 +53,9 @@ module Gitlab else :push_code_to_protected_branches end + elsif project.repository && project.repository.tag_names.include?(ref) + # Prevent any changes to existing git tag unless user has permissions + :admin_project else :push_code end |