Prevent creating pipelines with ambiguous refs

author: Matija Čupić <matteeyah@gmail.com> 2018-11-10 15:48:22 +0100
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-08 19:28:33 +0100
commit: 2edc02143b2d361275fb97ce2904a58e7dc8ff38 (patch)
tree: 9adff8eadb472afef1d1f17c033a5a3bac857f74 /lib
parent: 1bf580688890a3b13e7ac0468f29108dafe08f9e (diff)
download: gitlab-ce-2edc02143b2d361275fb97ce2904a58e7dc8ff38.tar.gz
5 files changed, 12 insertions, 8 deletions
diff --git a/lib/gitlab/ci/pipeline/chain/build.rb b/lib/gitlab/ci/pipeline/chain/build.rb
index d33d1edfe35..41632211374 100644
--- a/lib/gitlab/ci/pipeline/chain/build.rb
+++ b/lib/gitlab/ci/pipeline/chain/build.rb
@@ -17,7 +17,6 @@ module Gitlab
               user: @command.current_user,
               pipeline_schedule: @command.schedule,
               merge_request: @command.merge_request,
-              protected: @command.protected_ref?,
               variables_attributes: Array(@command.variables_attributes)
             )
 
diff --git a/lib/gitlab/ci/pipeline/chain/command.rb b/lib/gitlab/ci/pipeline/chain/command.rb
index 316c283d90b..ee5022e47c4 100644
--- a/lib/gitlab/ci/pipeline/chain/command.rb
+++ b/lib/gitlab/ci/pipeline/chain/command.rb
@@ -51,12 +51,6 @@ module Gitlab
           def before_sha
             self[:before_sha] || checkout_sha || Gitlab::Git::BLANK_SHA
           end
-
-          def protected_ref?
-            strong_memoize(:protected_ref) do
-              project.protected_for?(origin_ref)
-            end
-          end
         end
       end
     end
diff --git a/lib/gitlab/ci/pipeline/chain/populate.rb b/lib/gitlab/ci/pipeline/chain/populate.rb
index 633d3cd4f6b..45b4393ecf3 100644
--- a/lib/gitlab/ci/pipeline/chain/populate.rb
+++ b/lib/gitlab/ci/pipeline/chain/populate.rb
@@ -19,6 +19,11 @@ module Gitlab
             @command.seeds_block&.call(pipeline)
 
             ##
+            # Populate pipeline protected status
+            #
+            pipeline.protected = @command.project.protected_for?(@command.origin_ref)
+
+            ##
             # Populate pipeline with all stages, and stages with builds.
             #
             pipeline.stage_seeds.each do |stage|
diff --git a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
index ebd7e6e8289..e4979102fd9 100644
--- a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
+++ b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
@@ -31,7 +31,7 @@ module Gitlab
               if current_user
                 allowed_to_create?
               else # legacy triggers don't have a corresponding user
-                !@command.protected_ref?
+                !@command.project.protected_for?(@command.origin_ref)
               end
             end
 
diff --git a/lib/gitlab/ci/pipeline/chain/validate/repository.rb b/lib/gitlab/ci/pipeline/chain/validate/repository.rb
index d88851d8245..3cec55cdb71 100644
--- a/lib/gitlab/ci/pipeline/chain/validate/repository.rb
+++ b/lib/gitlab/ci/pipeline/chain/validate/repository.rb
@@ -16,6 +16,12 @@ module Gitlab
               unless @command.sha
                 return error('Commit not found')
               end
+
+              begin
+                @command.project.resolve_ref(@command.origin_ref)
+              rescue Project::AmbiguousRef
+                return error('Ref is ambiguous')
+              end
             end
 
             def break?
author	Matija Čupić <matteeyah@gmail.com>	2018-11-10 15:48:22 +0100
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-08 19:28:33 +0100
commit	2edc02143b2d361275fb97ce2904a58e7dc8ff38 (patch)
tree	9adff8eadb472afef1d1f17c033a5a3bac857f74 /lib
parent	1bf580688890a3b13e7ac0468f29108dafe08f9e (diff)
download	gitlab-ce-2edc02143b2d361275fb97ce2904a58e7dc8ff38.tar.gz