diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-05-23 06:06:22 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-05-23 06:06:22 +0000 |
| commit | 9e6466c78442075e0f8fb8fe317ffe53dfcb5a95 (patch) | |
| tree | b36877c3b8957449210bb0739d201a68c3c6e1f0 /lib | |
| parent | eee14a0c740b53dfba50e1b091d4017ada92ee97 (diff) | |
| parent | b9d1fc2f3bdebe541795d6ef6e94da9e98b043d3 (diff) | |
| download | gitlab-ce-9e6466c78442075e0f8fb8fe317ffe53dfcb5a95.tar.gz | |
Merge branch 'api-remove-branch' into 'master'
New rules for protected branches
This MR change permissions logic for branch removal. Changes listed below:
Before
* developer can remove branch with terminal but not in UI
* masters can remove any branch with UI even protected one
* force-push to protected branch is not allowed but remove is allowed
After
* none can force push or remove protected branches
* developers and masters can remove normal branches with console and UI
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/branches.rb | 12 | ||||
| -rw-r--r-- | lib/gitlab/git_access.rb | 20 |
2 files changed, 24 insertions, 8 deletions
diff --git a/lib/api/branches.rb b/lib/api/branches.rb index d54f9371fbe..32597eb94c4 100644 --- a/lib/api/branches.rb +++ b/lib/api/branches.rb @@ -84,6 +84,18 @@ module API present @branch, with: Entities::RepoObject, project: user_project end + + # Delete branch + # + # Parameters: + # id (required) - The ID of a project + # branch (required) - The name of the branch + # Example Request: + # DELETE /projects/:id/repository/branches/:branch + delete ":id/repository/branches/:branch" do + authorize_push_project + DeleteBranchService.new.execute(user_project, params[:branch], current_user) + end end end end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 4f49ca4189e..2f8b55aaca0 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -44,14 +44,18 @@ module Gitlab def push_allowed?(user, project, ref, oldrev, newrev, forced_push) if user && user_allowed?(user) action = if project.protected_branch?(ref) - if forced_push.to_s == 'true' - :force_push_code_to_protected_branches - else - :push_code_to_protected_branches - end - else - :push_code - end + # we dont allow force push to protected branch + if forced_push.to_s == 'true' + :force_push_code_to_protected_branches + # and we dont allow remove of protected branch + elsif newrev =~ /0000000/ + :remove_protected_branches + else + :push_code_to_protected_branches + end + else + :push_code + end user.can?(action, project) else false |