diff options
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | lib/gitlab/git_access.rb | 28 |
2 files changed, 26 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 3f6cc3a8268..6aad096aee6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 7.3.1 + - Fix ref parsing in Gitlab::GitAccess + v 7.3.0 - Always set the 'origin' remote in satellite actions - Write authorized_keys in tmp/ during tests diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index e75a5a1d62e..6247dd59867 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -49,11 +49,11 @@ module Gitlab # Iterate over all changes to find if user allowed all of them to be applied changes.each do |change| - oldrev, newrev, ref = changes.split('') + oldrev, newrev, ref = change.split(' ') - action = if project.protected_branch?(ref) + action = if project.protected_branch?(branch_name(ref)) # we dont allow force push to protected branch - if forced_push?(oldrev, newrev) + if forced_push?(project, oldrev, newrev) :force_push_code_to_protected_branches # and we dont allow remove of protected branch elsif newrev =~ /0000000/ @@ -61,7 +61,7 @@ module Gitlab else :push_code_to_protected_branches end - elsif project.repository && project.repository.tag_names.include?(ref) + elsif project.repository && project.repository.tag_names.include?(tag_name(ref)) # Prevent any changes to existing git tag unless user has permissions :admin_project else @@ -77,7 +77,7 @@ module Gitlab true end - def forced_push?(oldrev, newrev) + def forced_push?(project, oldrev, newrev) return false if project.empty_repo? if oldrev !~ /00000000/ && newrev !~ /00000000/ @@ -93,5 +93,23 @@ module Gitlab def user_allowed?(user) Gitlab::UserAccess.allowed?(user) end + + def branch_name(ref) + ref = ref.to_s + if ref.start_with?('refs/heads') + ref.sub(%r{\Arefs/heads/}, '') + else + nil + end + end + + def tag_name(ref) + ref = ref.to_s + if ref.start_with?('refs/tags') + ref.sub(%r{\Arefs/tags/}, '') + else + nil + end + end end end |