gitea/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-06-22 14:08:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow Protected Branches to Whitelist Deploy Keys (#8483)

Browse Source 
Add an option to protected branches to add writing deploy keys to the whitelist for pushing.

Please note this is technically a breaking change: previously if the owner of a repository was on the whitelist then any writing deploy key was effectively on the whitelist. This option will now need to be set if that is desired.

Closes #8472 

Details:
* Allow Protected Branches to Whitelist Deploy Keys
* Add migration
* Ensure that IsDeployKey is set to false on the http pushes
* add not null default false
This commit is contained in:
zeripath
2019-10-21 09:21:45 +01:00
committed by GitHub
parent b1c1e1549b
commit 0bfe5eb10b
13 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
routers/private/hook.go
View File

@ -33,6 +33,7 @@ func HookPreReceive(ctx *macaron.Context) {
gitAlternativeObjectDirectories := ctx.QueryTrim("gitAlternativeObjectDirectories")
gitQuarantinePath := ctx.QueryTrim("gitQuarantinePath")
prID := ctx.QueryInt64("prID")
isDeployKey := ctx.QueryBool("isDeployKey")
branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)
@ -95,7 +96,12 @@ func HookPreReceive(ctx *macaron.Context) {
}
}
canPush := protectBranch.CanUserPush(userID)
canPush := false
if isDeployKey {
canPush = protectBranch.WhitelistDeployKeys
} else {
canPush = protectBranch.CanUserPush(userID)
}
if !canPush && prID > 0 {
pr, err := models.GetPullRequestByID(prID)
if err != nil {

1
routers/repo/http.go
View File

@ -263,6 +263,7 @@ func HTTP(ctx *context.Context) {
models.EnvPusherName + "=" + authUser.Name,
models.EnvPusherID + fmt.Sprintf("=%d", authUser.ID),
models.ProtectedBranchRepoID + fmt.Sprintf("=%d", repo.ID),
models.EnvIsDeployKey + "=false",
}
if !authUser.KeepEmailPrivate {

1
routers/repo/setting_protected_branch.go
View File

@ -213,6 +213,7 @@ func SettingsProtectedBranchPost(ctx *context.Context, f auth.ProtectBranchForm)
protectBranch.EnableStatusCheck = f.EnableStatusCheck
protectBranch.StatusCheckContexts = f.StatusCheckContexts
protectBranch.WhitelistDeployKeys = f.WhitelistDeployKeys
protectBranch.RequiredApprovals = f.RequiredApprovals
if strings.TrimSpace(f.ApprovalsWhitelistUsers) != "" {