A fork of Gitea (see branch `mj`) adding Majority Judgment Polls 𐄷 over Issues and Merge Requests. https://git.mieuxvoter.fr
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

617 lines
18 KiB

Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
3 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
3 years ago
[Enhancement] Allow admin to merge pr with protected file changes (#12078) * [Enhancement] Allow admin to merge pr with protected file changes As tilte, show protected message in diff page and merge box. Signed-off-by: a1012112796 <1012112796@qq.com> * remove unused ver * Update options/locale/locale_en-US.ini Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com> * Add TrN * Apply suggestions from code review * fix lint * Update options/locale/locale_en-US.ini Co-authored-by: zeripath <art27@cantab.net> * Apply suggestions from code review * move pr proteced files check to TestPatch * Call TestPatch when protected branches settings changed * Apply review suggestion @CirnoT * move to service @lunny * slightly restructure routers/private/hook.go Adds a lot of comments and simplifies the logic Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * skip duplicate protected files check * fix check logic * slight refactor of TestPatch Signed-off-by: Andrew Thornton <art27@cantab.net> * When checking for protected files changes in TestPatch use the temporary repository Signed-off-by: Andrew Thornton <art27@cantab.net> * fix introduced issue with hook Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove the check on PR index being greater than 0 as it unnecessary Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
3 years ago
  1. // Copyright 2016 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package models
  5. import (
  6. "context"
  7. "fmt"
  8. "strings"
  9. "time"
  10. "code.gitea.io/gitea/modules/base"
  11. "code.gitea.io/gitea/modules/log"
  12. "code.gitea.io/gitea/modules/timeutil"
  13. "code.gitea.io/gitea/modules/util"
  14. "github.com/gobwas/glob"
  15. )
  16. // ProtectedBranch struct
  17. type ProtectedBranch struct {
  18. ID int64 `xorm:"pk autoincr"`
  19. RepoID int64 `xorm:"UNIQUE(s)"`
  20. BranchName string `xorm:"UNIQUE(s)"`
  21. CanPush bool `xorm:"NOT NULL DEFAULT false"`
  22. EnableWhitelist bool
  23. WhitelistUserIDs []int64 `xorm:"JSON TEXT"`
  24. WhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
  25. EnableMergeWhitelist bool `xorm:"NOT NULL DEFAULT false"`
  26. WhitelistDeployKeys bool `xorm:"NOT NULL DEFAULT false"`
  27. MergeWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
  28. MergeWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
  29. EnableStatusCheck bool `xorm:"NOT NULL DEFAULT false"`
  30. StatusCheckContexts []string `xorm:"JSON TEXT"`
  31. EnableApprovalsWhitelist bool `xorm:"NOT NULL DEFAULT false"`
  32. ApprovalsWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
  33. ApprovalsWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
  34. RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
  35. BlockOnRejectedReviews bool `xorm:"NOT NULL DEFAULT false"`
  36. BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
  37. BlockOnOutdatedBranch bool `xorm:"NOT NULL DEFAULT false"`
  38. DismissStaleApprovals bool `xorm:"NOT NULL DEFAULT false"`
  39. RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
  40. ProtectedFilePatterns string `xorm:"TEXT"`
  41. CreatedUnix timeutil.TimeStamp `xorm:"created"`
  42. UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
  43. }
  44. // IsProtected returns if the branch is protected
  45. func (protectBranch *ProtectedBranch) IsProtected() bool {
  46. return protectBranch.ID > 0
  47. }
  48. // CanUserPush returns if some user could push to this protected branch
  49. func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {
  50. if !protectBranch.CanPush {
  51. return false
  52. }
  53. if !protectBranch.EnableWhitelist {
  54. if user, err := GetUserByID(userID); err != nil {
  55. log.Error("GetUserByID: %v", err)
  56. return false
  57. } else if repo, err := GetRepositoryByID(protectBranch.RepoID); err != nil {
  58. log.Error("GetRepositoryByID: %v", err)
  59. return false
  60. } else if writeAccess, err := HasAccessUnit(user, repo, UnitTypeCode, AccessModeWrite); err != nil {
  61. log.Error("HasAccessUnit: %v", err)
  62. return false
  63. } else {
  64. return writeAccess
  65. }
  66. }
  67. if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {
  68. return true
  69. }
  70. if len(protectBranch.WhitelistTeamIDs) == 0 {
  71. return false
  72. }
  73. in, err := IsUserInTeams(userID, protectBranch.WhitelistTeamIDs)
  74. if err != nil {
  75. log.Error("IsUserInTeams: %v", err)
  76. return false
  77. }
  78. return in
  79. }
  80. // IsUserMergeWhitelisted checks if some user is whitelisted to merge to this branch
  81. func (protectBranch *ProtectedBranch) IsUserMergeWhitelisted(userID int64, permissionInRepo Permission) bool {
  82. if !protectBranch.EnableMergeWhitelist {
  83. // Then we need to fall back on whether the user has write permission
  84. return permissionInRepo.CanWrite(UnitTypeCode)
  85. }
  86. if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {
  87. return true
  88. }
  89. if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
  90. return false
  91. }
  92. in, err := IsUserInTeams(userID, protectBranch.MergeWhitelistTeamIDs)
  93. if err != nil {
  94. log.Error("IsUserInTeams: %v", err)
  95. return false
  96. }
  97. return in
  98. }
  99. // IsUserOfficialReviewer check if user is official reviewer for the branch (counts towards required approvals)
  100. func (protectBranch *ProtectedBranch) IsUserOfficialReviewer(user *User) (bool, error) {
  101. return protectBranch.isUserOfficialReviewer(x, user)
  102. }
  103. func (protectBranch *ProtectedBranch) isUserOfficialReviewer(e Engine, user *User) (bool, error) {
  104. repo, err := getRepositoryByID(e, protectBranch.RepoID)
  105. if err != nil {
  106. return false, err
  107. }
  108. if !protectBranch.EnableApprovalsWhitelist {
  109. // Anyone with write access is considered official reviewer
  110. writeAccess, err := hasAccessUnit(e, user, repo, UnitTypeCode, AccessModeWrite)
  111. if err != nil {
  112. return false, err
  113. }
  114. return writeAccess, nil
  115. }
  116. if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, user.ID) {
  117. return true, nil
  118. }
  119. inTeam, err := isUserInTeams(e, user.ID, protectBranch.ApprovalsWhitelistTeamIDs)
  120. if err != nil {
  121. return false, err
  122. }
  123. return inTeam, nil
  124. }
  125. // HasEnoughApprovals returns true if pr has enough granted approvals.
  126. func (protectBranch *ProtectedBranch) HasEnoughApprovals(pr *PullRequest) bool {
  127. if protectBranch.RequiredApprovals == 0 {
  128. return true
  129. }
  130. return protectBranch.GetGrantedApprovalsCount(pr) >= protectBranch.RequiredApprovals
  131. }
  132. // GetGrantedApprovalsCount returns the number of granted approvals for pr. A granted approval must be authored by a user in an approval whitelist.
  133. func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest) int64 {
  134. sess := x.Where("issue_id = ?", pr.IssueID).
  135. And("type = ?", ReviewTypeApprove).
  136. And("official = ?", true).
  137. And("dismissed = ?", false)
  138. if protectBranch.DismissStaleApprovals {
  139. sess = sess.And("stale = ?", false)
  140. }
  141. approvals, err := sess.Count(new(Review))
  142. if err != nil {
  143. log.Error("GetGrantedApprovalsCount: %v", err)
  144. return 0
  145. }
  146. return approvals
  147. }
  148. // MergeBlockedByRejectedReview returns true if merge is blocked by rejected reviews
  149. func (protectBranch *ProtectedBranch) MergeBlockedByRejectedReview(pr *PullRequest) bool {
  150. if !protectBranch.BlockOnRejectedReviews {
  151. return false
  152. }
  153. rejectExist, err := x.Where("issue_id = ?", pr.IssueID).
  154. And("type = ?", ReviewTypeReject).
  155. And("official = ?", true).
  156. And("dismissed = ?", false).
  157. Exist(new(Review))
  158. if err != nil {
  159. log.Error("MergeBlockedByRejectedReview: %v", err)
  160. return true
  161. }
  162. return rejectExist
  163. }
  164. // MergeBlockedByOfficialReviewRequests block merge because of some review request to official reviewer
  165. // of from official review
  166. func (protectBranch *ProtectedBranch) MergeBlockedByOfficialReviewRequests(pr *PullRequest) bool {
  167. if !protectBranch.BlockOnOfficialReviewRequests {
  168. return false
  169. }
  170. has, err := x.Where("issue_id = ?", pr.IssueID).
  171. And("type = ?", ReviewTypeRequest).
  172. And("official = ?", true).
  173. Exist(new(Review))
  174. if err != nil {
  175. log.Error("MergeBlockedByOfficialReviewRequests: %v", err)
  176. return true
  177. }
  178. return has
  179. }
  180. // MergeBlockedByOutdatedBranch returns true if merge is blocked by an outdated head branch
  181. func (protectBranch *ProtectedBranch) MergeBlockedByOutdatedBranch(pr *PullRequest) bool {
  182. return protectBranch.BlockOnOutdatedBranch && pr.CommitsBehind > 0
  183. }
  184. // GetProtectedFilePatterns parses a semicolon separated list of protected file patterns and returns a glob.Glob slice
  185. func (protectBranch *ProtectedBranch) GetProtectedFilePatterns() []glob.Glob {
  186. extarr := make([]glob.Glob, 0, 10)
  187. for _, expr := range strings.Split(strings.ToLower(protectBranch.ProtectedFilePatterns), ";") {
  188. expr = strings.TrimSpace(expr)
  189. if expr != "" {
  190. if g, err := glob.Compile(expr, '.', '/'); err != nil {
  191. log.Info("Invalid glob expresion '%s' (skipped): %v", expr, err)
  192. } else {
  193. extarr = append(extarr, g)
  194. }
  195. }
  196. }
  197. return extarr
  198. }
  199. // MergeBlockedByProtectedFiles returns true if merge is blocked by protected files change
  200. func (protectBranch *ProtectedBranch) MergeBlockedByProtectedFiles(pr *PullRequest) bool {
  201. glob := protectBranch.GetProtectedFilePatterns()
  202. if len(glob) == 0 {
  203. return false
  204. }
  205. return len(pr.ChangedProtectedFiles) > 0
  206. }
  207. // IsProtectedFile return if path is protected
  208. func (protectBranch *ProtectedBranch) IsProtectedFile(patterns []glob.Glob, path string) bool {
  209. if len(patterns) == 0 {
  210. patterns = protectBranch.GetProtectedFilePatterns()
  211. if len(patterns) == 0 {
  212. return false
  213. }
  214. }
  215. lpath := strings.ToLower(strings.TrimSpace(path))
  216. r := false
  217. for _, pat := range patterns {
  218. if pat.Match(lpath) {
  219. r = true
  220. break
  221. }
  222. }
  223. return r
  224. }
  225. // GetProtectedBranchByRepoID getting protected branch by repo ID
  226. func GetProtectedBranchByRepoID(repoID int64) ([]*ProtectedBranch, error) {
  227. protectedBranches := make([]*ProtectedBranch, 0)
  228. return protectedBranches, x.Where("repo_id = ?", repoID).Desc("updated_unix").Find(&protectedBranches)
  229. }
  230. // GetProtectedBranchBy getting protected branch by ID/Name
  231. func GetProtectedBranchBy(repoID int64, branchName string) (*ProtectedBranch, error) {
  232. return getProtectedBranchBy(x, repoID, branchName)
  233. }
  234. func getProtectedBranchBy(e Engine, repoID int64, branchName string) (*ProtectedBranch, error) {
  235. rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}
  236. has, err := e.Get(rel)
  237. if err != nil {
  238. return nil, err
  239. }
  240. if !has {
  241. return nil, nil
  242. }
  243. return rel, nil
  244. }
  245. // GetProtectedBranchByID getting protected branch by ID
  246. func GetProtectedBranchByID(id int64) (*ProtectedBranch, error) {
  247. rel := &ProtectedBranch{}
  248. has, err := x.ID(id).Get(rel)
  249. if err != nil {
  250. return nil, err
  251. }
  252. if !has {
  253. return nil, nil
  254. }
  255. return rel, nil
  256. }
  257. // WhitelistOptions represent all sorts of whitelists used for protected branches
  258. type WhitelistOptions struct {
  259. UserIDs []int64
  260. TeamIDs []int64
  261. MergeUserIDs []int64
  262. MergeTeamIDs []int64
  263. ApprovalsUserIDs []int64
  264. ApprovalsTeamIDs []int64
  265. }
  266. // UpdateProtectBranch saves branch protection options of repository.
  267. // If ID is 0, it creates a new record. Otherwise, updates existing record.
  268. // This function also performs check if whitelist user and team's IDs have been changed
  269. // to avoid unnecessary whitelist delete and regenerate.
  270. func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
  271. if err = repo.GetOwner(); err != nil {
  272. return fmt.Errorf("GetOwner: %v", err)
  273. }
  274. whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
  275. if err != nil {
  276. return err
  277. }
  278. protectBranch.WhitelistUserIDs = whitelist
  279. whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
  280. if err != nil {
  281. return err
  282. }
  283. protectBranch.MergeWhitelistUserIDs = whitelist
  284. whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
  285. if err != nil {
  286. return err
  287. }
  288. protectBranch.ApprovalsWhitelistUserIDs = whitelist
  289. // if the repo is in an organization
  290. whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
  291. if err != nil {
  292. return err
  293. }
  294. protectBranch.WhitelistTeamIDs = whitelist
  295. whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
  296. if err != nil {
  297. return err
  298. }
  299. protectBranch.MergeWhitelistTeamIDs = whitelist
  300. whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
  301. if err != nil {
  302. return err
  303. }
  304. protectBranch.ApprovalsWhitelistTeamIDs = whitelist
  305. // Make sure protectBranch.ID is not 0 for whitelists
  306. if protectBranch.ID == 0 {
  307. if _, err = x.Insert(protectBranch); err != nil {
  308. return fmt.Errorf("Insert: %v", err)
  309. }
  310. return nil
  311. }
  312. if _, err = x.ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
  313. return fmt.Errorf("Update: %v", err)
  314. }
  315. return nil
  316. }
  317. // GetProtectedBranches get all protected branches
  318. func (repo *Repository) GetProtectedBranches() ([]*ProtectedBranch, error) {
  319. protectedBranches := make([]*ProtectedBranch, 0)
  320. return protectedBranches, x.Find(&protectedBranches, &ProtectedBranch{RepoID: repo.ID})
  321. }
  322. // GetBranchProtection get the branch protection of a branch
  323. func (repo *Repository) GetBranchProtection(branchName string) (*ProtectedBranch, error) {
  324. return GetProtectedBranchBy(repo.ID, branchName)
  325. }
  326. // IsProtectedBranch checks if branch is protected
  327. func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool, error) {
  328. if doer == nil {
  329. return true, nil
  330. }
  331. protectedBranch := &ProtectedBranch{
  332. RepoID: repo.ID,
  333. BranchName: branchName,
  334. }
  335. has, err := x.Exist(protectedBranch)
  336. if err != nil {
  337. return true, err
  338. }
  339. return has, nil
  340. }
  341. // IsProtectedBranchForPush checks if branch is protected for push
  342. func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {
  343. if doer == nil {
  344. return true, nil
  345. }
  346. protectedBranch := &ProtectedBranch{
  347. RepoID: repo.ID,
  348. BranchName: branchName,
  349. }
  350. has, err := x.Get(protectedBranch)
  351. if err != nil {
  352. return true, err
  353. } else if has {
  354. return !protectedBranch.CanUserPush(doer.ID), nil
  355. }
  356. return false, nil
  357. }
  358. // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
  359. // the users from newWhitelist which have explicit read or write access to the repo.
  360. func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
  361. hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
  362. if !hasUsersChanged {
  363. return currentWhitelist, nil
  364. }
  365. whitelist = make([]int64, 0, len(newWhitelist))
  366. for _, userID := range newWhitelist {
  367. if reader, err := repo.IsReader(userID); err != nil {
  368. return nil, err
  369. } else if !reader {
  370. continue
  371. }
  372. whitelist = append(whitelist, userID)
  373. }
  374. return
  375. }
  376. // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
  377. // the users from newWhitelist which have write access to the repo.
  378. func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
  379. hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
  380. if !hasUsersChanged {
  381. return currentWhitelist, nil
  382. }
  383. whitelist = make([]int64, 0, len(newWhitelist))
  384. for _, userID := range newWhitelist {
  385. user, err := GetUserByID(userID)
  386. if err != nil {
  387. return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
  388. }
  389. perm, err := GetUserRepoPermission(repo, user)
  390. if err != nil {
  391. return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
  392. }
  393. if !perm.CanWrite(UnitTypeCode) {
  394. continue // Drop invalid user ID
  395. }
  396. whitelist = append(whitelist, userID)
  397. }
  398. return
  399. }
  400. // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
  401. // the teams from newWhitelist which have write access to the repo.
  402. func updateTeamWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
  403. hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
  404. if !hasTeamsChanged {
  405. return currentWhitelist, nil
  406. }
  407. teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)
  408. if err != nil {
  409. return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
  410. }
  411. whitelist = make([]int64, 0, len(teams))
  412. for i := range teams {
  413. if util.IsInt64InSlice(teams[i].ID, newWhitelist) {
  414. whitelist = append(whitelist, teams[i].ID)
  415. }
  416. }
  417. return
  418. }
  419. // DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.
  420. func (repo *Repository) DeleteProtectedBranch(id int64) (err error) {
  421. protectedBranch := &ProtectedBranch{
  422. RepoID: repo.ID,
  423. ID: id,
  424. }
  425. sess := x.NewSession()
  426. defer sess.Close()
  427. if err = sess.Begin(); err != nil {
  428. return err
  429. }
  430. if affected, err := sess.Delete(protectedBranch); err != nil {
  431. return err
  432. } else if affected != 1 {
  433. return fmt.Errorf("delete protected branch ID(%v) failed", id)
  434. }
  435. return sess.Commit()
  436. }
  437. // DeletedBranch struct
  438. type DeletedBranch struct {
  439. ID int64 `xorm:"pk autoincr"`
  440. RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
  441. Name string `xorm:"UNIQUE(s) NOT NULL"`
  442. Commit string `xorm:"UNIQUE(s) NOT NULL"`
  443. DeletedByID int64 `xorm:"INDEX"`
  444. DeletedBy *User `xorm:"-"`
  445. DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`
  446. }
  447. // AddDeletedBranch adds a deleted branch to the database
  448. func (repo *Repository) AddDeletedBranch(branchName, commit string, deletedByID int64) error {
  449. deletedBranch := &DeletedBranch{
  450. RepoID: repo.ID,
  451. Name: branchName,
  452. Commit: commit,
  453. DeletedByID: deletedByID,
  454. }
  455. sess := x.NewSession()
  456. defer sess.Close()
  457. if err := sess.Begin(); err != nil {
  458. return err
  459. }
  460. if _, err := sess.InsertOne(deletedBranch); err != nil {
  461. return err
  462. }
  463. return sess.Commit()
  464. }
  465. // GetDeletedBranches returns all the deleted branches
  466. func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {
  467. deletedBranches := make([]*DeletedBranch, 0)
  468. return deletedBranches, x.Where("repo_id = ?", repo.ID).Desc("deleted_unix").Find(&deletedBranches)
  469. }
  470. // GetDeletedBranchByID get a deleted branch by its ID
  471. func (repo *Repository) GetDeletedBranchByID(id int64) (*DeletedBranch, error) {
  472. deletedBranch := &DeletedBranch{}
  473. has, err := x.ID(id).Get(deletedBranch)
  474. if err != nil {
  475. return nil, err
  476. }
  477. if !has {
  478. return nil, nil
  479. }
  480. return deletedBranch, nil
  481. }
  482. // RemoveDeletedBranch removes a deleted branch from the database
  483. func (repo *Repository) RemoveDeletedBranch(id int64) (err error) {
  484. deletedBranch := &DeletedBranch{
  485. RepoID: repo.ID,
  486. ID: id,
  487. }
  488. sess := x.NewSession()
  489. defer sess.Close()
  490. if err = sess.Begin(); err != nil {
  491. return err
  492. }
  493. if affected, err := sess.Delete(deletedBranch); err != nil {
  494. return err
  495. } else if affected != 1 {
  496. return fmt.Errorf("remove deleted branch ID(%v) failed", id)
  497. }
  498. return sess.Commit()
  499. }
  500. // LoadUser loads the user that deleted the branch
  501. // When there's no user found it returns a NewGhostUser
  502. func (deletedBranch *DeletedBranch) LoadUser() {
  503. user, err := GetUserByID(deletedBranch.DeletedByID)
  504. if err != nil {
  505. user = NewGhostUser()
  506. }
  507. deletedBranch.DeletedBy = user
  508. }
  509. // RemoveDeletedBranch removes all deleted branches
  510. func RemoveDeletedBranch(repoID int64, branch string) error {
  511. _, err := x.Where("repo_id=? AND name=?", repoID, branch).Delete(new(DeletedBranch))
  512. return err
  513. }
  514. // RemoveOldDeletedBranches removes old deleted branches
  515. func RemoveOldDeletedBranches(ctx context.Context, olderThan time.Duration) {
  516. // Nothing to do for shutdown or terminate
  517. log.Trace("Doing: DeletedBranchesCleanup")
  518. deleteBefore := time.Now().Add(-olderThan)
  519. _, err := x.Where("deleted_unix < ?", deleteBefore.Unix()).Delete(new(DeletedBranch))
  520. if err != nil {
  521. log.Error("DeletedBranchesCleanup: %v", err)
  522. }
  523. }