osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4f0cac5ea6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f0cac5ea6'
${ noResults }
com/models/branches.go

494 lines
14KB
Raw Blame History 

  1. // Copyright 2016 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"fmt"

  9. 	"time"

  10. 

  11. 	"code.gitea.io/gitea/modules/base"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 	"code.gitea.io/gitea/modules/timeutil"

  15. 	"code.gitea.io/gitea/modules/util"

  16. 

  17. 	"github.com/unknwon/com"

  18. )

  19. 

  20. const (

  21. 	// ProtectedBranchRepoID protected Repo ID

  22. 	ProtectedBranchRepoID = "GITEA_REPO_ID"

  23. 	// ProtectedBranchPRID protected Repo PR ID

  24. 	ProtectedBranchPRID = "GITEA_PR_ID"

  25. )

  26. 

  27. // ProtectedBranch struct

  28. type ProtectedBranch struct {

  29. 	ID                        int64  `xorm:"pk autoincr"`

  30. 	RepoID                    int64  `xorm:"UNIQUE(s)"`

  31. 	BranchName                string `xorm:"UNIQUE(s)"`

  32. 	CanPush                   bool   `xorm:"NOT NULL DEFAULT false"`

  33. 	EnableWhitelist           bool

  34. 	WhitelistUserIDs          []int64            `xorm:"JSON TEXT"`

  35. 	WhitelistTeamIDs          []int64            `xorm:"JSON TEXT"`

  36. 	EnableMergeWhitelist      bool               `xorm:"NOT NULL DEFAULT false"`

  37. 	WhitelistDeployKeys       bool               `xorm:"NOT NULL DEFAULT false"`

  38. 	MergeWhitelistUserIDs     []int64            `xorm:"JSON TEXT"`

  39. 	MergeWhitelistTeamIDs     []int64            `xorm:"JSON TEXT"`

  40. 	EnableStatusCheck         bool               `xorm:"NOT NULL DEFAULT false"`

  41. 	StatusCheckContexts       []string           `xorm:"JSON TEXT"`

  42. 	ApprovalsWhitelistUserIDs []int64            `xorm:"JSON TEXT"`

  43. 	ApprovalsWhitelistTeamIDs []int64            `xorm:"JSON TEXT"`

  44. 	RequiredApprovals         int64              `xorm:"NOT NULL DEFAULT 0"`

  45. 	CreatedUnix               timeutil.TimeStamp `xorm:"created"`

  46. 	UpdatedUnix               timeutil.TimeStamp `xorm:"updated"`

  47. }

  48. 

  49. // IsProtected returns if the branch is protected

  50. func (protectBranch *ProtectedBranch) IsProtected() bool {

  51. 	return protectBranch.ID > 0

  52. }

  53. 

  54. // CanUserPush returns if some user could push to this protected branch

  55. func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {

  56. 	if !protectBranch.EnableWhitelist {

  57. 		return false

  58. 	}

  59. 

  60. 	if base.Int64sContains(protectBranch.WhitelistUserIDs, userID) {

  61. 		return true

  62. 	}

  63. 

  64. 	if len(protectBranch.WhitelistTeamIDs) == 0 {

  65. 		return false

  66. 	}

  67. 

  68. 	in, err := IsUserInTeams(userID, protectBranch.WhitelistTeamIDs)

  69. 	if err != nil {

  70. 		log.Error("IsUserInTeams: %v", err)

  71. 		return false

  72. 	}

  73. 	return in

  74. }

  75. 

  76. // CanUserMerge returns if some user could merge a pull request to this protected branch

  77. func (protectBranch *ProtectedBranch) CanUserMerge(userID int64) bool {

  78. 	if !protectBranch.EnableMergeWhitelist {

  79. 		return true

  80. 	}

  81. 

  82. 	if base.Int64sContains(protectBranch.MergeWhitelistUserIDs, userID) {

  83. 		return true

  84. 	}

  85. 

  86. 	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {

  87. 		return false

  88. 	}

  89. 

  90. 	in, err := IsUserInTeams(userID, protectBranch.MergeWhitelistTeamIDs)

  91. 	if err != nil {

  92. 		log.Error("IsUserInTeams: %v", err)

  93. 		return false

  94. 	}

  95. 	return in

  96. }

  97. 

  98. // HasEnoughApprovals returns true if pr has enough granted approvals.

  99. func (protectBranch *ProtectedBranch) HasEnoughApprovals(pr *PullRequest) bool {

  100. 	if protectBranch.RequiredApprovals == 0 {

  101. 		return true

  102. 	}

  103. 	return protectBranch.GetGrantedApprovalsCount(pr) >= protectBranch.RequiredApprovals

  104. }

  105. 

  106. // GetGrantedApprovalsCount returns the number of granted approvals for pr. A granted approval must be authored by a user in an approval whitelist.

  107. func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest) int64 {

  108. 	reviews, err := GetReviewersByPullID(pr.IssueID)

  109. 	if err != nil {

  110. 		log.Error("GetReviewersByPullID: %v", err)

  111. 		return 0

  112. 	}

  113. 

  114. 	approvals := int64(0)

  115. 	userIDs := make([]int64, 0)

  116. 	for _, review := range reviews {

  117. 		if review.Type != ReviewTypeApprove {

  118. 			continue

  119. 		}

  120. 		if base.Int64sContains(protectBranch.ApprovalsWhitelistUserIDs, review.ID) {

  121. 			approvals++

  122. 			continue

  123. 		}

  124. 		userIDs = append(userIDs, review.ID)

  125. 	}

  126. 	approvalTeamCount, err := UsersInTeamsCount(userIDs, protectBranch.ApprovalsWhitelistTeamIDs)

  127. 	if err != nil {

  128. 		log.Error("UsersInTeamsCount: %v", err)

  129. 		return 0

  130. 	}

  131. 	return approvalTeamCount + approvals

  132. }

  133. 

  134. // GetProtectedBranchByRepoID getting protected branch by repo ID

  135. func GetProtectedBranchByRepoID(repoID int64) ([]*ProtectedBranch, error) {

  136. 	protectedBranches := make([]*ProtectedBranch, 0)

  137. 	return protectedBranches, x.Where("repo_id = ?", repoID).Desc("updated_unix").Find(&protectedBranches)

  138. }

  139. 

  140. // GetProtectedBranchBy getting protected branch by ID/Name

  141. func GetProtectedBranchBy(repoID int64, branchName string) (*ProtectedBranch, error) {

  142. 	rel := &ProtectedBranch{RepoID: repoID, BranchName: branchName}

  143. 	has, err := x.Get(rel)

  144. 	if err != nil {

  145. 		return nil, err

  146. 	}

  147. 	if !has {

  148. 		return nil, nil

  149. 	}

  150. 	return rel, nil

  151. }

  152. 

  153. // GetProtectedBranchByID getting protected branch by ID

  154. func GetProtectedBranchByID(id int64) (*ProtectedBranch, error) {

  155. 	rel := &ProtectedBranch{ID: id}

  156. 	has, err := x.Get(rel)

  157. 	if err != nil {

  158. 		return nil, err

  159. 	}

  160. 	if !has {

  161. 		return nil, nil

  162. 	}

  163. 	return rel, nil

  164. }

  165. 

  166. // WhitelistOptions represent all sorts of whitelists used for protected branches

  167. type WhitelistOptions struct {

  168. 	UserIDs []int64

  169. 	TeamIDs []int64

  170. 

  171. 	MergeUserIDs []int64

  172. 	MergeTeamIDs []int64

  173. 

  174. 	ApprovalsUserIDs []int64

  175. 	ApprovalsTeamIDs []int64

  176. }

  177. 

  178. // UpdateProtectBranch saves branch protection options of repository.

  179. // If ID is 0, it creates a new record. Otherwise, updates existing record.

  180. // This function also performs check if whitelist user and team's IDs have been changed

  181. // to avoid unnecessary whitelist delete and regenerate.

  182. func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {

  183. 	if err = repo.GetOwner(); err != nil {

  184. 		return fmt.Errorf("GetOwner: %v", err)

  185. 	}

  186. 

  187. 	whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)

  188. 	if err != nil {

  189. 		return err

  190. 	}

  191. 	protectBranch.WhitelistUserIDs = whitelist

  192. 

  193. 	whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)

  194. 	if err != nil {

  195. 		return err

  196. 	}

  197. 	protectBranch.MergeWhitelistUserIDs = whitelist

  198. 

  199. 	whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)

  200. 	if err != nil {

  201. 		return err

  202. 	}

  203. 	protectBranch.ApprovalsWhitelistUserIDs = whitelist

  204. 

  205. 	// if the repo is in an organization

  206. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)

  207. 	if err != nil {

  208. 		return err

  209. 	}

  210. 	protectBranch.WhitelistTeamIDs = whitelist

  211. 

  212. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)

  213. 	if err != nil {

  214. 		return err

  215. 	}

  216. 	protectBranch.MergeWhitelistTeamIDs = whitelist

  217. 

  218. 	whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)

  219. 	if err != nil {

  220. 		return err

  221. 	}

  222. 	protectBranch.ApprovalsWhitelistTeamIDs = whitelist

  223. 

  224. 	// Make sure protectBranch.ID is not 0 for whitelists

  225. 	if protectBranch.ID == 0 {

  226. 		if _, err = x.Insert(protectBranch); err != nil {

  227. 			return fmt.Errorf("Insert: %v", err)

  228. 		}

  229. 		return nil

  230. 	}

  231. 

  232. 	if _, err = x.ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {

  233. 		return fmt.Errorf("Update: %v", err)

  234. 	}

  235. 

  236. 	return nil

  237. }

  238. 

  239. // GetProtectedBranches get all protected branches

  240. func (repo *Repository) GetProtectedBranches() ([]*ProtectedBranch, error) {

  241. 	protectedBranches := make([]*ProtectedBranch, 0)

  242. 	return protectedBranches, x.Find(&protectedBranches, &ProtectedBranch{RepoID: repo.ID})

  243. }

  244. 

  245. // IsProtectedBranch checks if branch is protected

  246. func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool, error) {

  247. 	if doer == nil {

  248. 		return true, nil

  249. 	}

  250. 

  251. 	protectedBranch := &ProtectedBranch{

  252. 		RepoID:     repo.ID,

  253. 		BranchName: branchName,

  254. 	}

  255. 

  256. 	has, err := x.Exist(protectedBranch)

  257. 	if err != nil {

  258. 		return true, err

  259. 	}

  260. 	return has, nil

  261. }

  262. 

  263. // IsProtectedBranchForPush checks if branch is protected for push

  264. func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {

  265. 	if doer == nil {

  266. 		return true, nil

  267. 	}

  268. 

  269. 	protectedBranch := &ProtectedBranch{

  270. 		RepoID:     repo.ID,

  271. 		BranchName: branchName,

  272. 	}

  273. 

  274. 	has, err := x.Get(protectedBranch)

  275. 	if err != nil {

  276. 		return true, err

  277. 	} else if has {

  278. 		return !protectedBranch.CanUserPush(doer.ID), nil

  279. 	}

  280. 

  281. 	return false, nil

  282. }

  283. 

  284. // IsProtectedBranchForMerging checks if branch is protected for merging

  285. func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName string, doer *User) (bool, error) {

  286. 	if doer == nil {

  287. 		return true, nil

  288. 	}

  289. 

  290. 	protectedBranch := &ProtectedBranch{

  291. 		RepoID:     repo.ID,

  292. 		BranchName: branchName,

  293. 	}

  294. 

  295. 	has, err := x.Get(protectedBranch)

  296. 	if err != nil {

  297. 		return true, err

  298. 	} else if has {

  299. 		return !protectedBranch.CanUserMerge(doer.ID) || !protectedBranch.HasEnoughApprovals(pr), nil

  300. 	}

  301. 

  302. 	return false, nil

  303. }

  304. 

  305. // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with

  306. // the users from newWhitelist which have explicit read or write access to the repo.

  307. func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  308. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  309. 	if !hasUsersChanged {

  310. 		return currentWhitelist, nil

  311. 	}

  312. 

  313. 	whitelist = make([]int64, 0, len(newWhitelist))

  314. 	for _, userID := range newWhitelist {

  315. 		if reader, err := repo.IsReader(userID); err != nil {

  316. 			return nil, err

  317. 		} else if !reader {

  318. 			continue

  319. 		}

  320. 		whitelist = append(whitelist, userID)

  321. 	}

  322. 

  323. 	return

  324. }

  325. 

  326. // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with

  327. // the users from newWhitelist which have write access to the repo.

  328. func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  329. 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  330. 	if !hasUsersChanged {

  331. 		return currentWhitelist, nil

  332. 	}

  333. 

  334. 	whitelist = make([]int64, 0, len(newWhitelist))

  335. 	for _, userID := range newWhitelist {

  336. 		user, err := GetUserByID(userID)

  337. 		if err != nil {

  338. 			return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  339. 		}

  340. 		perm, err := GetUserRepoPermission(repo, user)

  341. 		if err != nil {

  342. 			return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)

  343. 		}

  344. 

  345. 		if !perm.CanWrite(UnitTypeCode) {

  346. 			continue // Drop invalid user ID

  347. 		}

  348. 

  349. 		whitelist = append(whitelist, userID)

  350. 	}

  351. 

  352. 	return

  353. }

  354. 

  355. // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with

  356. // the teams from newWhitelist which have write access to the repo.

  357. func updateTeamWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

  358. 	hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)

  359. 	if !hasTeamsChanged {

  360. 		return currentWhitelist, nil

  361. 	}

  362. 

  363. 	teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)

  364. 	if err != nil {

  365. 		return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)

  366. 	}

  367. 

  368. 	whitelist = make([]int64, 0, len(teams))

  369. 	for i := range teams {

  370. 		if com.IsSliceContainsInt64(newWhitelist, teams[i].ID) {

  371. 			whitelist = append(whitelist, teams[i].ID)

  372. 		}

  373. 	}

  374. 

  375. 	return

  376. }

  377. 

  378. // DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.

  379. func (repo *Repository) DeleteProtectedBranch(id int64) (err error) {

  380. 	protectedBranch := &ProtectedBranch{

  381. 		RepoID: repo.ID,

  382. 		ID:     id,

  383. 	}

  384. 

  385. 	sess := x.NewSession()

  386. 	defer sess.Close()

  387. 	if err = sess.Begin(); err != nil {

  388. 		return err

  389. 	}

  390. 

  391. 	if affected, err := sess.Delete(protectedBranch); err != nil {

  392. 		return err

  393. 	} else if affected != 1 {

  394. 		return fmt.Errorf("delete protected branch ID(%v) failed", id)

  395. 	}

  396. 

  397. 	return sess.Commit()

  398. }

  399. 

  400. // DeletedBranch struct

  401. type DeletedBranch struct {

  402. 	ID          int64              `xorm:"pk autoincr"`

  403. 	RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`

  404. 	Name        string             `xorm:"UNIQUE(s) NOT NULL"`

  405. 	Commit      string             `xorm:"UNIQUE(s) NOT NULL"`

  406. 	DeletedByID int64              `xorm:"INDEX"`

  407. 	DeletedBy   *User              `xorm:"-"`

  408. 	DeletedUnix timeutil.TimeStamp `xorm:"INDEX created"`

  409. }

  410. 

  411. // AddDeletedBranch adds a deleted branch to the database

  412. func (repo *Repository) AddDeletedBranch(branchName, commit string, deletedByID int64) error {

  413. 	deletedBranch := &DeletedBranch{

  414. 		RepoID:      repo.ID,

  415. 		Name:        branchName,

  416. 		Commit:      commit,

  417. 		DeletedByID: deletedByID,

  418. 	}

  419. 

  420. 	sess := x.NewSession()

  421. 	defer sess.Close()

  422. 	if err := sess.Begin(); err != nil {

  423. 		return err

  424. 	}

  425. 

  426. 	if _, err := sess.InsertOne(deletedBranch); err != nil {

  427. 		return err

  428. 	}

  429. 

  430. 	return sess.Commit()

  431. }

  432. 

  433. // GetDeletedBranches returns all the deleted branches

  434. func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {

  435. 	deletedBranches := make([]*DeletedBranch, 0)

  436. 	return deletedBranches, x.Where("repo_id = ?", repo.ID).Desc("deleted_unix").Find(&deletedBranches)

  437. }

  438. 

  439. // GetDeletedBranchByID get a deleted branch by its ID

  440. func (repo *Repository) GetDeletedBranchByID(ID int64) (*DeletedBranch, error) {

  441. 	deletedBranch := &DeletedBranch{ID: ID}

  442. 	has, err := x.Get(deletedBranch)

  443. 	if err != nil {

  444. 		return nil, err

  445. 	}

  446. 	if !has {

  447. 		return nil, nil

  448. 	}

  449. 	return deletedBranch, nil

  450. }

  451. 

  452. // RemoveDeletedBranch removes a deleted branch from the database

  453. func (repo *Repository) RemoveDeletedBranch(id int64) (err error) {

  454. 	deletedBranch := &DeletedBranch{

  455. 		RepoID: repo.ID,

  456. 		ID:     id,

  457. 	}

  458. 

  459. 	sess := x.NewSession()

  460. 	defer sess.Close()

  461. 	if err = sess.Begin(); err != nil {

  462. 		return err

  463. 	}

  464. 

  465. 	if affected, err := sess.Delete(deletedBranch); err != nil {

  466. 		return err

  467. 	} else if affected != 1 {

  468. 		return fmt.Errorf("remove deleted branch ID(%v) failed", id)

  469. 	}

  470. 

  471. 	return sess.Commit()

  472. }

  473. 

  474. // LoadUser loads the user that deleted the branch

  475. // When there's no user found it returns a NewGhostUser

  476. func (deletedBranch *DeletedBranch) LoadUser() {

  477. 	user, err := GetUserByID(deletedBranch.DeletedByID)

  478. 	if err != nil {

  479. 		user = NewGhostUser()

  480. 	}

  481. 	deletedBranch.DeletedBy = user

  482. }

  483. 

  484. // RemoveOldDeletedBranches removes old deleted branches

  485. func RemoveOldDeletedBranches() {

  486. 	log.Trace("Doing: DeletedBranchesCleanup")

  487. 

  488. 	deleteBefore := time.Now().Add(-setting.Cron.DeletedBranchesCleanup.OlderThan)

  489. 	_, err := x.Where("deleted_unix < ?", deleteBefore.Unix()).Delete(new(DeletedBranch))

  490. 	if err != nil {

  491. 		log.Error("DeletedBranchesCleanup: %v", err)

  492. 	}

  493. }
上海开阖软件有限公司 沪ICP备12045867号-1