Add tag protection (#15629)

* Added tag protection in hook. * Prevent UI tag creation if protected. * Added settings page. * Added tests. * Added suggestions. * Moved tests. * Use individual errors. * Removed unneeded methods. * Switched delete selector. * Changed method names. * No reason to be unique. * Allow editing of protected tags. * Removed unique key from migration. * Added docs page. * Changed date. * Respond with 404 to not found tags. * Replaced glob with regex pattern. * Added support for glob and regex pattern. * Updated documentation. * Changed white* to allow*. * Fixed edit button link. * Added cancel button. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-06-25 16:28:55 +02:00 · 2021-06-25 16:28:55 +02:00 · 44b8b07631
commit 44b8b07631
parent 7a0ed9a046
27 changed files with 1227 additions and 189 deletions
--- a/integrations/mirror_pull_test.go
+++ b/integrations/mirror_pull_test.go
@ -59,7 +59,9 @@ func TestMirrorPull(t *testing.T) {

 	assert.NoError(t, release_service.CreateRelease(gitRepo, &models.Release{
 		RepoID:       repo.ID,
+		Repo:         repo,
 		PublisherID:  user.ID,
+		Publisher:    user,
 		TagName:      "v0.2",
 		Target:       "master",
 		Title:        "v0.2 is released",
--- a/integrations/repo_tag_test.go
+++ b/integrations/repo_tag_test.go
@ -0,0 +1,74 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"io/ioutil"
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/services/release"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateNewTagProtected(t *testing.T) {
+	defer prepareTestEnv(t)()
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	t.Run("API", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		err := release.CreateNewTag(owner, repo, "master", "v-1", "first tag")
+		assert.NoError(t, err)
+
+		err = models.InsertProtectedTag(&models.ProtectedTag{
+			RepoID:      repo.ID,
+			NamePattern: "v-*",
+		})
+		assert.NoError(t, err)
+		err = models.InsertProtectedTag(&models.ProtectedTag{
+			RepoID:           repo.ID,
+			NamePattern:      "v-1.1",
+			AllowlistUserIDs: []int64{repo.OwnerID},
+		})
+		assert.NoError(t, err)
+
+		err = release.CreateNewTag(owner, repo, "master", "v-2", "second tag")
+		assert.Error(t, err)
+		assert.True(t, models.IsErrProtectedTagName(err))
+
+		err = release.CreateNewTag(owner, repo, "master", "v-1.1", "third tag")
+		assert.NoError(t, err)
+	})
+
+	t.Run("Git", func(t *testing.T) {
+		onGiteaRun(t, func(t *testing.T, u *url.URL) {
+			username := "user2"
+			httpContext := NewAPITestContext(t, username, "repo1")
+
+			dstPath, err := ioutil.TempDir("", httpContext.Reponame)
+			assert.NoError(t, err)
+			defer util.RemoveAll(dstPath)
+
+			u.Path = httpContext.GitPath()
+			u.User = url.UserPassword(username, userPassword)
+
+			doGitClone(dstPath, u)(t)
+
+			_, err = git.NewCommand("tag", "v-2").RunInDir(dstPath)
+			assert.NoError(t, err)
+
+			_, err = git.NewCommand("push", "--tags").RunInDir(dstPath)
+			assert.Error(t, err)
+			assert.Contains(t, err.Error(), "Tag v-2 is protected")
+		})
+	})
+}