Reject dangerous changes in Git repositories by default
Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history).
Test Plan:
With flag on and off, performed various safe and dangerous pushes.
>>> orbital ~/repos/POEMS $ git push origin :blarp
remote: +---------------------------------------------------------------+
remote: | * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * |
remote: +---------------------------------------------------------------+
remote: \
remote: \ ^ /^
remote: \ / \ // \
remote: \ |\___/| / \// .\
remote: \ /V V \__ / // | \ \ *----*
remote: / / \/_/ // | \ \ \ |
remote: @___@` \/_ // | \ \ \/\ \
remote: 0/0/| \/_ // | \ \ \ \
remote: 0/0/0/0/| \/// | \ \ | |
remote: 0/0/0/0/0/_|_ / ( // | \ _\ | /
remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. | _ _\.-~ / /
remote: ,-} _ *-.|.-~-. .~ ~
remote: \ \__/ `/\ / ~-. _ .-~ /
remote: \____(Oo) *. } { /
remote: ( (--) .----~-.\ \-` .~
remote: //__\\ \ DENIED! ///.----..< \ _ -~
remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~
remote:
remote:
remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'.
remote: Dangerous change protection is enabled for this repository.
remote: Edit the repository configuration before making dangerous changes.
remote:
To ssh://dweller@localhost/diffusion/POEMS/
! [remote rejected] blarp (pre-receive hook declined)
error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/'
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, chad, richardvanvelzen
Maniphest Tasks: T4189
Differential Revision: https://secure.phabricator.com/D7689
This commit is contained in:
epriestley
@@ -0,0 +1,78 @@
|
||||
<?php
|
||||
|
||||
final class DiffusionRepositoryEditDangerousController
|
||||
extends DiffusionRepositoryEditController {
|
||||
|
||||
public function processRequest() {
|
||||
$request = $this->getRequest();
|
||||
$viewer = $request->getUser();
|
||||
$drequest = $this->diffusionRequest;
|
||||
$repository = $drequest->getRepository();
|
||||
|
||||
$repository = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($viewer)
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->withIDs(array($repository->getID()))
|
||||
->executeOne();
|
||||
|
||||
if (!$repository) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
if (!$repository->canAllowDangerousChanges()) {
|
||||
return new Aphront400Response();
|
||||
}
|
||||
|
||||
$edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');
|
||||
|
||||
if ($request->isFormPost()) {
|
||||
$xaction = id(new PhabricatorRepositoryTransaction())
|
||||
->setTransactionType(PhabricatorRepositoryTransaction::TYPE_DANGEROUS)
|
||||
->setNewValue(!$repository->shouldAllowDangerousChanges());
|
||||
|
||||
$editor = id(new PhabricatorRepositoryEditor())
|
||||
->setContinueOnNoEffect(true)
|
||||
->setContentSourceFromRequest($request)
|
||||
->setActor($viewer)
|
||||
->applyTransactions($repository, array($xaction));
|
||||
|
||||
return id(new AphrontReloadResponse())->setURI($edit_uri);
|
||||
}
|
||||
|
||||
$dialog = id(new AphrontDialogView())
|
||||
->setUser($viewer);
|
||||
|
||||
$force = phutil_tag('tt', array(), '--force');
|
||||
|
||||
if ($repository->shouldAllowDangerousChanges()) {
|
||||
$dialog
|
||||
->setTitle(pht('Prevent Dangerous changes?'))
|
||||
->appendChild(
|
||||
pht(
|
||||
'It will no longer be possible to delete branches from this '.
|
||||
'repository, or %s push to this repository.',
|
||||
$force))
|
||||
->addSubmitButton(pht('Prevent Dangerous Changes'))
|
||||
->addCancelButton($edit_uri);
|
||||
} else {
|
||||
$dialog
|
||||
->setTitle(pht('Allow Dangerous Changes?'))
|
||||
->appendChild(
|
||||
pht(
|
||||
'If you allow dangerous changes, it will be possible to delete '.
|
||||
'branches and %s push this repository. These operations can '.
|
||||
'alter a repository in a way that is difficult to recover from.',
|
||||
$force))
|
||||
->addSubmitButton(pht('Allow Dangerous Changes'))
|
||||
->addCancelButton($edit_uri);
|
||||
}
|
||||
|
||||
return id(new AphrontDialogResponse())
|
||||
->setDialog($dialog);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -577,6 +577,25 @@ final class DiffusionRepositoryEditMainController
|
||||
$this->getRepositoryControllerURI($repository, 'edit/hosting/'));
|
||||
$view->addAction($edit);
|
||||
|
||||
if ($repository->canAllowDangerousChanges()) {
|
||||
if ($repository->shouldAllowDangerousChanges()) {
|
||||
$changes = id(new PhabricatorActionView())
|
||||
->setIcon('blame')
|
||||
->setName(pht('Prevent Dangerous Changes'))
|
||||
->setHref(
|
||||
$this->getRepositoryControllerURI($repository, 'edit/dangerous/'))
|
||||
->setWorkflow(true);
|
||||
} else {
|
||||
$changes = id(new PhabricatorActionView())
|
||||
->setIcon('warning')
|
||||
->setName(pht('Allow Dangerous Changes'))
|
||||
->setHref(
|
||||
$this->getRepositoryControllerURI($repository, 'edit/dangerous/'))
|
||||
->setWorkflow(true);
|
||||
}
|
||||
$view->addAction($changes);
|
||||
}
|
||||
|
||||
return $view;
|
||||
}
|
||||
|
||||
@@ -611,6 +630,18 @@ final class DiffusionRepositoryEditMainController
|
||||
PhabricatorRepository::getProtocolAvailabilityName(
|
||||
$repository->getServeOverSSH())));
|
||||
|
||||
if ($repository->canAllowDangerousChanges()) {
|
||||
if ($repository->shouldAllowDangerousChanges()) {
|
||||
$description = pht('Allowed');
|
||||
} else {
|
||||
$description = pht('Not Allowed');
|
||||
}
|
||||
|
||||
$view->addProperty(
|
||||
pht('Dangerous Changes'),
|
||||
$description);
|
||||
}
|
||||
|
||||
return $view;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user