diff --git a/src/main/resources/update/gitbucket-core_4.44.xml b/src/main/resources/update/gitbucket-core_4.44.xml
new file mode 100644
index 000000000..049740185
--- /dev/null
+++ b/src/main/resources/update/gitbucket-core_4.44.xml
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+
+
+
+
+ UPDATE PROTECTED_BRANCH SET REQUIRED_STATUS_CHECK = TRUE
+ WHERE EXISTS (SELECT * FROM PROTECTED_BRANCH_REQUIRE_CONTEXT
+ WHERE PROTECTED_BRANCH.USER_NAME = PROTECTED_BRANCH_REQUIRE_CONTEXT.USER_NAME
+ AND PROTECTED_BRANCH.REPOSITORY_NAME = PROTECTED_BRANCH_REQUIRE_CONTEXT.REPOSITORY_NAME
+ AND PROTECTED_BRANCH.BRANCH = PROTECTED_BRANCH_REQUIRE_CONTEXT.BRANCH)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/scala/gitbucket/core/GitBucketCoreModule.scala b/src/main/scala/gitbucket/core/GitBucketCoreModule.scala
index be7c9de91..128c1a83d 100644
--- a/src/main/scala/gitbucket/core/GitBucketCoreModule.scala
+++ b/src/main/scala/gitbucket/core/GitBucketCoreModule.scala
@@ -120,7 +120,8 @@ object GitBucketCoreModule
new Version("4.41.0"),
new Version("4.42.0", new LiquibaseMigration("update/gitbucket-core_4.42.xml")),
new Version("4.42.1"),
- new Version("4.43.0")
+ new Version("4.43.0"),
+ new Version("4.44.0", new LiquibaseMigration("update/gitbucket-core_4.44.xml"))
) {
java.util.logging.Logger.getLogger("liquibase").setLevel(Level.SEVERE)
}
diff --git a/src/main/scala/gitbucket/core/api/ApiBranch.scala b/src/main/scala/gitbucket/core/api/ApiBranch.scala
index 629b2ac51..a6754e67c 100644
--- a/src/main/scala/gitbucket/core/api/ApiBranch.scala
+++ b/src/main/scala/gitbucket/core/api/ApiBranch.scala
@@ -6,7 +6,7 @@ import gitbucket.core.util.RepositoryName
* https://developer.github.com/v3/repos/#get-branch
* https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection
*/
-case class ApiBranch(name: String, commit: ApiBranchCommit, protection: ApiBranchProtection)(
+case class ApiBranch(name: String, commit: ApiBranchCommit, protection: ApiBranchProtectionResponse)(
repositoryName: RepositoryName
) extends FieldSerializable {
val _links =
diff --git a/src/main/scala/gitbucket/core/api/ApiBranchProtectionRequest.scala b/src/main/scala/gitbucket/core/api/ApiBranchProtectionRequest.scala
new file mode 100644
index 000000000..9d00f5a58
--- /dev/null
+++ b/src/main/scala/gitbucket/core/api/ApiBranchProtectionRequest.scala
@@ -0,0 +1,21 @@
+package gitbucket.core.api
+
+/** https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection */
+case class ApiBranchProtectionRequest(
+ enabled: Boolean,
+ required_status_checks: Option[ApiBranchProtectionRequest.Status],
+ restrictions: Option[ApiBranchProtectionRequest.Restrictions],
+ enforce_admins: Option[Boolean]
+)
+
+object ApiBranchProtectionRequest {
+
+ /** form for enabling-and-disabling-branch-protection */
+ case class EnablingAndDisabling(protection: ApiBranchProtectionRequest)
+
+ case class Status(
+ contexts: Seq[String]
+ )
+
+ case class Restrictions(users: Seq[String])
+}
diff --git a/src/main/scala/gitbucket/core/api/ApiBranchProtection.scala b/src/main/scala/gitbucket/core/api/ApiBranchProtectionResponse.scala
similarity index 65%
rename from src/main/scala/gitbucket/core/api/ApiBranchProtection.scala
rename to src/main/scala/gitbucket/core/api/ApiBranchProtectionResponse.scala
index 93d36aed4..74443bb5b 100644
--- a/src/main/scala/gitbucket/core/api/ApiBranchProtection.scala
+++ b/src/main/scala/gitbucket/core/api/ApiBranchProtectionResponse.scala
@@ -4,55 +4,68 @@ import gitbucket.core.service.ProtectedBranchService
import org.json4s._
/** https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection */
-case class ApiBranchProtection(
+case class ApiBranchProtectionResponse(
url: Option[ApiPath], // for output
enabled: Boolean,
- required_status_checks: Option[ApiBranchProtection.Status]
+ required_status_checks: Option[ApiBranchProtectionResponse.Status],
+ restrictions: Option[ApiBranchProtectionResponse.Restrictions],
+ enforce_admins: Option[ApiBranchProtectionResponse.EnforceAdmins]
) {
- def status: ApiBranchProtection.Status = required_status_checks.getOrElse(ApiBranchProtection.statusNone)
+ def status: ApiBranchProtectionResponse.Status =
+ required_status_checks.getOrElse(ApiBranchProtectionResponse.statusNone)
}
-object ApiBranchProtection {
+object ApiBranchProtectionResponse {
- /** form for enabling-and-disabling-branch-protection */
- case class EnablingAndDisabling(protection: ApiBranchProtection)
+ case class EnforceAdmins(enabled: Boolean)
- def apply(info: ProtectedBranchService.ProtectedBranchInfo): ApiBranchProtection =
- ApiBranchProtection(
+// /** form for enabling-and-disabling-branch-protection */
+// case class EnablingAndDisabling(protection: ApiBranchProtectionResponse)
+
+ def apply(info: ProtectedBranchService.ProtectedBranchInfo): ApiBranchProtectionResponse =
+ ApiBranchProtectionResponse(
url = Some(
ApiPath(
s"/api/v3/repos/${info.owner}/${info.repository}/branches/${info.branch}/protection"
)
),
enabled = info.enabled,
- required_status_checks = Some(
+ required_status_checks = info.contexts.map { contexts =>
Status(
Some(
ApiPath(
s"/api/v3/repos/${info.owner}/${info.repository}/branches/${info.branch}/protection/required_status_checks"
)
),
- EnforcementLevel(info.enabled && info.contexts.nonEmpty, info.includeAdministrators),
- info.contexts,
+ EnforcementLevel(info.enabled && info.contexts.nonEmpty, info.enforceAdmins),
+ contexts,
Some(
ApiPath(
s"/api/v3/repos/${info.owner}/${info.repository}/branches/${info.branch}/protection/required_status_checks/contexts"
)
)
)
- )
+ },
+ restrictions = info.restrictionsUsers.map { restrictionsUsers =>
+ Restrictions(restrictionsUsers)
+ },
+ enforce_admins = if (info.enabled) Some(EnforceAdmins(info.enforceAdmins)) else None
)
- val statusNone = Status(None, Off, Seq.empty, None)
+
+ val statusNone: Status = Status(None, Off, Seq.empty, None)
+
case class Status(
url: Option[ApiPath], // for output
enforcement_level: EnforcementLevel,
contexts: Seq[String],
contexts_url: Option[ApiPath] // for output
)
+
sealed class EnforcementLevel(val name: String)
case object Off extends EnforcementLevel("off")
case object NonAdmins extends EnforcementLevel("non_admins")
case object Everyone extends EnforcementLevel("everyone")
+
object EnforcementLevel {
def apply(enabled: Boolean, includeAdministrators: Boolean): EnforcementLevel =
if (enabled) {
@@ -66,6 +79,8 @@ object ApiBranchProtection {
}
}
+ case class Restrictions(users: Seq[String])
+
implicit val enforcementLevelSerializer: CustomSerializer[EnforcementLevel] =
new CustomSerializer[EnforcementLevel](format =>
(
diff --git a/src/main/scala/gitbucket/core/api/JsonFormat.scala b/src/main/scala/gitbucket/core/api/JsonFormat.scala
index ee3453420..12437eb0a 100644
--- a/src/main/scala/gitbucket/core/api/JsonFormat.scala
+++ b/src/main/scala/gitbucket/core/api/JsonFormat.scala
@@ -44,7 +44,7 @@ object JsonFormat {
FieldSerializer[ApiCommits.File]() +
FieldSerializer[ApiRelease]() +
FieldSerializer[ApiReleaseAsset]() +
- ApiBranchProtection.enforcementLevelSerializer
+ ApiBranchProtectionResponse.enforcementLevelSerializer
def apiPathSerializer(c: Context) =
new CustomSerializer[ApiPath](_ =>
diff --git a/src/main/scala/gitbucket/core/controller/IndexController.scala b/src/main/scala/gitbucket/core/controller/IndexController.scala
index 1fa3e49fa..9c2758074 100644
--- a/src/main/scala/gitbucket/core/controller/IndexController.scala
+++ b/src/main/scala/gitbucket/core/controller/IndexController.scala
@@ -261,11 +261,22 @@ trait IndexControllerBase extends ControllerBase {
/**
* JSON API for checking user or group existence.
+ *
* Returns a single string which is any of "group", "user" or "".
+ * Additionally, check whether the user is writable to the repository
+ * if "owner" and "repository" are given,
*/
post("/_user/existence")(usersOnly {
getAccountByUserNameIgnoreCase(params("userName")).map { account =>
- if (account.isGroupAccount) "group" else "user"
+ if (!account.isGroupAccount && params.get("repository").isDefined && params.get("owner").isDefined) {
+ getRepository(params("owner"), params("repository"))
+ .collect {
+ case repository if isWritable(repository.repository, Some(account)) => "user"
+ }
+ .getOrElse("")
+ } else {
+ if (account.isGroupAccount) "group" else "user"
+ }
} getOrElse ""
})
diff --git a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
index b598f1687..6a46c5338 100644
--- a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
+++ b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
@@ -203,7 +203,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
if (!repository.branchList.contains(branch)) {
redirect(s"/${repository.owner}/${repository.name}/settings/branches")
} else {
- val protection = ApiBranchProtection(getProtectedBranchInfo(repository.owner, repository.name, branch))
+ val protection = ApiBranchProtectionResponse(getProtectedBranchInfo(repository.owner, repository.name, branch))
val lastWeeks = getRecentStatusContexts(
repository.owner,
repository.name,
diff --git a/src/main/scala/gitbucket/core/controller/api/ApiRepositoryBranchControllerBase.scala b/src/main/scala/gitbucket/core/controller/api/ApiRepositoryBranchControllerBase.scala
index 0d7d4c236..f1f06d41a 100644
--- a/src/main/scala/gitbucket/core/controller/api/ApiRepositoryBranchControllerBase.scala
+++ b/src/main/scala/gitbucket/core/controller/api/ApiRepositoryBranchControllerBase.scala
@@ -5,7 +5,7 @@ import gitbucket.core.service.{AccountService, ProtectedBranchService, Repositor
import gitbucket.core.util.*
import gitbucket.core.util.Directory.*
import gitbucket.core.util.Implicits.*
-import gitbucket.core.util.JGitUtil.getBranchesNoMergeInfo
+import gitbucket.core.util.JGitUtil.{getBranchesNoMergeInfo, processTree}
import org.eclipse.jgit.api.Git
import org.scalatra.NoContent
@@ -43,7 +43,9 @@ trait ApiRepositoryBranchControllerBase extends ControllerBase {
} yield {
val protection = getProtectedBranchInfo(repository.owner, repository.name, branch)
JsonFormat(
- ApiBranch(branch, ApiBranchCommit(br.commitId), ApiBranchProtection(protection))(RepositoryName(repository))
+ ApiBranch(branch, ApiBranchCommit(br.commitId), ApiBranchProtectionResponse(protection))(
+ RepositoryName(repository)
+ )
)
}) getOrElse NotFound()
}
@@ -58,7 +60,7 @@ trait ApiRepositoryBranchControllerBase extends ControllerBase {
if (repository.branchList.contains(branch)) {
val protection = getProtectedBranchInfo(repository.owner, repository.name, branch)
JsonFormat(
- ApiBranchProtection(protection)
+ ApiBranchProtectionResponse(protection)
)
} else { NotFound() }
})
@@ -138,7 +140,7 @@ trait ApiRepositoryBranchControllerBase extends ControllerBase {
if (repository.branchList.contains(branch)) {
val protection = getProtectedBranchInfo(repository.owner, repository.name, branch)
JsonFormat(
- ApiBranchProtection(protection).required_status_checks
+ ApiBranchProtectionResponse(protection).required_status_checks
)
} else { NotFound() }
})
@@ -262,7 +264,7 @@ trait ApiRepositoryBranchControllerBase extends ControllerBase {
Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
(for {
branch <- params.get("splat") if repository.branchList.contains(branch)
- protection <- extractFromJsonBody[ApiBranchProtection.EnablingAndDisabling].map(_.protection)
+ protection <- extractFromJsonBody[ApiBranchProtectionRequest.EnablingAndDisabling].map(_.protection)
br <- getBranchesNoMergeInfo(git).find(_.name == branch)
} yield {
if (protection.enabled) {
@@ -270,13 +272,17 @@ trait ApiRepositoryBranchControllerBase extends ControllerBase {
repository.owner,
repository.name,
branch,
- protection.status.enforcement_level == ApiBranchProtection.Everyone,
- protection.status.contexts
+ protection.enforce_admins.getOrElse(false),
+ protection.required_status_checks.isDefined,
+ protection.required_status_checks.map(_.contexts).getOrElse(Nil),
+ protection.restrictions.isDefined,
+ protection.restrictions.map(_.users).getOrElse(Nil)
)
} else {
disableBranchProtection(repository.owner, repository.name, branch)
}
- JsonFormat(ApiBranch(branch, ApiBranchCommit(br.commitId), protection)(RepositoryName(repository)))
+ val response = ApiBranchProtectionResponse(getProtectedBranchInfo(repository.owner, repository.name, branch))
+ JsonFormat(ApiBranch(branch, ApiBranchCommit(br.commitId), response)(RepositoryName(repository)))
}) getOrElse NotFound()
}
})
diff --git a/src/main/scala/gitbucket/core/model/ProtectedBranch.scala b/src/main/scala/gitbucket/core/model/ProtectedBranch.scala
index 09bc6002b..60ad90198 100644
--- a/src/main/scala/gitbucket/core/model/ProtectedBranch.scala
+++ b/src/main/scala/gitbucket/core/model/ProtectedBranch.scala
@@ -1,16 +1,18 @@
package gitbucket.core.model
trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
- import profile.api._
- import self._
+ import profile.api.*
lazy val ProtectedBranches = TableQuery[ProtectedBranches]
class ProtectedBranches(tag: Tag) extends Table[ProtectedBranch](tag, "PROTECTED_BRANCH") with BranchTemplate {
- val statusCheckAdmin = column[Boolean]("STATUS_CHECK_ADMIN")
- def * = (userName, repositoryName, branch, statusCheckAdmin).mapTo[ProtectedBranch]
- def byPrimaryKey(userName: String, repositoryName: String, branch: String) =
+ val statusCheckAdmin = column[Boolean]("STATUS_CHECK_ADMIN") // enforceAdmins
+ val requiredStatusCheck = column[Boolean]("REQUIRED_STATUS_CHECK")
+ val restrictions = column[Boolean]("RESTRICTIONS")
+ def * =
+ (userName, repositoryName, branch, statusCheckAdmin, requiredStatusCheck, restrictions).mapTo[ProtectedBranch]
+ def byPrimaryKey(userName: String, repositoryName: String, branch: String): Rep[Boolean] =
byBranch(userName, repositoryName, branch)
- def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], branch: Rep[String]) =
+ def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], branch: Rep[String]): Rep[Boolean] =
byBranch(userName, repositoryName, branch)
}
@@ -22,8 +24,27 @@ trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
def * =
(userName, repositoryName, branch, context).mapTo[ProtectedBranchContext]
}
+
+ lazy val ProtectedBranchRestrictions = TableQuery[ProtectedBranchRestrictions]
+ class ProtectedBranchRestrictions(tag: Tag)
+ extends Table[ProtectedBranchRestriction](tag, "PROTECTED_BRANCH_RESTRICTION")
+ with BranchTemplate {
+ val allowedUser = column[String]("ALLOWED_USER")
+ def * = (userName, repositoryName, branch, allowedUser).mapTo[ProtectedBranchRestriction]
+ def byPrimaryKey(userName: String, repositoryName: String, branch: String, allowedUser: String): Rep[Boolean] =
+ this.userName === userName.bind && this.repositoryName === repositoryName.bind && this.branch === branch.bind && this.allowedUser === allowedUser.bind
+ }
}
-case class ProtectedBranch(userName: String, repositoryName: String, branch: String, statusCheckAdmin: Boolean)
+case class ProtectedBranch(
+ userName: String,
+ repositoryName: String,
+ branch: String,
+ enforceAdmins: Boolean,
+ requiredStatusCheck: Boolean,
+ restrictions: Boolean
+)
case class ProtectedBranchContext(userName: String, repositoryName: String, branch: String, context: String)
+
+case class ProtectedBranchRestriction(userName: String, repositoryName: String, branch: String, allowedUser: String)
diff --git a/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala b/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala
index 326ca424e..cb9ee929b 100644
--- a/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala
+++ b/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala
@@ -1,9 +1,10 @@
package gitbucket.core.service
-import gitbucket.core.model.{Session => _, _}
import gitbucket.core.plugin.ReceiveHook
-import gitbucket.core.model.Profile._
-import gitbucket.core.model.Profile.profile.blockingApi._
+import gitbucket.core.model.Profile.*
+import gitbucket.core.model.Profile.profile.blockingApi.*
+import gitbucket.core.model.{CommitState, ProtectedBranch, ProtectedBranchContext, ProtectedBranchRestriction, Role}
+import gitbucket.core.util.SyntaxSugars.*
import org.eclipse.jgit.transport.{ReceiveCommand, ReceivePack}
trait ProtectedBranchService {
@@ -13,17 +14,27 @@ trait ProtectedBranchService {
): Option[ProtectedBranchInfo] =
ProtectedBranches
.joinLeft(ProtectedBranchContexts)
- .on { case (pb, c) => pb.byBranch(c.userName, c.repositoryName, c.branch) }
- .map { case (pb, c) => pb -> c.map(_.context) }
+ .on { case pb ~ c => pb.byBranch(c.userName, c.repositoryName, c.branch) }
+ .joinLeft(ProtectedBranchRestrictions)
+ .on { case pb ~ c ~ r => pb.byBranch(r.userName, r.repositoryName, r.branch) }
+ .map { case pb ~ c ~ r => pb -> (c.map(_.context), r.map(_.allowedUser)) }
.filter(_._1.byPrimaryKey(owner, repository, branch))
.list
.groupBy(_._1)
.headOption
- .map { p =>
- p._1 -> p._2.flatMap(_._2)
+ .map { (p: (ProtectedBranch, List[(ProtectedBranch, (Option[String], Option[String]))])) =>
+ p._1 -> (p._2.flatMap(_._2._1), p._2.flatMap(_._2._2))
}
- .map { case (t1, contexts) =>
- new ProtectedBranchInfo(t1.userName, t1.repositoryName, t1.branch, true, contexts, t1.statusCheckAdmin)
+ .map { case (t1, (contexts, users)) =>
+ new ProtectedBranchInfo(
+ t1.userName,
+ t1.repositoryName,
+ t1.branch,
+ true,
+ if (t1.requiredStatusCheck) Some(contexts) else None,
+ t1.enforceAdmins,
+ if (t1.restrictions) Some(users) else None
+ )
}
def getProtectedBranchInfo(owner: String, repository: String, branch: String)(implicit
@@ -40,19 +51,32 @@ trait ProtectedBranchService {
owner: String,
repository: String,
branch: String,
- includeAdministrators: Boolean,
- contexts: Seq[String]
+ enforceAdmins: Boolean,
+ requiredStatusCheck: Boolean,
+ contexts: Seq[String],
+ restrictions: Boolean,
+ restrictionsUsers: Seq[String]
)(implicit session: Session): Unit = {
disableBranchProtection(owner, repository, branch)
- ProtectedBranches.insert(new ProtectedBranch(owner, repository, branch, includeAdministrators && contexts.nonEmpty))
- contexts.map { context =>
- ProtectedBranchContexts.insert(new ProtectedBranchContext(owner, repository, branch, context))
+ ProtectedBranches.insert(
+ ProtectedBranch(owner, repository, branch, enforceAdmins, requiredStatusCheck, restrictions)
+ )
+
+ if (restrictions) {
+ restrictionsUsers.foreach { user =>
+ ProtectedBranchRestrictions.insert(ProtectedBranchRestriction(owner, repository, branch, user))
+ }
+ }
+
+ if (requiredStatusCheck) {
+ contexts.foreach { context =>
+ ProtectedBranchContexts.insert(ProtectedBranchContext(owner, repository, branch, context))
+ }
}
}
def disableBranchProtection(owner: String, repository: String, branch: String)(implicit session: Session): Unit =
ProtectedBranches.filter(_.byPrimaryKey(owner, repository, branch)).delete
-
}
object ProtectedBranchService {
@@ -101,6 +125,7 @@ object ProtectedBranchService {
)
}
} else {
+ println("-> else")
None
}
}
@@ -117,12 +142,16 @@ object ProtectedBranchService {
* When enabled, commits must first be pushed to another branch,
* then merged or pushed directly to test after status checks have passed.
*/
- contexts: Seq[String],
+ contexts: Option[Seq[String]],
/**
* Include administrators
* Enforce required status checks for repository administrators.
*/
- includeAdministrators: Boolean
+ enforceAdmins: Boolean,
+ /**
+ * Users who can push to the branch.
+ */
+ restrictionsUsers: Option[Seq[String]]
) extends AccountService
with RepositoryService
with CommitStatusService {
@@ -148,42 +177,66 @@ object ProtectedBranchService {
session: Session
): Option[String] = {
if (enabled) {
- command.getType() match {
+ command.getType match {
case ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
Some("Cannot force-push to a protected branch")
+ case ReceiveCommand.Type.UPDATE | ReceiveCommand.Type.UPDATE_NONFASTFORWARD if !isPushAllowed(pusher) =>
+ Some("You do not have permission to push to this branch")
case ReceiveCommand.Type.UPDATE | ReceiveCommand.Type.UPDATE_NONFASTFORWARD if needStatusCheck(pusher) =>
unSuccessedContexts(command.getNewId.name) match {
- case s if s.sizeIs == 1 => Some(s"""Required status check "${s.toSeq(0)}" is expected""")
- case s if s.sizeIs >= 1 => Some(s"${s.size} of ${contexts.size} required status checks are expected")
- case _ => None
+ case s if s.sizeIs == 1 => Some(s"""Required status check "${s.head}" is expected""")
+ case s if s.sizeIs >= 1 =>
+ Some(s"${s.size} of ${contexts.map(_.size).getOrElse(0)} required status checks are expected")
+ case _ => None
}
case ReceiveCommand.Type.DELETE =>
- Some("Cannot delete a protected branch")
+ Some("You do not have permission to push to this branch")
case _ => None
}
} else {
None
}
}
- def unSuccessedContexts(sha1: String)(implicit session: Session): Set[String] =
- if (contexts.isEmpty) {
- Set.empty
- } else {
- contexts.toSet -- getCommitStatuses(owner, repository, sha1)
- .filter(_.state == CommitState.SUCCESS)
- .map(_.context)
- .toSet
+
+ def unSuccessedContexts(sha1: String)(implicit session: Session): Set[String] = {
+ contexts match {
+ case None => Set.empty
+ case Some(x) if x.isEmpty => Set.empty
+ case Some(x) =>
+ x.toSet -- getCommitStatuses(owner, repository, sha1)
+ .filter(_.state == CommitState.SUCCESS)
+ .map(_.context)
+ .toSet
}
+ }
+
def needStatusCheck(pusher: String)(implicit session: Session): Boolean = pusher match {
- case _ if !enabled => false
- case _ if contexts.isEmpty => false
- case _ if includeAdministrators => true
- case p if isAdministrator(p) => false
- case _ => true
+ case _ if !enabled => false
+ case _ if contexts.isEmpty => false
+ case _ if enforceAdmins => true
+ case p if isAdministrator(p) => false
+ case _ => true
+ }
+
+ def isPushAllowed(pusher: String)(implicit session: Session): Boolean = pusher match {
+ case _ if !enabled || restrictionsUsers.isEmpty => true
+ case _ if restrictionsUsers.get.contains(pusher) => true
+ case p if isAdministrator(p) && enforceAdmins => false
+ case _ => false
}
}
+
object ProtectedBranchInfo {
- def disabled(owner: String, repository: String, branch: String): ProtectedBranchInfo =
- ProtectedBranchInfo(owner, repository, branch, false, Nil, false)
+ def disabled(owner: String, repository: String, branch: String): ProtectedBranchInfo = {
+ ProtectedBranchInfo(
+ owner,
+ repository,
+ branch,
+ enabled = false,
+ contexts = None,
+ enforceAdmins = false,
+ restrictionsUsers = None
+ )
+ }
}
}
diff --git a/src/main/scala/gitbucket/core/service/PullRequestService.scala b/src/main/scala/gitbucket/core/service/PullRequestService.scala
index 49e471945..08348cedf 100644
--- a/src/main/scala/gitbucket/core/service/PullRequestService.scala
+++ b/src/main/scala/gitbucket/core/service/PullRequestService.scala
@@ -653,18 +653,18 @@ object PullRequestService {
commitIdTo: String
) {
- val hasConflict = conflictMessage.isDefined
+ val hasConflict: Boolean = conflictMessage.isDefined
val statuses: List[CommitStatus] =
- commitStatuses ++ (branchProtection.contexts.toSet -- commitStatuses.map(_.context).toSet)
+ commitStatuses ++ (branchProtection.contexts.getOrElse(Nil).toSet -- commitStatuses.map(_.context).toSet)
.map(CommitStatus.pending(branchProtection.owner, branchProtection.repository, _))
- val hasRequiredStatusProblem = needStatusCheck && branchProtection.contexts.exists(context =>
- statuses.find(_.context == context).map(_.state) != Some(CommitState.SUCCESS)
- )
- val hasProblem = hasRequiredStatusProblem || hasConflict || (statuses.nonEmpty && CommitState.combine(
+ val hasRequiredStatusProblem: Boolean = needStatusCheck && branchProtection.contexts
+ .getOrElse(Nil)
+ .exists(context => !statuses.find(_.context == context).map(_.state).contains(CommitState.SUCCESS))
+ val hasProblem: Boolean = hasRequiredStatusProblem || hasConflict || (statuses.nonEmpty && CommitState.combine(
statuses.map(_.state).toSet
) != CommitState.SUCCESS)
- val canUpdate = branchIsOutOfDate && !hasConflict
- val canMerge = hasMergePermission && !hasConflict && !hasRequiredStatusProblem
+ val canUpdate: Boolean = branchIsOutOfDate && !hasConflict
+ val canMerge: Boolean = hasMergePermission && !hasConflict && !hasRequiredStatusProblem
lazy val commitStateSummary: (CommitState, String) = {
val stateMap = statuses.groupBy(_.state)
val state = CommitState.combine(stateMap.keySet)
@@ -672,8 +672,8 @@ object PullRequestService {
state -> summary
}
lazy val statusesAndRequired: List[(CommitStatus, Boolean)] = statuses.map { s =>
- s -> branchProtection.contexts.contains(s.context)
+ s -> branchProtection.contexts.getOrElse(Nil).contains(s.context)
}
- lazy val isAllSuccess = commitStateSummary._1 == CommitState.SUCCESS
+ lazy val isAllSuccess: Boolean = commitStateSummary._1 == CommitState.SUCCESS
}
}
diff --git a/src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala b/src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala
index dd38a0023..7fe17150e 100644
--- a/src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala
+++ b/src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala
@@ -1,7 +1,7 @@
package gitbucket.core.service
import gitbucket.core.api.JsonFormat
import gitbucket.core.model.{Account, WebHook}
-import gitbucket.core.model.Profile.profile.blockingApi._
+import gitbucket.core.model.Profile.profile.blockingApi.*
import gitbucket.core.model.activity.{CloseIssueInfo, PushInfo}
import gitbucket.core.plugin.PluginRegistry
import gitbucket.core.service.SystemSettingsService.SystemSettings
@@ -11,14 +11,14 @@ import gitbucket.core.util.JGitUtil.CommitInfo
import gitbucket.core.util.{JGitUtil, LockUtil}
import org.eclipse.jgit.api.Git
import org.eclipse.jgit.dircache.{DirCache, DirCacheBuilder}
-import org.eclipse.jgit.lib._
+import org.eclipse.jgit.lib.*
import org.eclipse.jgit.transport.{ReceiveCommand, ReceivePack}
import scala.util.Using
trait RepositoryCommitFileService {
self: AccountService & ActivityService & IssuesService & PullRequestService & WebHookPullRequestService &
- RepositoryService =>
+ RepositoryService & ProtectedBranchService =>
/**
* Create multiple files by callback function.
@@ -92,10 +92,10 @@ trait RepositoryCommitFileService {
)(implicit s: Session, c: JsonFormat.Context): Either[String, (ObjectId, Option[ObjectId])] = {
val newPath = newFileName.map { newFileName =>
- if (path.length == 0) newFileName else s"${path}/${newFileName}"
+ if (path.isEmpty) newFileName else s"${path}/${newFileName}"
}
val oldPath = oldFileName.map { oldFileName =>
- if (path.length == 0) oldFileName else s"${path}/${oldFileName}"
+ if (path.isEmpty) oldFileName else s"${path}/${oldFileName}"
}
_createFiles(repository, branch, message, pusherAccount, committerName, committerMailAddress, settings) {
@@ -139,7 +139,6 @@ trait RepositoryCommitFileService {
)(
f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => R
)(implicit s: Session, c: JsonFormat.Context): Either[String, (ObjectId, R)] = {
-
LockUtil.lock(s"${repository.owner}/${repository.name}") {
Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
val builder = DirCache.newInCore.builder()
@@ -168,7 +167,14 @@ trait RepositoryCommitFileService {
// call pre-commit hook
val error = PluginRegistry().getReceiveHooks.flatMap { hook =>
- hook.preReceive(repository.owner, repository.name, receivePack, receiveCommand, pusherAccount.userName, false)
+ hook.preReceive(
+ repository.owner,
+ repository.name,
+ receivePack,
+ receiveCommand,
+ pusherAccount.userName,
+ mergePullRequest = false
+ )
}.headOption
error match {
@@ -194,7 +200,8 @@ trait RepositoryCommitFileService {
// record activity
updateLastActivityDate(repository.owner, repository.name)
val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
- val pushInfo = PushInfo(repository.owner, repository.name, pusherAccount.userName, branch, List(commitInfo))
+ val pushInfo =
+ PushInfo(repository.owner, repository.name, pusherAccount.userName, branch, List(commitInfo))
recordActivity(pushInfo)
// create issue comment by commit message
@@ -221,7 +228,14 @@ trait RepositoryCommitFileService {
// call post-commit hook
PluginRegistry().getReceiveHooks.foreach { hook =>
- hook.postReceive(repository.owner, repository.name, receivePack, receiveCommand, committerName, false)
+ hook.postReceive(
+ repository.owner,
+ repository.name,
+ receivePack,
+ receiveCommand,
+ committerName,
+ mergePullRequest = false
+ )
}
val commit = new JGitUtil.CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
diff --git a/src/main/scala/gitbucket/core/service/RepositoryService.scala b/src/main/scala/gitbucket/core/service/RepositoryService.scala
index 5ba21e2b1..e0df0a3bb 100644
--- a/src/main/scala/gitbucket/core/service/RepositoryService.scala
+++ b/src/main/scala/gitbucket/core/service/RepositoryService.scala
@@ -654,11 +654,11 @@ trait RepositoryService {
def hasOwnerRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
loginAccount match {
- case Some(a) if (a.isAdmin) => true
- case Some(a) if (a.userName == owner) => true
- case Some(a) if (getGroupMembers(owner).exists(_.userName == a.userName)) => true
- case Some(a) if (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN)).contains(a.userName)) => true
- case _ => false
+ case Some(a) if a.isAdmin => true
+ case Some(a) if a.userName == owner => true
+ case Some(a) if getGroupMembers(owner).exists(_.userName == a.userName) => true
+ case Some(a) if getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN)).contains(a.userName) => true
+ case _ => false
}
}
@@ -666,11 +666,11 @@ trait RepositoryService {
s: Session
): Boolean = {
loginAccount match {
- case Some(a) if (a.isAdmin) => true
- case Some(a) if (a.userName == owner) => true
- case Some(a) if (getGroupMembers(owner).exists(_.userName == a.userName)) => true
+ case Some(a) if a.isAdmin => true
+ case Some(a) if a.userName == owner => true
+ case Some(a) if getGroupMembers(owner).exists(_.userName == a.userName) => true
case Some(a)
- if (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName)) =>
+ if getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName) =>
true
case _ => false
}
@@ -678,12 +678,12 @@ trait RepositoryService {
def hasGuestRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
loginAccount match {
- case Some(a) if (a.isAdmin) => true
- case Some(a) if (a.userName == owner) => true
- case Some(a) if (getGroupMembers(owner).exists(_.userName == a.userName)) => true
+ case Some(a) if a.isAdmin => true
+ case Some(a) if a.userName == owner => true
+ case Some(a) if getGroupMembers(owner).exists(_.userName == a.userName) => true
case Some(a)
- if (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST))
- .contains(a.userName)) =>
+ if getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST))
+ .contains(a.userName) =>
true
case _ => false
}
@@ -694,17 +694,29 @@ trait RepositoryService {
true
} else {
loginAccount match {
- case Some(x) if (x.isAdmin) => true
- case Some(x) if (repository.userName == x.userName) => true
- case Some(x) if (getGroupMembers(repository.userName).exists(_.userName == x.userName)) => true
- case Some(x)
- if (getCollaboratorUserNames(repository.userName, repository.repositoryName).contains(x.userName)) =>
+ case Some(x) if x.isAdmin => true
+ case Some(x) if repository.userName == x.userName => true
+ case Some(x) if getGroupMembers(repository.userName).exists(_.userName == x.userName) => true
+ case Some(x) if getCollaboratorUserNames(repository.userName, repository.repositoryName).contains(x.userName) =>
true
case _ => false
}
}
}
+ def isWritable(repository: Repository, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+ loginAccount match {
+ case Some(x) if x.isAdmin => true
+ case Some(x) if repository.userName == x.userName => true
+ case Some(x) if getGroupMembers(repository.userName).exists(_.userName == x.userName) => true
+ case Some(x)
+ if getCollaboratorUserNames(repository.userName, repository.repositoryName, Seq(Role.ADMIN, Role.DEVELOPER))
+ .contains(x.userName) =>
+ true
+ case _ => false
+ }
+ }
+
private def getForkedCount(userName: String, repositoryName: String)(implicit s: Session): Int =
Query(Repositories.filter { t =>
(t.originUserName === userName.bind) && (t.originRepositoryName === repositoryName.bind)
diff --git a/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala b/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala
index a971fa46d..06405add4 100644
--- a/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala
+++ b/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala
@@ -9,11 +9,11 @@ import gitbucket.core.api.JsonFormat.Context
import gitbucket.core.model.WebHook
import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
import gitbucket.core.service.IssuesService.IssueSearchCondition
-import gitbucket.core.service.WebHookService._
-import gitbucket.core.service._
-import gitbucket.core.util.Implicits._
-import gitbucket.core.util._
-import gitbucket.core.model.Profile.profile.blockingApi._
+import gitbucket.core.service.WebHookService.*
+import gitbucket.core.service.*
+import gitbucket.core.util.Implicits.*
+import gitbucket.core.util.*
+import gitbucket.core.model.Profile.profile.blockingApi.*
import gitbucket.core.model.activity.{
BaseActivityInfo,
CloseIssueInfo,
@@ -33,9 +33,9 @@ import gitbucket.core.servlet.Database
import org.eclipse.jgit.api.Git
import org.eclipse.jgit.http.server.GitServlet
-import org.eclipse.jgit.lib._
-import org.eclipse.jgit.transport._
-import org.eclipse.jgit.transport.resolver._
+import org.eclipse.jgit.lib.*
+import org.eclipse.jgit.transport.*
+import org.eclipse.jgit.transport.resolver.*
import org.slf4j.LoggerFactory
import javax.servlet.ServletConfig
import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
@@ -43,7 +43,7 @@ import org.eclipse.jgit.diff.DiffEntry.ChangeType
import org.eclipse.jgit.internal.storage.file.FileRepository
import org.json4s.Formats
import org.json4s.convertToJsonInput
-import org.json4s.jackson.Serialization._
+import org.json4s.jackson.Serialization.*
/**
* Provides Git repository via HTTP.
@@ -117,7 +117,7 @@ class GitRepositoryServlet extends GitServlet with SystemSettingsService {
GitLfs.BatchResponseObject(
requestObject.oid,
requestObject.size,
- true,
+ authenticated = true,
GitLfs.Actions(
upload = Some(
GitLfs.Action(
@@ -138,7 +138,7 @@ class GitRepositoryServlet extends GitServlet with SystemSettingsService {
GitLfs.BatchResponseObject(
requestObject.oid,
requestObject.size,
- true,
+ authenticated = true,
GitLfs.Actions(
download = Some(
GitLfs.Action(
@@ -223,7 +223,7 @@ class GitBucketReceivePackFactory extends ReceivePackFactory[HttpServletRequest]
}
}
-import scala.jdk.CollectionConverters._
+import scala.jdk.CollectionConverters.*
class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl: String, sshUrl: Option[String])
extends PostReceiveHook
@@ -242,6 +242,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
with WebHookPullRequestReviewCommentService
with CommitsService
with SystemSettingsService
+ with ProtectedBranchService
with RequestCache {
private val logger = LoggerFactory.getLogger(classOf[CommitLogHook])
@@ -253,7 +254,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
commands.asScala.foreach { command =>
// call pre-commit hook
PluginRegistry().getReceiveHooks
- .flatMap(_.preReceive(owner, repository, receivePack, command, pusher, false))
+ .flatMap(_.preReceive(owner, repository, receivePack, command, pusher, mergePullRequest = false))
.headOption
.foreach { error =>
command.setResult(ReceiveCommand.Result.REJECTED_OTHER_REASON, error)
@@ -428,8 +429,8 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
repositoryInfo,
newCommits,
ownerAccount,
- newId = command.getNewId(),
- oldId = command.getOldId()
+ newId = command.getNewId,
+ oldId = command.getOldId
)
}
}
@@ -453,7 +454,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
// call post-commit hook
PluginRegistry().getReceiveHooks
- .foreach(_.postReceive(owner, repository, receivePack, command, pusher, false))
+ .foreach(_.postReceive(owner, repository, receivePack, command, pusher, mergePullRequest = false))
}
}
// update repository last modified time.
diff --git a/src/main/scala/gitbucket/core/util/Authenticator.scala b/src/main/scala/gitbucket/core/util/Authenticator.scala
index abd4eb5bc..ba838d27f 100644
--- a/src/main/scala/gitbucket/core/util/Authenticator.scala
+++ b/src/main/scala/gitbucket/core/util/Authenticator.scala
@@ -15,9 +15,9 @@ trait OneselfAuthenticator { self: ControllerBase =>
private def authenticate(action: => Any) = {
context.loginAccount match {
- case Some(x) if (x.isAdmin) => action
- case Some(x) if (request.paths(0) == x.userName) => action
- case _ => Unauthorized()
+ case Some(x) if x.isAdmin => action
+ case Some(x) if request.paths(0) == x.userName => action
+ case _ => Unauthorized()
}
}
}
@@ -26,7 +26,7 @@ trait OneselfAuthenticator { self: ControllerBase =>
* Allows only the repository owner and administrators.
*/
trait OwnerAuthenticator { self: ControllerBase & RepositoryService & AccountService =>
- protected def ownerOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+ protected def ownerOnly(action: RepositoryInfo => Any) = { authenticate(action) }
protected def ownerOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
private def authenticate(action: (RepositoryInfo) => Any) = {
@@ -34,14 +34,14 @@ trait OwnerAuthenticator { self: ControllerBase & RepositoryService & AccountSer
val repoName = params("repository")
getRepository(userName, repoName).map { repository =>
context.loginAccount match {
- case Some(x) if (x.isAdmin) => action(repository)
- case Some(x) if (repository.owner == x.userName) => action(repository)
+ case Some(x) if x.isAdmin => action(repository)
+ case Some(x) if repository.owner == x.userName => action(repository)
// TODO Repository management is allowed for only group managers?
- case Some(x) if (getGroupMembers(repository.owner).exists { m =>
+ case Some(x) if getGroupMembers(repository.owner).exists { m =>
m.userName == x.userName && m.isManager
- }) =>
+ } =>
action(repository)
- case Some(x) if (getCollaboratorUserNames(userName, repoName, Seq(Role.ADMIN)).contains(x.userName)) =>
+ case Some(x) if getCollaboratorUserNames(userName, repoName, Seq(Role.ADMIN)).contains(x.userName) =>
action(repository)
case _ => Unauthorized()
}
@@ -83,10 +83,10 @@ trait AdminAuthenticator { self: ControllerBase =>
* Allows only guests and signed in users who can access the repository.
*/
trait ReferrerAuthenticator { self: ControllerBase & RepositoryService & AccountService =>
- protected def referrersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+ protected def referrersOnly(action: RepositoryInfo => Any) = { authenticate(action) }
protected def referrersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
- private def authenticate(action: (RepositoryInfo) => Any) = {
+ private def authenticate(action: RepositoryInfo => Any) = {
val userName = params("owner")
val repoName = params("repository")
getRepository(userName, repoName).map { repository =>
@@ -103,12 +103,12 @@ trait ReferrerAuthenticator { self: ControllerBase & RepositoryService & Account
* Allows only signed in users who have read permission for the repository.
*/
trait ReadableUsersAuthenticator { self: ControllerBase & RepositoryService & AccountService =>
- protected def readableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+ protected def readableUsersOnly(action: RepositoryInfo => Any) = { authenticate(action) }
protected def readableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => {
authenticate(action(form, _))
}
- private def authenticate(action: (RepositoryInfo) => Any) = {
+ private def authenticate(action: RepositoryInfo => Any) = {
val userName = params("owner")
val repoName = params("repository")
getRepository(userName, repoName).map { repository =>
@@ -125,24 +125,19 @@ trait ReadableUsersAuthenticator { self: ControllerBase & RepositoryService & Ac
* Allows only signed in users who have write permission for the repository.
*/
trait WritableUsersAuthenticator { self: ControllerBase & RepositoryService & AccountService =>
- protected def writableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+ protected def writableUsersOnly(action: RepositoryInfo => Any) = { authenticate(action) }
protected def writableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => {
authenticate(action(form, _))
}
- private def authenticate(action: (RepositoryInfo) => Any) = {
+ private def authenticate(action: RepositoryInfo => Any) = {
val userName = params("owner")
val repoName = params("repository")
getRepository(userName, repoName).map { repository =>
- context.loginAccount match {
- case Some(x) if (x.isAdmin) => action(repository)
- case Some(x) if (userName == x.userName) => action(repository)
- case Some(x) if (getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
- case Some(x)
- if (getCollaboratorUserNames(userName, repoName, Seq(Role.ADMIN, Role.DEVELOPER))
- .contains(x.userName)) =>
- action(repository)
- case _ => Unauthorized()
+ if (isWritable(repository.repository, context.loginAccount)) {
+ action(repository)
+ } else {
+ Unauthorized()
}
} getOrElse NotFound()
}
@@ -159,9 +154,9 @@ trait GroupManagerAuthenticator { self: ControllerBase & AccountService =>
context.loginAccount match {
case Some(x) if x.isAdmin => action
case Some(x) if x.userName == request.paths(0) => action
- case Some(x) if (getGroupMembers(request.paths(0)).exists { member =>
+ case Some(x) if getGroupMembers(request.paths(0)).exists { member =>
member.userName == x.userName && member.isManager
- }) =>
+ } =>
action
case _ => Unauthorized()
}
diff --git a/src/main/twirl/gitbucket/core/settings/branchprotection.scala.html b/src/main/twirl/gitbucket/core/settings/branchprotection.scala.html
index 5bd54131d..dc3940817 100644
--- a/src/main/twirl/gitbucket/core/settings/branchprotection.scala.html
+++ b/src/main/twirl/gitbucket/core/settings/branchprotection.scala.html
@@ -1,6 +1,6 @@
@(repository: gitbucket.core.service.RepositoryService.RepositoryInfo,
branch: String,
- protection: gitbucket.core.api.ApiBranchProtection,
+ protection: gitbucket.core.api.ApiBranchProtectionResponse,
knownContexts: Seq[String],
info: Option[Any])(implicit context: gitbucket.core.controller.Context)
@import gitbucket.core.view.helpers
@@ -22,9 +22,44 @@
Disables force-pushes to this branch and prevents it from being deleted.
+
+
+
+
+
+
+
+
+
+
+
Restrict users who can push to this branch
+
+
+ @gitbucket.core.helper.html.account("userName-restrictions-user", 200, true, false)
+
+
+
+
+
+
+
When enabled, commits must first be pushed to another branch, then merged or pushed directly to @branch after status checks have passed.
@@ -48,14 +83,6 @@
}
-
-
Enforce required status checks for repository administrators.
-