Add support of protected branch (#86)

root · root · commit 62c0c23dac0d · 2014-06-23T18:04:29.000+02:00
diff --git a/app/controllers/repository_protected_branches_controller.rb b/app/controllers/repository_protected_branches_controller.rb
@@ -6,7 +6,7 @@ class RepositoryProtectedBranchesController < RedmineGitHostingController
   before_filter :can_create_protected_branches, :only => [:new, :create]
   before_filter :can_edit_protected_branches,   :only => [:edit, :update, :destroy]
 
-  before_filter :find_repository_protected_branch, :except => [:index, :new, :create]
+  before_filter :find_repository_protected_branch, :except => [:index, :new, :create, :sort]
 
 
   def index
@@ -21,6 +21,8 @@ def index
 
   def new
     @protected_branch = RepositoryProtectedBranche.new()
+    @protected_branch.repository = @repository
+    @protected_branch.user_list  = []
   end
 
 
@@ -81,6 +83,14 @@ def clone
   end
 
 
+  def sort
+    params[:repository_protected_branche].each_with_index do |id, index|
+      RepositoryProtectedBranche.update_all({position: index + 1}, {id: id})
+    end
+    render :nothing => true
+  end
+
+
   private
 
 
diff --git a/app/models/repository_protected_branche.rb b/app/models/repository_protected_branche.rb
@@ -1,36 +1,56 @@
 class RepositoryProtectedBranche < ActiveRecord::Base
   unloadable
 
-  VALID_PERMS  = [ "RW+", "RW", "R", '-' ]
+  VALID_PERMS  = [ "RW+", "RW" ]
   DEFAULT_PERM = "RW+"
 
-  attr_accessible :role_id, :path, :permissions
+  attr_accessible :path, :permissions, :position, :user_list
+
+  acts_as_list
 
   ## Relations
   belongs_to :repository
-  belongs_to :role
 
   ## Validations
   validates :repository_id, :presence => true
-  validates :role_id,       :presence => true
-  validates :path,          :presence => true
+  validates :path,          :presence => true, :uniqueness => { :scope => :permissions }
   validates :permissions,   :presence => true, :inclusion => { :in => VALID_PERMS }
+  validates :user_list,     :presence => true
+
+  ## Serializations
+  serialize :user_list, Array
 
   ## Callbacks
+  before_validation :remove_blank_items
+
   after_commit ->(obj) { obj.update_permissions }, :on => :create
   after_commit ->(obj) { obj.update_permissions }, :on => :update
   after_commit ->(obj) { obj.update_permissions }, :on => :destroy
 
+  ## Scopes
+  default_scope order('position ASC')
+
 
   def self.clone_from(parent)
     parent = find_by_id(parent) unless parent.kind_of? RepositoryProtectedBranche
     copy = self.new
     copy.attributes = parent.attributes
+    copy.repository = parent.repository
 
     copy
   end
 
 
+  def available_users
+    repository.project.member_principals.map(&:user).compact.uniq.map{ |user| user.login }.sort
+  end
+
+
+  def allowed_users
+    self.user_list.map{ |user| User.find_by_login(user).gitolite_identifier }.sort
+  end
+
+
   protected
 
 
@@ -39,4 +59,12 @@ def update_permissions
     RedmineGitolite::GitHosting.resync_gitolite(:update_repository, repository.id)
   end
 
+
+  private
+
+
+  def remove_blank_items
+    self.user_list = user_list.select{ |user| !user.blank? }
+  end
+
 end
diff --git a/app/views/repository_protected_branches/_form.html.erb b/app/views/repository_protected_branches/_form.html.erb
@@ -1,12 +1,55 @@
 <div id="validation_messages_protected_branch"><%= error_messages_for 'protected_branch' %></div>
 
-<% roles = Role.find_all_givable %>
-
 <div class="box">
-  <p><%= f.select     :role_id,     roles.collect{|role| [role.name, role.id]}, :required => true %></p>
   <p><%= f.text_field :path,        :required => true, :size => 65, :label => l(:label_branch_path) %></p>
-  <p><%= f.select     :permissions, options_for_select(RepositoryProtectedBranche::VALID_PERMS, RepositoryProtectedBranche::DEFAULT_PERM),
+  <p><%= f.select     :permissions, options_for_select(RepositoryProtectedBranche::VALID_PERMS, @protected_branch.permissions),
                       :required => true,
                       :label    => :label_permissions %>
   </p>
+
+  <%= hidden_field_tag "repository_protected_branches[user_list][]", "" %>
+
+  <p><label for="repository_protected_branches[user_list]"><%= l(:label_user_list) %> :</label></p>
+  <ul id="user_list">
+    <% if @protected_branch.user_list.any? %>
+      <% @protected_branch.user_list.each do |item| %>
+        <li><%= item %></li>
+      <% end %>
+    <% end %>
+  </ul>
 </div>
+
+<%= javascript_tag do %>
+  var user_list = <%= raw @protected_branch.available_users.to_json %>;
+
+  function loadTagIt(target){
+
+    $('#' + target).gtagit({
+      autocomplete: {source: function(request, resolve) {
+          // fetch new values with request.resolve
+          resolve(user_list);
+        }
+      },
+      afterTagAdded: function(event, ui) {
+        var value = ui.tag.children('input:hidden').val();
+        user_list = user_list.filter(function(v) { return v != value;});
+        $(".ui-dialog-content").dialog("option", "position", ['center', 'center']).animate('slow');
+      },
+      afterTagRemoved: function(event, ui) {
+        var value = ui.tag.children('input:hidden').val();
+        user_list.push(value);
+        $(".ui-dialog-content").dialog("option", "position", ['center', 'center']).animate('slow');
+      },
+      showAutocompleteOnFocus: true,
+      placeholderText: '+ add user',
+      allowDuplicates: false,
+      caseSensitive: false,
+      fieldName: 'repository_protected_branches[' + target + '][]',
+    });
+
+  }
+
+  $(document).ready(function() {
+    loadTagIt('user_list');
+  });
+<% end %>
diff --git a/app/views/repository_protected_branches/index.html.erb b/app/views/repository_protected_branches/index.html.erb
@@ -12,26 +12,31 @@
 
   <% if @repository_protected_branches.any? %>
 
-    <table class="table table-hover">
+    <table id="protected_branches" class="table table-hover" data-update-url="<%= sort_repository_protected_branches_url %>">
       <thead>
         <tr>
-          <th><%= l(:label_role) %></th>
+          <th></th>
           <th><%= l(:label_branch_path) %></th>
           <th><%= l(:label_permissions) %></th>
+          <th><%= l(:label_user_list) %></th>
           <th></th>
         </tr>
       </thead>
 
       <tbody>
         <% @repository_protected_branches.each do |protected_branch| %>
-          <tr>
-            <td><span class="label label-info"><%= protected_branch.role %></span></td>
-            <td><span class="label label-info"><%= protected_branch.path %></span></td>
+          <%= content_tag_for(:tr, protected_branch) do %>
+            <td><span class="handle">[drag]</span></td>
+            <td style="font-family: Consolas;" ><%= protected_branch.path %></td>
             <td>
               <% color = protected_branch.permissions == '-' ? 'important' : 'success' %>
               <span class="label label-<%= color %>"><%= protected_branch.permissions %></span>
             </td>
-
+            <td>
+              <% protected_branch.user_list.each do |user| %>
+                <span class="label label-info"><%= user %></span>
+              <% end %>
+            </td>
             <td class="buttons">
               <% if user_allowed_to(:edit_repository_protected_branches, @project) %>
 
@@ -48,7 +53,7 @@
                                                :class   => 'icon icon-del' %>
               <% end %>
             </td>
-          </tr>
+          <% end %>
         <% end %>
       </tbody>
     </table>
@@ -60,7 +65,22 @@
 </div>
 
 <%= javascript_tag do %>
+  // Return a helper with preserved width of cells
+  var fixHelper = function(e, ui) {
+    ui.children().each(function() {
+      $(this).width($(this).width());
+    });
+    return ui;
+  };
+
   $(document).ready(function() {
     initModalBoxes(modals);
+    $('#protected_branches tbody').sortable({
+      helper: fixHelper,
+      axis: 'y',
+      update: function(event, ui) {
+        $.post($('#protected_branches').data('update-url'), $(this).sortable('serialize'));
+      }
+    });
   });
 <% end %>
diff --git a/config/locales/plugin_interface/en.yml b/config/locales/plugin_interface/en.yml
@@ -113,6 +113,7 @@ en:
   notice_protected_branch_update_failed: Failed to update protected branch
 
   label_branch_path: Branch path
+  label_user_list: Users allowed
 
 
   ########### GIT NOTIFICATIONS ###########
diff --git a/config/locales/plugin_interface/fr.yml b/config/locales/plugin_interface/fr.yml
@@ -113,6 +113,7 @@ fr:
   notice_protected_branch_update_failed: Échec de modification de la branche protégée
 
   label_branch_path: Chemin de la branche
+  label_user_list: Liste des utilisateurs autorisés
 
 
   ########### GIT NOTIFICATIONS ###########
diff --git a/config/routes.rb b/config/routes.rb
@@ -19,7 +19,9 @@
       resources :deployment_credentials, controller: 'repository_deployment_credentials'
       resources :git_notifications,      controller: 'repository_git_notifications'
       resources :git_config_keys,        controller: 'repository_git_config_keys'
-      resources :protected_branches,     controller: 'repository_protected_branches'
+      resources :protected_branches,     controller: 'repository_protected_branches' do
+        collection { post :sort }
+      end
     end
   end
 
diff --git a/db/migrate/20140621004200_create_repository_protected_branches.rb b/db/migrate/20140621004200_create_repository_protected_branches.rb
@@ -2,9 +2,10 @@ class CreateRepositoryProtectedBranches < ActiveRecord::Migration
   def self.up
     create_table :repository_protected_branches do |t|
       t.column :repository_id, :integer, :null => false
-      t.column :role_id,       :integer, :null => false
       t.column :path,          :string,  :null => false
       t.column :permissions,   :string,  :null => false
+      t.column :user_list,     :text,    :null => false
+      t.column :position,      :integer
     end
   end
 
diff --git a/lib/redmine_gitolite/gitolite_wrapper/repositories_helper.rb b/lib/redmine_gitolite/gitolite_wrapper/repositories_helper.rb
@@ -232,12 +232,12 @@ def build_permissions(repository)
         rewind_users   = users.select{|user| user.allowed_to?(:manage_repository, project)}
         write_users    = users.select{|user| user.allowed_to?(:commit_access, project)} - rewind_users
         read_users     = users.select{|user| user.allowed_to?(:view_changesets, project)} - rewind_users - write_users
-        developer_team = rewind_users + write_users
 
         if project.active?
-          rewind = rewind_users.map{|user| user.gitolite_identifier}
-          write  = write_users.map{|user| user.gitolite_identifier}
-          read   = read_users.map{|user| user.gitolite_identifier}
+          rewind = rewind_users.map{|user| user.gitolite_identifier}.sort
+          write  = write_users.map{|user| user.gitolite_identifier}.sort
+          read   = read_users.map{|user| user.gitolite_identifier}.sort
+          developer_team = rewind + write
 
           ## DEPLOY KEY
           repository.deployment_credentials.active.each do |cred|
@@ -260,9 +260,30 @@ def build_permissions(repository)
         end
 
         permissions = {}
-        permissions["RW+"] = {"" => rewind.uniq.sort} unless rewind.empty?
-        permissions["RW"] = {"" => write.uniq.sort} unless write.empty?
-        permissions["R"] = {"" => read.uniq.sort} unless read.empty?
+        permissions["RW+"] = {}
+        permissions["RW"] = {}
+        permissions["R"] = {}
+
+        if repository.extra[:protected_branch]
+          ## http://gitolite.com/gitolite/rules.html
+          ## The refex field is ignored for read check.
+          ## (Git does not support distinguishing one ref from another for access control during read operations).
+
+          repository.protected_branches.each do |branch|
+            case branch.permissions
+              when 'RW+'
+                permissions["RW+"][branch.path] = branch.allowed_users unless branch.allowed_users.empty?
+              when 'RW'
+                permissions["RW"][branch.path] = branch.allowed_users unless branch.allowed_users.empty?
+            end
+          end
+
+          permissions["RW+"]['personal/USER/'] = developer_team.sort unless developer_team.empty?
+        end
+
+        permissions["RW+"][""] = rewind unless rewind.empty?
+        permissions["RW"][""] = write unless write.empty?
+        permissions["R"][""] = read unless read.empty?
 
         permissions
       end
