From 003671207db67eee5f3ceb605a061346dfad945d Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Wed, 4 May 2016 12:06:40 +0200
Subject: [PATCH] Fix passing nil to protected_tag?

Previously this method would directly receive the output of tag_name().
This method could either return a String or nil. In the previous setup
this would somehow magically work but because Rugged::TagCollection#[]
doesn't accept nil values it started to fail.

To work around this the elsif in change_access_check() assigns the
result of tag_name() to a local and then _only_ calls protected_tag?()
if the tag name is not nil. The extra parenthesis are put in place to
ensure that things are parsed correctly, without these the code would be
parsed as follows:

    elsif tag_ref = (tag_name(ref) && protected_tag(tag_ref))

During runtime this would basically resolve to:

    elsif tag_ref = (tag_name(ref) && protected_tag(nil))

This is because when you refer to the variable you're assigning _in_ the
assignment Ruby returns nil instead of raising an error.
---
 lib/gitlab/git_access.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index ad2da2b81cf..6cb41239871 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -128,7 +128,7 @@ module Gitlab
       action =
         if project.protected_branch?(branch_name(ref))
           protected_branch_action(oldrev, newrev, branch_name(ref))
-        elsif protected_tag?(tag_name(ref))
+        elsif (tag_ref = tag_name(ref)) && protected_tag?(tag_ref)
           # Prevent any changes to existing git tag unless user has permissions
           :admin_project
         else
-- 
GitLab