diff --git a/CHANGELOG b/CHANGELOG
index 3f6cc3a82683ca8f2be55a7f2178fbc99dbd4f60..6aad096aee66868430c8a647b08491f6da8d0fd5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+v 7.3.1
+ - Fix ref parsing in Gitlab::GitAccess
+
v 7.3.0
- Always set the 'origin' remote in satellite actions
- Write authorized_keys in tmp/ during tests
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index e75a5a1d62e90cf8a2fa6a396a81d693e189ea13..6247dd5986730c34c47f0760fbe8a74d53773040 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -49,11 +49,11 @@ module Gitlab
# Iterate over all changes to find if user allowed all of them to be applied
changes.each do |change|
- oldrev, newrev, ref = changes.split('')
+ oldrev, newrev, ref = change.split(' ')
- action = if project.protected_branch?(ref)
+ action = if project.protected_branch?(branch_name(ref))
# we dont allow force push to protected branch
- if forced_push?(oldrev, newrev)
+ if forced_push?(project, oldrev, newrev)
:force_push_code_to_protected_branches
# and we dont allow remove of protected branch
elsif newrev =~ /0000000/
@@ -61,7 +61,7 @@ module Gitlab
else
:push_code_to_protected_branches
end
- elsif project.repository && project.repository.tag_names.include?(ref)
+ elsif project.repository && project.repository.tag_names.include?(tag_name(ref))
# Prevent any changes to existing git tag unless user has permissions
:admin_project
else
@@ -77,7 +77,7 @@ module Gitlab
true
end
- def forced_push?(oldrev, newrev)
+ def forced_push?(project, oldrev, newrev)
return false if project.empty_repo?
if oldrev !~ /00000000/ && newrev !~ /00000000/
@@ -93,5 +93,23 @@ module Gitlab
def user_allowed?(user)
Gitlab::UserAccess.allowed?(user)
end
+
+ def branch_name(ref)
+ ref = ref.to_s
+ if ref.start_with?('refs/heads')
+ ref.sub(%r{\Arefs/heads/}, '')
+ else
+ nil
+ end
+ end
+
+ def tag_name(ref)
+ ref = ref.to_s
+ if ref.start_with?('refs/tags')
+ ref.sub(%r{\Arefs/tags/}, '')
+ else
+ nil
+ end
+ end
end
end