From f12d6278ed57ba3a76f411b05cf9fba940feebfd Mon Sep 17 00:00:00 2001
From: Jacob Vosmaer <contact@jacobvosmaer.nl>
Date: Tue, 23 Sep 2014 13:18:36 +0200
Subject: [PATCH] Fix ref parsing in Gitlab::GitAccess

---
 CHANGELOG                |  3 +++
 lib/gitlab/git_access.rb | 28 +++++++++++++++++++++++-----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 3f6cc3a8268..6aad096aee6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+v 7.3.1
+  - Fix ref parsing in Gitlab::GitAccess
+
 v 7.3.0
   - Always set the 'origin' remote in satellite actions
   - Write authorized_keys in tmp/ during tests
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index e75a5a1d62e..6247dd59867 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -49,11 +49,11 @@ module Gitlab
 
       # Iterate over all changes to find if user allowed all of them to be applied
       changes.each do |change|
-        oldrev, newrev, ref = changes.split('')
+        oldrev, newrev, ref = change.split(' ')
 
-        action = if project.protected_branch?(ref)
+        action = if project.protected_branch?(branch_name(ref))
                    # we dont allow force push to protected branch
-                   if forced_push?(oldrev, newrev)
+                   if forced_push?(project, oldrev, newrev)
                      :force_push_code_to_protected_branches
                      # and we dont allow remove of protected branch
                    elsif newrev =~ /0000000/
@@ -61,7 +61,7 @@ module Gitlab
                    else
                      :push_code_to_protected_branches
                    end
-                 elsif project.repository && project.repository.tag_names.include?(ref)
+                 elsif project.repository && project.repository.tag_names.include?(tag_name(ref))
                    # Prevent any changes to existing git tag unless user has permissions
                    :admin_project
                  else
@@ -77,7 +77,7 @@ module Gitlab
       true
     end
 
-    def forced_push?(oldrev, newrev)
+    def forced_push?(project, oldrev, newrev)
       return false if project.empty_repo?
 
       if oldrev !~ /00000000/ && newrev !~ /00000000/
@@ -93,5 +93,23 @@ module Gitlab
     def user_allowed?(user)
       Gitlab::UserAccess.allowed?(user)
     end
+
+    def branch_name(ref)
+      ref = ref.to_s
+      if ref.start_with?('refs/heads')
+        ref.sub(%r{\Arefs/heads/}, '')
+      else
+        nil
+      end
+    end
+
+    def tag_name(ref)
+      ref = ref.to_s
+      if ref.start_with?('refs/tags')
+        ref.sub(%r{\Arefs/tags/}, '')
+      else
+        nil
+      end
+    end
   end
 end
-- 
GitLab