| commit | author | age | ||
| fa54be | 1 | /* |
| JM | 2 | * Copyright 2011 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | import java.text.MessageFormat; | |
| 17 | ||
| 18 | import com.gitblit.GitBlit | |
| 19 | import com.gitblit.models.RepositoryModel | |
| 20 | import com.gitblit.models.UserModel | |
| 21 | import org.eclipse.jgit.transport.ReceiveCommand | |
| 22 | import org.eclipse.jgit.transport.ReceiveCommand.Result | |
| 23 | import org.slf4j.Logger | |
| a612e6 | 24 | import com.gitblit.utils.ClientLogger |
| fa54be | 25 | |
| JM | 26 | /** |
| 27 | * Sample Gitblit Pre-Receive Hook: blockpush | |
| 28 | * | |
| 29 | * This script could and perhaps should be further developed to provide | |
| 30 | * a full repository-branch permissions system similar to gitolite or gitosis. | |
| 31 | * | |
| 32 | * The Pre-Receive hook is executed after an incoming push has been parsed, | |
| 33 | * validated, and objects have been written but BEFORE the refs are updated. | |
| 34 | * This is the appropriate point to block a push for some reason. | |
| 35 | * | |
| 36 | * This script is only executed when pushing to *Gitblit*, not to other Git | |
| 37 | * tooling you may be using. | |
| 38 | * | |
| 39 | * If this script is specified in *groovy.preReceiveScripts* of gitblit.properties | |
| 40 | * or web.xml then it will be executed by any repository when it receives a | |
| 41 | * push. If you choose to share your script then you may have to consider | |
| 42 | * tailoring control-flow based on repository access restrictions. | |
| 43 | * | |
| 44 | * Scripts may also be specified per-repository in the repository settings page. | |
| 45 | * Shared scripts will be excluded from this list of available scripts. | |
| 46 | * | |
| 47 | * This script is dynamically reloaded and it is executed within it's own | |
| 48 | * exception handler so it will not crash another script nor crash Gitblit. | |
| 49 | * | |
| 50 | * If you want this hook script to fail and abort all subsequent scripts in the | |
| 51 | * chain, "return false" at the appropriate failure points. | |
| 52 | * | |
| 53 | * Bound Variables: | |
| 2f5d15 | 54 | * gitblit Gitblit Server com.gitblit.GitBlit |
| JM | 55 | * repository Gitblit Repository com.gitblit.models.RepositoryModel |
| 6bb3b2 | 56 | * receivePack JGit Receive Pack org.eclipse.jgit.transport.ReceivePack |
| 2f5d15 | 57 | * user Gitblit User com.gitblit.models.UserModel |
| JM | 58 | * commands JGit commands Collection<org.eclipse.jgit.transport.ReceiveCommand> |
| 59 | * url Base url for Gitblit String | |
| 60 | * logger Logs messages to Gitblit org.slf4j.Logger | |
| 61 | * clientLogger Logs messages to Git client com.gitblit.utils.ClientLogger | |
| 7c1cdc | 62 | * |
| JM | 63 | * Accessing Gitblit Custom Fields: |
| 64 | * def myCustomField = repository.customFields.myCustomField | |
| fa54be | 65 | * |
| JM | 66 | */ |
| 67 | ||
| 68 | // Indicate we have started the script | |
| 69 | logger.info("blockpush hook triggered by ${user.username} for ${repository.name}: checking ${commands.size} commands") | |
| 70 | ||
| 71 | /* | |
| 72 | * Example rejection of pushes to the master branch of example.git | |
| 73 | */ | |
| 74 | def blocked = false | |
| 75 | switch (repository.name) { | |
| 198fa1 | 76 | case 'ex@mple.git': |
| fa54be | 77 | for (ReceiveCommand command : commands) { |
| JM | 78 | def updatedRef = command.refName |
| 198fa1 | 79 | if (updatedRef.equals('refs/heads/master')) { |
| fa54be | 80 | // to reject a command set it's result to anything other than Result.NOT_ATTEMPTED |
| JM | 81 | command.setResult(Result.REJECTED_OTHER_REASON, "You are not permitted to write to ${repository.name}:${updatedRef}") |
| 82 | blocked = true | |
| 83 | } | |
| 84 | } | |
| 85 | break | |
| 86 | ||
| 87 | default: | |
| 88 | break | |
| 89 | } | |
| 90 | ||
| 91 | if (blocked) { | |
| 92 | // return false to break the push hook chain | |
| 93 | return false | |
| 94 | } | |
