1+ /*
2+ * Copyright 2011 gitblit.com.
3+ *
4+ * Licensed under the Apache License, Version 2.0 (the "License");
5+ * you may not use this file except in compliance with the License.
6+ * You may obtain a copy of the License at
7+ *
8+ * http://www.apache.org/licenses/LICENSE-2.0
9+ *
10+ * Unless required by applicable law or agreed to in writing, software
11+ * distributed under the License is distributed on an "AS IS" BASIS,
12+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+ * See the License for the specific language governing permissions and
14+ * limitations under the License.
15+ */
16+ import com.gitblit.GitBlit
17+ import com.gitblit.models.RepositoryModel
18+ import com.gitblit.models.UserModel
19+
20+ import org.eclipse.jgit.transport.ReceiveCommand
21+ import org.eclipse.jgit.transport.ReceiveCommand.Result
22+ import org.eclipse.jgit.transport.ReceiveCommand.Type
23+ import org.slf4j.Logger
24+
25+ /**
26+ * Sample Gitblit Pre-Receive Hook: protect-refs
27+ *
28+ * This script provides basic authorization for receive command types for a list
29+ * of known ref patterns. Command types and unmatched ref patterns will be
30+ * ignored, meaning this script has an "allow by default" policy.
31+ *
32+ * This script works best when a repository requires authentication on push, but
33+ * can be used to enforce fast-forward commits or prohibit ref deletion by
34+ * setting the authorizedTeams variable to an empty list.
35+ *
36+ * The Pre-Receive hook is executed after an incoming push has been parsed,
37+ * validated, and objects have been written but BEFORE the refs are updated.
38+ * This is the appropriate point to block a push for some reason.
39+ *
40+ * This script is only executed when pushing to *Gitblit*, not to other Git
41+ * tooling you may be using.
42+ *
43+ * If this script is specified in *groovy.preReceiveScripts* of gitblit.properties
44+ * or web.xml then it will be executed by any repository when it receives a
45+ * push. If you choose to share your script then you may have to consider
46+ * tailoring control-flow based on repository access restrictions.
47+ *
48+ * Scripts may also be specified per-repository in the repository settings page.
49+ * Shared scripts will be excluded from this list of available scripts.
50+ *
51+ * This script is dynamically reloaded and it is executed within it's own
52+ * exception handler so it will not crash another script nor crash Gitblit.
53+ *
54+ * If you want this hook script to fail and abort all subsequent scripts in the
55+ * chain, "return false" at the appropriate failure points.
56+ *
57+ * Bound Variables:
58+ * gitblit Gitblit Server com.gitblit.GitBlit
59+ * repository Gitblit Repository com.gitblit.models.RepositoryModel
60+ * user Gitblit User com.gitblit.models.UserModel
61+ * commands JGit commands Collection<org.eclipse.jgit.transport.ReceiveCommand>
62+ * url Base url for Gitblit String
63+ * logger Logger instance org.slf4j.Logger
64+ *
65+ */
66+
67+ def protectedCmds = [ Type . UPDATE_NONFASTFORWARD , Type . DELETE ]
68+ def protectedRefs = [ " refs/heads/master" " refs/tags/.+"
69+ def authorizedTeams = [ " admins"
70+ def blocked = false
71+
72+ for (ReceiveCommand command : commands) {
73+ def updateType = command. type
74+ def updatedRef = command. refName
75+
76+ // find first regex which matches updated ref
77+ def protectedRef = protectedRefs. find { updatedRef. matches ~it }
78+
79+ // ...and check if command type requires authz check
80+ if (protectedRef && updateType in protectedCmds) {
81+
82+ // verify user is a member of any authorized team
83+ def team = authorizedTeams. find { user. isTeamMember it }
84+ if (team) {
85+ logger. info " authorized ${ command} ${ team} ${ user.username} "
86+ } else {
87+ command. setResult(Result . REJECTED_OTHER_REASON , " ${ user.username} ${ updateType} ${ repository.name} ${ updatedRef} ${ protectedRef} "
88+ blocked = true
89+ }
90+ }
91+ }
92+
93+ if (blocked) {
94+ // return false to break the push hook chain
95+ return false
96+ }
0 commit comments