Allow to set protected file patterns for files that can not be changed under no conditions

[lafriks]

When pattern is set files that match them can not be changed neither using PR, nor push or web editor.

This could be later in other PR probably improved with exceptions to allow changing in PR

Screenshots:

[zeripath]

I think those two warns are probably left over from testing.

[lafriks]

Yes, for debugging ;)

[zeripath]

I know exactly how you feel - some of my debugging log messages have actually managed to get into Gitea proper by mistake...

[davydov-vyacheslav]

@lafriks I'm appreciate your changes . Actually I also was looking for something like this. But, my 2 cents is whether locking mechanism (like gitlab has https://docs.gitlab.com/ee/user/project/file_lock.html ) is better or not your implementation?

From business logic the manager need to lock specific files, not by mask. And these files are already exists in repository (master branch?)

[lafriks]

@davydov-vyacheslav you can add also specific files using mask. This is a bit different use case as file locking, file locking is more to lock temporary while this is more permanent

[lafriks]

Also Gitea supports LFS file locking

[codecov-io]

Codecov Report

Merging #10806 into master will decrease coverage by 0.04%.
The diff coverage is 9.52%.

@@            Coverage Diff             @@
##           master   #10806      +/-   ##
==========================================
- Coverage   43.56%   43.51%   -0.05%     
==========================================
  Files         589      590       +1     
  Lines       82691    82797     +106     
==========================================
+ Hits        36023    36028       +5     
- Misses      42192    42292     +100     
- Partials     4476     4477       +1     

Impacted Files	Coverage Δ
models/error.go	28.32% <0.00%> (-0.40%)	⬇️
models/migrations/migrations.go	4.16% <ø> (ø)
models/migrations/v132.go	0.00% <0.00%> (ø)
modules/auth/repo_form.go	44.44% <ø> (ø)
modules/repofiles/delete.go	44.51% <0.00%> (-2.43%)	⬇️
modules/repofiles/update.go	38.11% <0.00%> (-0.59%)	⬇️
routers/private/hook.go	32.39% <1.78%> (-4.22%)	⬇️
models/branches.go	41.88% <45.45%> (+0.11%)	⬆️
modules/convert/convert.go	74.92% <100.00%> (+0.07%)	⬆️
routers/api/v1/repo/branch.go	50.09% <100.00%> (+0.36%)	⬆️
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b1c331c...f6a2483. Read the comment docs.

[zeripath]

(As an aside - my persistent warning applies here: we assume that git filenames are utf8 strings - there is no guarantee of this ... the only thing not actually allowed is \0)

[lafriks]

Make lgtm work

[a1012112796]

I think maybe we should allow repo admin to add commit to change protect files. No one can change it is not good idea, do you think so？Thanks.

[lafriks]

That could be possibly added as option if needed

[zeripath]

The only way that would work would be through a flag that the admin could set and unset as and when they needed to do it. There is no way to warn an admin that they were about to splat a protected file and ask them if they really meant to do that during a git push - you simply do not have interactivity like that.

[a1012112796]

Another suggestion about this feature: maybe we should also check whether it changed protected files when making a pr to protected branch, if have. should block it to be merge. similar to checking whether have conflicting files