Add block on official review requests branch protection (#13705)

Signed-off-by: a1012112796 <[email protected]>

Co-authored-by: Lauris BH <[email protected]>

Author: a1012112796

models/branches.go

@@ -21,28 +21,29 @@ import (
 
 // ProtectedBranch struct
 type ProtectedBranch struct {
-	ID                        int64  `xorm:"pk autoincr"`
-	RepoID                    int64  `xorm:"UNIQUE(s)"`
-	BranchName                string `xorm:"UNIQUE(s)"`
-	CanPush                   bool   `xorm:"NOT NULL DEFAULT false"`
-	EnableWhitelist           bool
-	WhitelistUserIDs          []int64  `xorm:"JSON TEXT"`
-	WhitelistTeamIDs          []int64  `xorm:"JSON TEXT"`
-	EnableMergeWhitelist      bool     `xorm:"NOT NULL DEFAULT false"`
-	WhitelistDeployKeys       bool     `xorm:"NOT NULL DEFAULT false"`
-	MergeWhitelistUserIDs     []int64  `xorm:"JSON TEXT"`
-	MergeWhitelistTeamIDs     []int64  `xorm:"JSON TEXT"`
-	EnableStatusCheck         bool     `xorm:"NOT NULL DEFAULT false"`
-	StatusCheckContexts       []string `xorm:"JSON TEXT"`
-	EnableApprovalsWhitelist  bool     `xorm:"NOT NULL DEFAULT false"`
-	ApprovalsWhitelistUserIDs []int64  `xorm:"JSON TEXT"`
-	ApprovalsWhitelistTeamIDs []int64  `xorm:"JSON TEXT"`
-	RequiredApprovals         int64    `xorm:"NOT NULL DEFAULT 0"`
-	BlockOnRejectedReviews    bool     `xorm:"NOT NULL DEFAULT false"`
-	BlockOnOutdatedBranch     bool     `xorm:"NOT NULL DEFAULT false"`
-	DismissStaleApprovals     bool     `xorm:"NOT NULL DEFAULT false"`
-	RequireSignedCommits      bool     `xorm:"NOT NULL DEFAULT false"`
-	ProtectedFilePatterns     string   `xorm:"TEXT"`
+	ID                            int64  `xorm:"pk autoincr"`
+	RepoID                        int64  `xorm:"UNIQUE(s)"`
+	BranchName                    string `xorm:"UNIQUE(s)"`
+	CanPush                       bool   `xorm:"NOT NULL DEFAULT false"`
+	EnableWhitelist               bool
+	WhitelistUserIDs              []int64  `xorm:"JSON TEXT"`
+	WhitelistTeamIDs              []int64  `xorm:"JSON TEXT"`
+	EnableMergeWhitelist          bool     `xorm:"NOT NULL DEFAULT false"`
+	WhitelistDeployKeys           bool     `xorm:"NOT NULL DEFAULT false"`
+	MergeWhitelistUserIDs         []int64  `xorm:"JSON TEXT"`
+	MergeWhitelistTeamIDs         []int64  `xorm:"JSON TEXT"`
+	EnableStatusCheck             bool     `xorm:"NOT NULL DEFAULT false"`
+	StatusCheckContexts           []string `xorm:"JSON TEXT"`
+	EnableApprovalsWhitelist      bool     `xorm:"NOT NULL DEFAULT false"`
+	ApprovalsWhitelistUserIDs     []int64  `xorm:"JSON TEXT"`
+	ApprovalsWhitelistTeamIDs     []int64  `xorm:"JSON TEXT"`
+	RequiredApprovals             int64    `xorm:"NOT NULL DEFAULT 0"`
+	BlockOnRejectedReviews        bool     `xorm:"NOT NULL DEFAULT false"`
+	BlockOnOfficialReviewRequests bool     `xorm:"NOT NULL DEFAULT false"`
+	BlockOnOutdatedBranch         bool     `xorm:"NOT NULL DEFAULT false"`
+	DismissStaleApprovals         bool     `xorm:"NOT NULL DEFAULT false"`
+	RequireSignedCommits          bool     `xorm:"NOT NULL DEFAULT false"`
+	ProtectedFilePatterns         string   `xorm:"TEXT"`
 
 	CreatedUnix timeutil.TimeStamp `xorm:"created"`
 	UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
@@ -171,13 +172,12 @@ func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest)
 }
 
 // MergeBlockedByRejectedReview returns true if merge is blocked by rejected reviews
-// An official ReviewRequest should also block Merge like Reject
 func (protectBranch *ProtectedBranch) MergeBlockedByRejectedReview(pr *PullRequest) bool {
 	if !protectBranch.BlockOnRejectedReviews {
 		return false
 	}
 	rejectExist, err := x.Where("issue_id = ?", pr.IssueID).
-		And("type in ( ?, ?)", ReviewTypeReject, ReviewTypeRequest).
+		And("type = ?", ReviewTypeReject).
 		And("official = ?", true).
 		Exist(new(Review))
 	if err != nil {
@@ -188,6 +188,24 @@ func (protectBranch *ProtectedBranch) MergeBlockedByRejectedReview(pr *PullReque
 	return rejectExist
 }
 
+// MergeBlockedByOfficialReviewRequests block merge because of some review request to official reviewer
+// of from official review
+func (protectBranch *ProtectedBranch) MergeBlockedByOfficialReviewRequests(pr *PullRequest) bool {
+	if !protectBranch.BlockOnOfficialReviewRequests {
+		return false
+	}
+	has, err := x.Where("issue_id = ?", pr.IssueID).
+		And("type = ?", ReviewTypeRequest).
+		And("official = ?", true).
+		Exist(new(Review))
+	if err != nil {
+		log.Error("MergeBlockedByOfficialReviewRequests: %v", err)
+		return true
+	}
+
+	return has
+}
+
 // MergeBlockedByOutdatedBranch returns true if merge is blocked by an outdated head branch
 func (protectBranch *ProtectedBranch) MergeBlockedByOutdatedBranch(pr *PullRequest) bool {
 	return protectBranch.BlockOnOutdatedBranch && pr.CommitsBehind > 0

models/migrations/migrations.go

@@ -254,6 +254,8 @@ var migrations = []Migration{
 	NewMigration("code comment replies should have the commitID of the review they are replying to", updateCodeCommentReplies),
 	// v159 -> v160
 	NewMigration("update reactions constraint", updateReactionConstraint),
+	// v160 -> v161
+	NewMigration("Add block on official review requests branch protection", addBlockOnOfficialReviewRequests),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v160.go

@@ -0,0 +1,17 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func addBlockOnOfficialReviewRequests(x *xorm.Engine) error {
+	type ProtectedBranch struct {
+		BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
+	}
+
+	return x.Sync2(new(ProtectedBranch))
+}

modules/auth/repo_form.go

@@ -178,25 +178,26 @@ func (f *RepoSettingForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 
 // ProtectBranchForm form for changing protected branch settings
 type ProtectBranchForm struct {
-	Protected                bool
-	EnablePush               string
-	WhitelistUsers           string
-	WhitelistTeams           string
-	WhitelistDeployKeys      bool
-	EnableMergeWhitelist     bool
-	MergeWhitelistUsers      string
-	MergeWhitelistTeams      string
-	EnableStatusCheck        bool `xorm:"NOT NULL DEFAULT false"`
-	StatusCheckContexts      []string
-	RequiredApprovals        int64
-	EnableApprovalsWhitelist bool
-	ApprovalsWhitelistUsers  string
-	ApprovalsWhitelistTeams  string
-	BlockOnRejectedReviews   bool
-	BlockOnOutdatedBranch    bool
-	DismissStaleApprovals    bool
-	RequireSignedCommits     bool
-	ProtectedFilePatterns    string
+	Protected                     bool
+	EnablePush                    string
+	WhitelistUsers                string
+	WhitelistTeams                string
+	WhitelistDeployKeys           bool
+	EnableMergeWhitelist          bool
+	MergeWhitelistUsers           string
+	MergeWhitelistTeams           string
+	EnableStatusCheck             bool
+	StatusCheckContexts           []string
+	RequiredApprovals             int64
+	EnableApprovalsWhitelist      bool
+	ApprovalsWhitelistUsers       string
+	ApprovalsWhitelistTeams       string
+	BlockOnRejectedReviews        bool
+	BlockOnOfficialReviewRequests bool
+	BlockOnOutdatedBranch         bool
+	DismissStaleApprovals         bool
+	RequireSignedCommits          bool
+	ProtectedFilePatterns         string
 }
 
 // Validate validates the fields

modules/convert/convert.go

@@ -105,28 +105,29 @@ func ToBranchProtection(bp *models.ProtectedBranch) *api.BranchProtection {
 	}
 
 	return &api.BranchProtection{
-		BranchName:                  bp.BranchName,
-		EnablePush:                  bp.CanPush,
-		EnablePushWhitelist:         bp.EnableWhitelist,
-		PushWhitelistUsernames:      pushWhitelistUsernames,
-		PushWhitelistTeams:          pushWhitelistTeams,
-		PushWhitelistDeployKeys:     bp.WhitelistDeployKeys,
-		EnableMergeWhitelist:        bp.EnableMergeWhitelist,
-		MergeWhitelistUsernames:     mergeWhitelistUsernames,
-		MergeWhitelistTeams:         mergeWhitelistTeams,
-		EnableStatusCheck:           bp.EnableStatusCheck,
-		StatusCheckContexts:         bp.StatusCheckContexts,
-		RequiredApprovals:           bp.RequiredApprovals,
-		EnableApprovalsWhitelist:    bp.EnableApprovalsWhitelist,
-		ApprovalsWhitelistUsernames: approvalsWhitelistUsernames,
-		ApprovalsWhitelistTeams:     approvalsWhitelistTeams,
-		BlockOnRejectedReviews:      bp.BlockOnRejectedReviews,
-		BlockOnOutdatedBranch:       bp.BlockOnOutdatedBranch,
-		DismissStaleApprovals:       bp.DismissStaleApprovals,
-		RequireSignedCommits:        bp.RequireSignedCommits,
-		ProtectedFilePatterns:       bp.ProtectedFilePatterns,
-		Created:                     bp.CreatedUnix.AsTime(),
-		Updated:                     bp.UpdatedUnix.AsTime(),
+		BranchName:                    bp.BranchName,
+		EnablePush:                    bp.CanPush,
+		EnablePushWhitelist:           bp.EnableWhitelist,
+		PushWhitelistUsernames:        pushWhitelistUsernames,
+		PushWhitelistTeams:            pushWhitelistTeams,
+		PushWhitelistDeployKeys:       bp.WhitelistDeployKeys,
+		EnableMergeWhitelist:          bp.EnableMergeWhitelist,
+		MergeWhitelistUsernames:       mergeWhitelistUsernames,
+		MergeWhitelistTeams:           mergeWhitelistTeams,
+		EnableStatusCheck:             bp.EnableStatusCheck,
+		StatusCheckContexts:           bp.StatusCheckContexts,
+		RequiredApprovals:             bp.RequiredApprovals,
+		EnableApprovalsWhitelist:      bp.EnableApprovalsWhitelist,
+		ApprovalsWhitelistUsernames:   approvalsWhitelistUsernames,
+		ApprovalsWhitelistTeams:       approvalsWhitelistTeams,
+		BlockOnRejectedReviews:        bp.BlockOnRejectedReviews,
+		BlockOnOfficialReviewRequests: bp.BlockOnOfficialReviewRequests,
+		BlockOnOutdatedBranch:         bp.BlockOnOutdatedBranch,
+		DismissStaleApprovals:         bp.DismissStaleApprovals,
+		RequireSignedCommits:          bp.RequireSignedCommits,
+		ProtectedFilePatterns:         bp.ProtectedFilePatterns,
+		Created:                       bp.CreatedUnix.AsTime(),
+		Updated:                       bp.UpdatedUnix.AsTime(),
 	}
 }
 

modules/structs/repo_branch.go

@@ -23,26 +23,27 @@ type Branch struct {
 
 // BranchProtection represents a branch protection for a repository
 type BranchProtection struct {
-	BranchName                  string   `json:"branch_name"`
-	EnablePush                  bool     `json:"enable_push"`
-	EnablePushWhitelist         bool     `json:"enable_push_whitelist"`
-	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
-	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
-	PushWhitelistDeployKeys     bool     `json:"push_whitelist_deploy_keys"`
-	EnableMergeWhitelist        bool     `json:"enable_merge_whitelist"`
-	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
-	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
-	EnableStatusCheck           bool     `json:"enable_status_check"`
-	StatusCheckContexts         []string `json:"status_check_contexts"`
-	RequiredApprovals           int64    `json:"required_approvals"`
-	EnableApprovalsWhitelist    bool     `json:"enable_approvals_whitelist"`
-	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
-	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
-	BlockOnRejectedReviews      bool     `json:"block_on_rejected_reviews"`
-	BlockOnOutdatedBranch       bool     `json:"block_on_outdated_branch"`
-	DismissStaleApprovals       bool     `json:"dismiss_stale_approvals"`
-	RequireSignedCommits        bool     `json:"require_signed_commits"`
-	ProtectedFilePatterns       string   `json:"protected_file_patterns"`
+	BranchName                    string   `json:"branch_name"`
+	EnablePush                    bool     `json:"enable_push"`
+	EnablePushWhitelist           bool     `json:"enable_push_whitelist"`
+	PushWhitelistUsernames        []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams            []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys       bool     `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist          bool     `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames       []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams           []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck             bool     `json:"enable_status_check"`
+	StatusCheckContexts           []string `json:"status_check_contexts"`
+	RequiredApprovals             int64    `json:"required_approvals"`
+	EnableApprovalsWhitelist      bool     `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews        bool     `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests bool     `json:"block_on_official_review_requests"`
+	BlockOnOutdatedBranch         bool     `json:"block_on_outdated_branch"`
+	DismissStaleApprovals         bool     `json:"dismiss_stale_approvals"`
+	RequireSignedCommits          bool     `json:"require_signed_commits"`
+	ProtectedFilePatterns         string   `json:"protected_file_patterns"`
 	// swagger:strfmt date-time
 	Created time.Time `json:"created_at"`
 	// swagger:strfmt date-time
@@ -51,47 +52,49 @@ type BranchProtection struct {
 
 // CreateBranchProtectionOption options for creating a branch protection
 type CreateBranchProtectionOption struct {
-	BranchName                  string   `json:"branch_name"`
-	EnablePush                  bool     `json:"enable_push"`
-	EnablePushWhitelist         bool     `json:"enable_push_whitelist"`
-	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
-	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
-	PushWhitelistDeployKeys     bool     `json:"push_whitelist_deploy_keys"`
-	EnableMergeWhitelist        bool     `json:"enable_merge_whitelist"`
-	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
-	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
-	EnableStatusCheck           bool     `json:"enable_status_check"`
-	StatusCheckContexts         []string `json:"status_check_contexts"`
-	RequiredApprovals           int64    `json:"required_approvals"`
-	EnableApprovalsWhitelist    bool     `json:"enable_approvals_whitelist"`
-	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
-	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
-	BlockOnRejectedReviews      bool     `json:"block_on_rejected_reviews"`
-	BlockOnOutdatedBranch       bool     `json:"block_on_outdated_branch"`
-	DismissStaleApprovals       bool     `json:"dismiss_stale_approvals"`
-	RequireSignedCommits        bool     `json:"require_signed_commits"`
-	ProtectedFilePatterns       string   `json:"protected_file_patterns"`
+	BranchName                    string   `json:"branch_name"`
+	EnablePush                    bool     `json:"enable_push"`
+	EnablePushWhitelist           bool     `json:"enable_push_whitelist"`
+	PushWhitelistUsernames        []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams            []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys       bool     `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist          bool     `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames       []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams           []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck             bool     `json:"enable_status_check"`
+	StatusCheckContexts           []string `json:"status_check_contexts"`
+	RequiredApprovals             int64    `json:"required_approvals"`
+	EnableApprovalsWhitelist      bool     `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews        bool     `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests bool     `json:"block_on_official_review_requests"`
+	BlockOnOutdatedBranch         bool     `json:"block_on_outdated_branch"`
+	DismissStaleApprovals         bool     `json:"dismiss_stale_approvals"`
+	RequireSignedCommits          bool     `json:"require_signed_commits"`
+	ProtectedFilePatterns         string   `json:"protected_file_patterns"`
 }
 
 // EditBranchProtectionOption options for editing a branch protection
 type EditBranchProtectionOption struct {
-	EnablePush                  *bool    `json:"enable_push"`
-	EnablePushWhitelist         *bool    `json:"enable_push_whitelist"`
-	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
-	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
-	PushWhitelistDeployKeys     *bool    `json:"push_whitelist_deploy_keys"`
-	EnableMergeWhitelist        *bool    `json:"enable_merge_whitelist"`
-	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
-	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
-	EnableStatusCheck           *bool    `json:"enable_status_check"`
-	StatusCheckContexts         []string `json:"status_check_contexts"`
-	RequiredApprovals           *int64   `json:"required_approvals"`
-	EnableApprovalsWhitelist    *bool    `json:"enable_approvals_whitelist"`
-	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
-	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
-	BlockOnRejectedReviews      *bool    `json:"block_on_rejected_reviews"`
-	BlockOnOutdatedBranch       *bool    `json:"block_on_outdated_branch"`
-	DismissStaleApprovals       *bool    `json:"dismiss_stale_approvals"`
-	RequireSignedCommits        *bool    `json:"require_signed_commits"`
-	ProtectedFilePatterns       *string  `json:"protected_file_patterns"`
+	EnablePush                    *bool    `json:"enable_push"`
+	EnablePushWhitelist           *bool    `json:"enable_push_whitelist"`
+	PushWhitelistUsernames        []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams            []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys       *bool    `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist          *bool    `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames       []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams           []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck             *bool    `json:"enable_status_check"`
+	StatusCheckContexts           []string `json:"status_check_contexts"`
+	RequiredApprovals             *int64   `json:"required_approvals"`
+	EnableApprovalsWhitelist      *bool    `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews        *bool    `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests *bool    `json:"block_on_official_review_requests"`
+	BlockOnOutdatedBranch         *bool    `json:"block_on_outdated_branch"`
+	DismissStaleApprovals         *bool    `json:"dismiss_stale_approvals"`
+	RequireSignedCommits          *bool    `json:"require_signed_commits"`
+	ProtectedFilePatterns         *string  `json:"protected_file_patterns"`
 }