Fix adding branch as protected to not allow pushing to it (#2556)

* Fix adding branch as protected to not allow pushing to it

* Fix can_push value to false in protected_branch (#2560)

* Fix integration test

Author: lafriks

cmd/hook.go

@@ -127,14 +127,12 @@ func runHookPreReceive(c *cli.Context) error {
 		}
 
 		if protectBranch != nil {
-			if !protectBranch.CanPush {
-				// check and deletion
-				if newCommitID == git.EmptySHA {
-					fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-				} else {
-					fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
-					//fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
-				}
+			// check and deletion
+			if newCommitID == git.EmptySHA {
+				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
+			} else if !protectBranch.CanPush {
+				fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
+				//fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
 			}
 		}
 	}

integrations/editor_test.go

@@ -46,7 +46,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
 	req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches?action=protected_branch", map[string]string{
 		"_csrf":      csrf,
 		"branchName": "master",
-		"canPush":    "true",
+		"canPush":    "false",
 	})
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	// Check if master branch has been locked successfully

models/branches.go

@@ -17,10 +17,10 @@ const (
 
 // ProtectedBranch struct
 type ProtectedBranch struct {
-	ID          int64  `xorm:"pk autoincr"`
-	RepoID      int64  `xorm:"UNIQUE(s)"`
-	BranchName  string `xorm:"UNIQUE(s)"`
-	CanPush     bool
+	ID          int64     `xorm:"pk autoincr"`
+	RepoID      int64     `xorm:"UNIQUE(s)"`
+	BranchName  string    `xorm:"UNIQUE(s)"`
+	CanPush     bool      `xorm:"NOT NULL DEFAULT false"`
 	Created     time.Time `xorm:"-"`
 	CreatedUnix int64
 	Updated     time.Time `xorm:"-"`

models/migrations/migrations.go

@@ -126,6 +126,8 @@ var migrations = []Migration{
 	NewMigration("unescape user full names", unescapeUserFullNames),
 	// v38 -> v39
 	NewMigration("remove commits and settings unit types", removeCommitsUnitType),
+	// v43 -> v44
+	NewMigration("fix protected branch can push value to false", fixProtectedBranchCanPushValue),
 }
 
 // Migrate database to current version

models/migrations/v43.go

@@ -0,0 +1,18 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"code.gitea.io/gitea/models"
+
+	"github.com/go-xorm/xorm"
+)
+
+func fixProtectedBranchCanPushValue(x *xorm.Engine) error {
+	_, err := x.Cols("can_push").Update(&models.ProtectedBranch{
+		CanPush: false,
+	})
+	return err
+}

public/js/index.js

@@ -625,7 +625,7 @@ function initProtectedBranch() {
         var $this = $(this);
         $.post($this.data('url'), {
                 "_csrf": csrf,
-                "canPush": true,
+                "canPush": false,
                 "branchName": $this.val(),
             },
             function (data) {
@@ -642,7 +642,7 @@ function initProtectedBranch() {
         var $this = $(this);
         $.post($this.data('url'), {
                 "_csrf": csrf,
-                "canPush": false,
+                "canPush": true,
                 "branchName": $this.data('val'),
             },
             function (data) {

routers/repo/setting.go

@@ -520,7 +520,7 @@ func ProtectedBranchPost(ctx *context.Context) {
 
 		canPush := ctx.QueryBool("canPush")
 
-		if canPush {
+		if !canPush {
 			if err := ctx.Repo.Repository.AddProtectedBranch(branchName, canPush); err != nil {
 				ctx.Flash.Error(ctx.Tr("repo.settings.add_protected_branch_failed", branchName))
 				ctx.JSON(200, map[string]string{