Dont allow git tag rewrite/removal unless you are master

Signed-off-by: 's avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 7ba18536
......@@ -12,6 +12,7 @@ v 7.0.0
- Make it easier to implement other CI services for GitLab
- Group masters can create projects in group
- Deprecate ruby 1.9.3 support
- Only masters can rewrite/remove git tags
v 6.9.2
- Revert the commit that broke the LDAP user filter
......
......@@ -17,6 +17,6 @@
- if can? current_user, :download_code, @project
= render 'projects/repositories/download_archive', ref: tag.name, btn_class: 'btn-grouped btn-group-small'
- if can?(current_user, :admin_project, @project)
= link_to project_tag_path(@project, tag.name), class: 'btn btn-small remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do
= link_to project_tag_path(@project, tag.name), class: 'btn btn-small btn-remove remove-row grouped', method: :delete, data: { confirm: 'Removed tag cannot be restored. Are you sure?'}, remote: true do
%i.icon-trash
......@@ -27,6 +27,7 @@ If a user is a GitLab administrator they receive all permissions.
|Add new team members| |||✓|✓|
|Push to protected branches| |||✓|✓|
|Enable/Disable branch protection| |||✓|✓|
|Rewrite/remove git tags| |||✓|✓|
|Edit project| |||✓|✓|
|Add Deploy Keys to project| |||✓|✓|
|Configure Project Hooks| |||✓|✓|
......
......@@ -53,6 +53,9 @@ module Gitlab
else
:push_code_to_protected_branches
end
elsif project.repository && project.repository.tag_names.include?(ref)
# Prevent any changes to existing git tag unless user has permissions
:admin_project
else
:push_code
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment