Add block on official review requests branch protection (#13705)

Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: Lauris BH <lauris@nix.lv>
4 years ago · 9c26dc1f3a
parent 7ed5bf8cbe
commit 9c26dc1f3a
14 changed files with 228 additions and 141 deletions
--- a/models/branches.go
+++ b/models/branches.go
@ -39,6 +39,7 @@ type ProtectedBranch struct {
 	ApprovalsWhitelistTeamIDs     []int64  `xorm:"JSON TEXT"`
 	RequiredApprovals             int64    `xorm:"NOT NULL DEFAULT 0"`
 	BlockOnRejectedReviews        bool     `xorm:"NOT NULL DEFAULT false"`
+	BlockOnOfficialReviewRequests bool     `xorm:"NOT NULL DEFAULT false"`
 	BlockOnOutdatedBranch         bool     `xorm:"NOT NULL DEFAULT false"`
 	DismissStaleApprovals         bool     `xorm:"NOT NULL DEFAULT false"`
 	RequireSignedCommits          bool     `xorm:"NOT NULL DEFAULT false"`
@ -171,13 +172,12 @@ func (protectBranch *ProtectedBranch) GetGrantedApprovalsCount(pr *PullRequest)
 }

 // MergeBlockedByRejectedReview returns true if merge is blocked by rejected reviews
-// An official ReviewRequest should also block Merge like Reject
 func (protectBranch *ProtectedBranch) MergeBlockedByRejectedReview(pr *PullRequest) bool {
 	if !protectBranch.BlockOnRejectedReviews {
 		return false
 	}
 	rejectExist, err := x.Where("issue_id = ?", pr.IssueID).
-		And("type in ( ?, ?)", ReviewTypeReject, ReviewTypeRequest).
+		And("type = ?", ReviewTypeReject).
 		And("official = ?", true).
 		Exist(new(Review))
 	if err != nil {
@ -188,6 +188,24 @@ func (protectBranch *ProtectedBranch) MergeBlockedByRejectedReview(pr *PullReque
 	return rejectExist
 }

+// MergeBlockedByOfficialReviewRequests block merge because of some review request to official reviewer
+// of from official review
+func (protectBranch *ProtectedBranch) MergeBlockedByOfficialReviewRequests(pr *PullRequest) bool {
+	if !protectBranch.BlockOnOfficialReviewRequests {
+		return false
+	}
+	has, err := x.Where("issue_id = ?", pr.IssueID).
+		And("type = ?", ReviewTypeRequest).
+		And("official = ?", true).
+		Exist(new(Review))
+	if err != nil {
+		log.Error("MergeBlockedByOfficialReviewRequests: %v", err)
+		return true
+	}
+
+	return has
+}
+
 // MergeBlockedByOutdatedBranch returns true if merge is blocked by an outdated head branch
 func (protectBranch *ProtectedBranch) MergeBlockedByOutdatedBranch(pr *PullRequest) bool {
 	return protectBranch.BlockOnOutdatedBranch && pr.CommitsBehind > 0
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -254,6 +254,8 @@ var migrations = []Migration{
 	NewMigration("code comment replies should have the commitID of the review they are replying to", updateCodeCommentReplies),
 	// v159 -> v160
 	NewMigration("update reactions constraint", updateReactionConstraint),
+	// v160 -> v161
+	NewMigration("Add block on official review requests branch protection", addBlockOnOfficialReviewRequests),
 }

 // GetCurrentDBVersion returns the current db version
--- a/models/migrations/v160.go
+++ b/models/migrations/v160.go
@ -0,0 +1,17 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func addBlockOnOfficialReviewRequests(x *xorm.Engine) error {
+	type ProtectedBranch struct {
+		BlockOnOfficialReviewRequests bool `xorm:"NOT NULL DEFAULT false"`
+	}
+
+	return x.Sync2(new(ProtectedBranch))
+}
--- a/modules/auth/repo_form.go
+++ b/modules/auth/repo_form.go
@ -186,13 +186,14 @@ type ProtectBranchForm struct {
 	EnableMergeWhitelist          bool
 	MergeWhitelistUsers           string
 	MergeWhitelistTeams           string
-	EnableStatusCheck        bool `xorm:"NOT NULL DEFAULT false"`
+	EnableStatusCheck             bool
 	StatusCheckContexts           []string
 	RequiredApprovals             int64
 	EnableApprovalsWhitelist      bool
 	ApprovalsWhitelistUsers       string
 	ApprovalsWhitelistTeams       string
 	BlockOnRejectedReviews        bool
+	BlockOnOfficialReviewRequests bool
 	BlockOnOutdatedBranch         bool
 	DismissStaleApprovals         bool
 	RequireSignedCommits          bool
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@ -121,6 +121,7 @@ func ToBranchProtection(bp *models.ProtectedBranch) *api.BranchProtection {
 		ApprovalsWhitelistUsernames:   approvalsWhitelistUsernames,
 		ApprovalsWhitelistTeams:       approvalsWhitelistTeams,
 		BlockOnRejectedReviews:        bp.BlockOnRejectedReviews,
+		BlockOnOfficialReviewRequests: bp.BlockOnOfficialReviewRequests,
 		BlockOnOutdatedBranch:         bp.BlockOnOutdatedBranch,
 		DismissStaleApprovals:         bp.DismissStaleApprovals,
 		RequireSignedCommits:          bp.RequireSignedCommits,
--- a/modules/structs/repo_branch.go
+++ b/modules/structs/repo_branch.go
@ -39,6 +39,7 @@ type BranchProtection struct {
 	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
 	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
 	BlockOnRejectedReviews        bool     `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests bool     `json:"block_on_official_review_requests"`
 	BlockOnOutdatedBranch         bool     `json:"block_on_outdated_branch"`
 	DismissStaleApprovals         bool     `json:"dismiss_stale_approvals"`
 	RequireSignedCommits          bool     `json:"require_signed_commits"`
@ -67,6 +68,7 @@ type CreateBranchProtectionOption struct {
 	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
 	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
 	BlockOnRejectedReviews        bool     `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests bool     `json:"block_on_official_review_requests"`
 	BlockOnOutdatedBranch         bool     `json:"block_on_outdated_branch"`
 	DismissStaleApprovals         bool     `json:"dismiss_stale_approvals"`
 	RequireSignedCommits          bool     `json:"require_signed_commits"`
@ -90,6 +92,7 @@ type EditBranchProtectionOption struct {
 	ApprovalsWhitelistUsernames   []string `json:"approvals_whitelist_username"`
 	ApprovalsWhitelistTeams       []string `json:"approvals_whitelist_teams"`
 	BlockOnRejectedReviews        *bool    `json:"block_on_rejected_reviews"`
+	BlockOnOfficialReviewRequests *bool    `json:"block_on_official_review_requests"`
 	BlockOnOutdatedBranch         *bool    `json:"block_on_outdated_branch"`
 	DismissStaleApprovals         *bool    `json:"dismiss_stale_approvals"`
 	RequireSignedCommits          *bool    `json:"require_signed_commits"`
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -1244,6 +1244,7 @@ pulls.required_status_check_missing = Some required checks are missing.
 pulls.required_status_check_administrator = As an administrator, you may still merge this pull request.
 pulls.blocked_by_approvals = "This Pull Request doesn't have enough approvals yet. %d of %d approvals granted."
 pulls.blocked_by_rejection = "This Pull Request has changes requested by an official reviewer."
+pulls.blocked_by_official_review_requests = "This Pull Request has official review requests."
 pulls.blocked_by_outdated_branch = "This Pull Request is blocked because it's outdated."
 pulls.blocked_by_changed_protected_files_1= "This Pull Request is blocked because it changes a protected file:"
 pulls.blocked_by_changed_protected_files_n= "This Pull Request is blocked because it changes protected files:"
@ -1707,6 +1708,8 @@ settings.protected_branch_deletion = Disable Branch Protection
 settings.protected_branch_deletion_desc = Disabling branch protection allows users with write permission to push to the branch. Continue?
 settings.block_rejected_reviews = Block merge on rejected reviews
 settings.block_rejected_reviews_desc = Merging will not be possible when changes are requested by official reviewers, even if there are enough approvals.
+settings.block_on_official_review_requests = Block merge on official review requests
+settings.block_on_official_review_requests_desc = Merging will not be possible when it has official review requests, even if there are enough approvals.
 settings.block_outdated_branch = Block merge if pull request is outdated
 settings.block_outdated_branch_desc = Merging will not be possible when head branch is behind base branch.
 settings.default_branch_desc = Select a default repository branch for pull requests and code commits:
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@ -520,6 +520,7 @@ func CreateBranchProtection(ctx *context.APIContext, form api.CreateBranchProtec
 		EnableApprovalsWhitelist:      form.EnableApprovalsWhitelist,
 		RequiredApprovals:             requiredApprovals,
 		BlockOnRejectedReviews:        form.BlockOnRejectedReviews,
+		BlockOnOfficialReviewRequests: form.BlockOnOfficialReviewRequests,
 		DismissStaleApprovals:         form.DismissStaleApprovals,
 		RequireSignedCommits:          form.RequireSignedCommits,
 		ProtectedFilePatterns:         form.ProtectedFilePatterns,
@ -652,6 +653,10 @@ func EditBranchProtection(ctx *context.APIContext, form api.EditBranchProtection
 		protectBranch.BlockOnRejectedReviews = *form.BlockOnRejectedReviews
 	}

+	if form.BlockOnOfficialReviewRequests != nil {
+		protectBranch.BlockOnOfficialReviewRequests = *form.BlockOnOfficialReviewRequests
+	}
+
 	if form.DismissStaleApprovals != nil {
 		protectBranch.DismissStaleApprovals = *form.DismissStaleApprovals
 	}
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@ -1455,6 +1455,7 @@ func ViewIssue(ctx *context.Context) {
 			cnt := pull.ProtectedBranch.GetGrantedApprovalsCount(pull)
 			ctx.Data["IsBlockedByApprovals"] = !pull.ProtectedBranch.HasEnoughApprovals(pull)
 			ctx.Data["IsBlockedByRejection"] = pull.ProtectedBranch.MergeBlockedByRejectedReview(pull)
+			ctx.Data["IsBlockedByOfficialReviewRequests"] = pull.ProtectedBranch.MergeBlockedByOfficialReviewRequests(pull)
 			ctx.Data["IsBlockedByOutdatedBranch"] = pull.ProtectedBranch.MergeBlockedByOutdatedBranch(pull)
 			ctx.Data["GrantedApprovals"] = cnt
 			ctx.Data["RequireSigned"] = pull.ProtectedBranch.RequireSignedCommits
--- a/routers/repo/setting_protected_branch.go
+++ b/routers/repo/setting_protected_branch.go
@ -246,6 +246,7 @@ func SettingsProtectedBranchPost(ctx *context.Context, f auth.ProtectBranchForm)
 			}
 		}
 		protectBranch.BlockOnRejectedReviews = f.BlockOnRejectedReviews
+		protectBranch.BlockOnOfficialReviewRequests = f.BlockOnOfficialReviewRequests
 		protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
 		protectBranch.RequireSignedCommits = f.RequireSignedCommits
 		protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@ -591,6 +591,11 @@ func CheckPRReadyToMerge(pr *models.PullRequest, skipProtectedFilesCheck bool) (
 			Reason: "There are requested changes",
 		}
 	}
+	if pr.ProtectedBranch.MergeBlockedByOfficialReviewRequests(pr) {
+		return models.ErrNotAllowedToMerge{
+			Reason: "There are official review requests",
+		}
+	}

 	if pr.ProtectedBranch.MergeBlockedByOutdatedBranch(pr) {
 		return models.ErrNotAllowedToMerge{
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@ -84,6 +84,7 @@
 	{{- else if .IsPullRequestBroken}}red
 	{{- else if .IsBlockedByApprovals}}red
 	{{- else if .IsBlockedByRejection}}red
+	{{- else if .IsBlockedByOfficialReviewRequests}}red
 	{{- else if .IsBlockedByOutdatedBranch}}red
 	{{- else if .IsBlockedByChangedProtectedFiles}}red
 	{{- else if and .EnableStatusCheck (or .RequiredStatusCheckState.IsFailure .RequiredStatusCheckState.IsError)}}red
@ -159,6 +160,11 @@
 						<i class="icon icon-octicon">{{svg "octicon-x"}}</i>
 					{{$.i18n.Tr "repo.pulls.blocked_by_rejection"}}
 					</div>
+				{{else if .IsBlockedByOfficialReviewRequests}}
+					<div class="item">
+						<i class="icon icon-octicon">{{svg "octicon-x"}}</i>
+					{{$.i18n.Tr "repo.pulls.blocked_by_official_review_requests"}}
+					</div>
 				{{else if .IsBlockedByOutdatedBranch}}
 					<div class="item">
 						<i class="icon icon-octicon">{{svg "octicon-x"}}</i>
@ -194,7 +200,7 @@
 						{{$.i18n.Tr (printf "repo.signing.wont_sign.%s" .WontSignReason) }}
 					</div>
 				{{end}}
-				{{$notAllOverridableChecksOk := or .IsBlockedByApprovals .IsBlockedByRejection .IsBlockedByOutdatedBranch .IsBlockedByChangedProtectedFiles (and .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess))}}
+				{{$notAllOverridableChecksOk := or .IsBlockedByApprovals .IsBlockedByRejection .IsBlockedByOfficialReviewRequests .IsBlockedByOutdatedBranch .IsBlockedByChangedProtectedFiles (and .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess))}}
 				{{if and (or $.IsRepoAdmin (not $notAllOverridableChecksOk)) (or (not .AllowMerge) (not .RequireSigned) .WillSign)}}
 					{{if $notAllOverridableChecksOk}}
 						<div class="item">
@ -386,6 +392,11 @@
 						{{svg "octicon-x"}}
 						{{$.i18n.Tr "repo.pulls.blocked_by_rejection"}}
 					</div>
+				{{else if .IsBlockedByOfficialReviewRequests}}
+					<div class="item text red">
+						{{svg "octicon-x"}}
+						{{$.i18n.Tr "repo.pulls.blocked_by_official_review_requests"}}
+					</div>
 				{{else if .IsBlockedByOutdatedBranch}}
 					<div class="item text red">
 						<i class="icon icon-octicon">{{svg "octicon-x"}}</i>
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@ -211,6 +211,13 @@
 							<p class="help">{{.i18n.Tr "repo.settings.block_rejected_reviews_desc"}}</p>
 						</div>
 					</div>
+					<div class="field">
+						<div class="ui checkbox">
+							<input name="block_on_official_review_requests" type="checkbox" {{if .Branch.BlockOnOfficialReviewRequests}}checked{{end}}>
+							<label for="block_on_official_review_requests">{{.i18n.Tr "repo.settings.block_on_official_review_requests"}}</label>
+							<p class="help">{{.i18n.Tr "repo.settings.block_on_official_review_requests_desc"}}</p>
+						</div>
+					</div>
 					<div class="field">
 						<div class="ui checkbox">
 							<input name="dismiss_stale_approvals" type="checkbox" {{if .Branch.DismissStaleApprovals}}checked{{end}}>
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@ -11326,6 +11326,10 @@
          },
          "x-go-name": "ApprovalsWhitelistUsernames"
        },
+        "block_on_official_review_requests": {
+          "type": "boolean",
+          "x-go-name": "BlockOnOfficialReviewRequests"
+        },
        "block_on_outdated_branch": {
          "type": "boolean",
          "x-go-name": "BlockOnOutdatedBranch"
@ -11660,6 +11664,10 @@
          },
          "x-go-name": "ApprovalsWhitelistUsernames"
        },
+        "block_on_official_review_requests": {
+          "type": "boolean",
+          "x-go-name": "BlockOnOfficialReviewRequests"
+        },
        "block_on_outdated_branch": {
          "type": "boolean",
          "x-go-name": "BlockOnOutdatedBranch"
@ -12605,6 +12613,10 @@
          },
          "x-go-name": "ApprovalsWhitelistUsernames"
        },
+        "block_on_official_review_requests": {
+          "type": "boolean",
+          "x-go-name": "BlockOnOfficialReviewRequests"
+        },
        "block_on_outdated_branch": {
          "type": "boolean",
          "x-go-name": "BlockOnOutdatedBranch"