Supports wildcard protected branch (#20825)

This PR introduce glob match for protected branch name. The separator is `/` and you can use `*` matching non-separator chars and use `**` across separator. It also supports input an exist or non-exist branch name as matching condition and branch name condition has high priority than glob rule. Should fix #2529 and #15705 screenshots <img width="1160" alt="image" src="https://user-images.githubusercontent.com/81045/205651179-ebb5492a-4ade-4bb4-a13c-965e8c927063.png"> Co-authored-by: zeripath <art27@cantab.net>
2025-06-21 15:16:50 -04:00 · 2023-01-16 16:00:22 +08:00 · 2023-01-16 16:00:22 +08:00 · 2782c14396
commit 2782c14396
parent cc1f8cbe96
39 changed files with 1222 additions and 819 deletions
--- a/tests/integration/editor_test.go
+++ b/tests/integration/editor_test.go
@ -10,6 +10,8 @@ import (
 	"path"
 	"testing"

+	"code.gitea.io/gitea/modules/json"
+
 	"github.com/stretchr/testify/assert"
 )

@ -43,15 +45,16 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {

 		csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
 		// Change master branch to protected
-		req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/master", map[string]string{
-			"_csrf":     csrf,
-			"protected": "on",
+		req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
+			"_csrf":       csrf,
+			"rule_name":   "master",
+			"enable_push": "true",
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 		// Check if master branch has been locked successfully
 		flashCookie := session.GetCookie("macaron_flash")
 		assert.NotNil(t, flashCookie)
-		assert.EqualValues(t, "success%3DBranch%2Bprotection%2Bfor%2Bbranch%2B%2527master%2527%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
+		assert.EqualValues(t, "success%3DBranch%2Bprotection%2Bfor%2Brule%2B%2527master%2527%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)

 		// Request editor page
 		req = NewRequest(t, "GET", "/user2/repo1/_new/master/")
@ -76,16 +79,22 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {

 		// remove the protected branch
 		csrf = GetCSRF(t, session, "/user2/repo1/settings/branches")
+
 		// Change master branch to protected
-		req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/master", map[string]string{
-			"_csrf":     csrf,
-			"protected": "off",
+		req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/1/delete", map[string]string{
+			"_csrf": csrf,
 		})
-		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		res := make(map[string]string)
+		assert.NoError(t, json.NewDecoder(resp.Body).Decode(&res))
+		assert.EqualValues(t, "/user2/repo1/settings/branches", res["redirect"])
+
 		// Check if master branch has been locked successfully
 		flashCookie = session.GetCookie("macaron_flash")
 		assert.NotNil(t, flashCookie)
-		assert.EqualValues(t, "success%3DBranch%2Bprotection%2Bfor%2Bbranch%2B%2527master%2527%2Bhas%2Bbeen%2Bdisabled.", flashCookie.Value)
+		assert.EqualValues(t, "error%3DRemoving%2Bbranch%2Bprotection%2Brule%2B%25271%2527%2Bfailed.", flashCookie.Value)
 	})
 }