git-update: Allow non-fast-forwards for TUs

Although we theoretically never want to lose history, there may be rare
occasions when a forced push is required (e.g. if illegal data is
pushed). Allow Trusted Users and Developers to perform non-fast-forward
pushes.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

1 files changed, 9 insertions, 6 deletions

diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 3f6cfc1..d87fac7 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -179,23 +179,26 @@ if refname != "refs/heads/master":
 
 repo = pygit2.Repository(repo_path)
 
+db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
+                             passwd=aur_db_pass, db=aur_db_name,
+                             unix_socket=aur_db_socket, buffered=True)
+cur = db.cursor()
+
 # Detect and deny non-fast-forwards.
 if sha1_old != "0000000000000000000000000000000000000000":
     walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
     walker.hide(sha1_new)
     if next(walker, None) != None:
-        die("denying non-fast-forward (you should pull first)")
+        cur.execute("SELECT AccountTypeID FROM Users WHERE UserName = %s ",
+                    [user])
+        if cur.fetchone()[0] == 1:
+            die("denying non-fast-forward (you should pull first)")
 
 # Prepare the walker that validates new commits.
 walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
 if sha1_old != "0000000000000000000000000000000000000000":
     walker.hide(sha1_old)
 
-db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
-                             passwd=aur_db_pass, db=aur_db_name,
-                             unix_socket=aur_db_socket, buffered=True)
-cur = db.cursor()
-
 cur.execute("SELECT Name FROM PackageBlacklist")
 blacklist = [row[0] for row in cur.fetchall()]