diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-05-05 00:20:13 +0300 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-05-05 22:12:50 +0300 |
| commit | 9e48f02ea802814e4df1f1de5ed509942dca7581 (patch) | |
| tree | e1bcb152e7951e1bbd94d6a8333fd475dcfaf577 /app/controllers/projects/application_controller.rb | |
| parent | e4bcc90d95fa3b78544cb9ddd6019a5f914c1628 (diff) | |
Dry up routable lookups. Fixes #30317
Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.
Diffstat (limited to 'app/controllers/projects/application_controller.rb')
| -rw-r--r-- | app/controllers/projects/application_controller.rb | 49 |
1 files changed, 23 insertions, 26 deletions
diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index dbdf68776f1..2301e1cca77 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -2,6 +2,7 @@ class Projects::ApplicationController < ApplicationController include RoutableActions skip_before_action :authenticate_user! + before_action :redirect_git_extension before_action :project before_action :repository layout 'project' @@ -10,34 +11,30 @@ class Projects::ApplicationController < ApplicationController private - def project - unless @project - namespace = params[:namespace_id] - id = params[:project_id] || params[:id] - - # Redirect from - # localhost/group/project.git - # to - # localhost/group/project - # - if params[:format] == 'git' - redirect_to request.original_url.gsub(/\.git\/?\Z/, '') - return - end - - project_path = "#{namespace}/#{id}" - @project = Project.find_by_full_path(project_path, follow_redirects: request.get?) - - if can?(current_user, :read_project, @project) && !@project.pending_delete? - ensure_canonical_path(@project, project_path) - else - @project = nil - - route_not_found - end + def redirect_git_extension + # Redirect from + # localhost/group/project.git + # to + # localhost/group/project + # + if params[:format] == 'git' + redirect_to request.original_url.gsub(/\.git\/?\Z/, '') + return end + end + + def project + @project ||= find_routable!(Project, requested_full_path, extra_authorization_method: :project_not_being_deleted?) + end + + def requested_full_path + namespace = params[:namespace_id] + id = params[:project_id] || params[:id] + "#{namespace}/#{id}" + end - @project + def project_not_being_deleted?(project) + !project.pending_delete? end def repository |