diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-05-16 22:58:46 +0300 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-06-05 15:32:26 +0300 |
| commit | bad08fbea2a32655a6d87f2140840c317cea6c80 (patch) | |
| tree | dc690059a2ce53d055c1eb2738a832c36f1ee89c /app/controllers | |
| parent | b387429458f77a3608e077dfe2d50b0a313f8832 (diff) | |
Move CI access logic into GitAccess
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/concerns/lfs_request.rb | 4 | ||||
| -rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 20 | ||||
| -rw-r--r-- | app/controllers/projects/git_http_controller.rb | 16 |
3 files changed, 15 insertions, 25 deletions
diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb index ae91e02488a..2b6afaa6233 100644 --- a/app/controllers/concerns/lfs_request.rb +++ b/app/controllers/concerns/lfs_request.rb @@ -106,4 +106,8 @@ module LfsRequest def objects @objects ||= (params[:objects] || []).to_a end + + def has_authentication_ability?(capability) + (authentication_abilities || []).include?(capability) + end end diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 44b0853e3e9..7f3205a8001 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -128,28 +128,10 @@ class Projects::GitHttpClientController < Projects::ApplicationController @authentication_result = Gitlab::Auth.find_for_git_client( login, password, project: project, ip: request.ip) - return false unless @authentication_result.success? - - if download_request? - authentication_has_download_access? - else - authentication_has_upload_access? - end + @authentication_result.success? end def ci? authentication_result.ci?(project) end - - def authentication_has_download_access? - has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code) - end - - def authentication_has_upload_access? - has_authentication_ability?(:push_code) - end - - def has_authentication_ability?(capability) - (authentication_abilities || []).include?(capability) - end end diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index e7b498599f2..2c2766cf623 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -67,20 +67,24 @@ class Projects::GitHttpController < Projects::GitHttpClientController end def render_denied - if user && can?(user, :read_project, project) - render plain: access_check.message, status: :forbidden + if access_check.message == Gitlab::GitAccess::ERROR_MESSAGES[:project_not_found] + render plain: access_check.message, status: :not_found else - # Do not leak information about project existence - render_not_found + render plain: access_check.message, status: :forbidden end end def upload_pack_allowed? - access_check.allowed? || ci? + access_check.allowed? end def access - @access ||= access_klass.new(user, project, 'http', authentication_abilities: authentication_abilities) + @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities) + end + + def access_actor + return user if user + return :ci if ci? end def access_check |