diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 22:22:45 +0300 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 22:27:56 +0300 |
commit | 715a8cfa2f4639bf36b604f6e3eb2814187367c0 (patch) | |
tree | 7135a01f8555035c566d04fc5cf52a533d8c2fc4 /app/services/auth | |
parent | 46cc04ce7a374127dd617c8fd2671efed2819cda (diff) |
Fix authentication service
Diffstat (limited to 'app/services/auth')
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 0323a42b697..a63e7046fcc 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -1,6 +1,10 @@ module Auth class ContainerRegistryAuthenticationService < BaseService + AUDIENCE = 'container_registry' + def execute + return error('not found', 404) unless registry.enabled + if params[:offline_token] return error('forbidden', 403) unless current_user end @@ -52,9 +56,11 @@ module Auth end def can_access?(requested_project, requested_action) + return false unless requested_project.container_registry_enabled? + case requested_action when 'pull' - requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project) + requested_project == project || can?(current_user, :read_container_registry, requested_project) when 'push' requested_project == project || can?(current_user, :create_container_registry, requested_project) else |