Removes logic from Jwt and handle different scenarios on Gitlab::Auth

- When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token
author: Mayra Cabrera <mcabrera@gitlab.com> 2018-04-04 00:34:56 +0300
committer: Mayra Cabrera <mcabrera@gitlab.com> 2018-04-07 05:20:16 +0300
commit: 7deab3172257bef7818ce834c1e0709432ddd5e0 (patch)
tree: f524ab35e59ac478572a444bea1f847accad410b /app/services/auth
parent: 726f5bbf04b92357a11af34044a0720092797a71 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 2b77f6be72a..d70ac7b1b3d 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -127,8 +127,8 @@ module Auth
       # Build can:
       # 1. pull from its own project (for ex. a build)
       # 2. read images from dependent projects if creator of build is a team member
-      has_authentication_ability?(:build_read_container_image) &&
-        (requested_project == project || can?(current_user, :build_read_container_image, requested_project))
+      has_authentication_ability?(:project_read_container_image) &&
+        (requested_project == project || can?(current_user, :project_read_container_image, requested_project))
     end
 
     def user_can_admin?(requested_project)
author	Mayra Cabrera <mcabrera@gitlab.com>	2018-04-04 00:34:56 +0300
committer	Mayra Cabrera <mcabrera@gitlab.com>	2018-04-07 05:20:16 +0300
commit	7deab3172257bef7818ce834c1e0709432ddd5e0 (patch)
tree	f524ab35e59ac478572a444bea1f847accad410b /app/services/auth
parent	726f5bbf04b92357a11af34044a0720092797a71 (diff)