Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/services/auth
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-05-14 22:22:45 +0300
committerKamil Trzcinski <ayufan@ayufan.eu>2016-05-14 22:27:56 +0300
commit715a8cfa2f4639bf36b604f6e3eb2814187367c0 (patch)
tree7135a01f8555035c566d04fc5cf52a533d8c2fc4 /app/services/auth
parent46cc04ce7a374127dd617c8fd2671efed2819cda (diff)
Fix authentication service
Diffstat (limited to 'app/services/auth')
-rw-r--r--app/services/auth/container_registry_authentication_service.rb8
1 files changed, 7 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 0323a42b697..a63e7046fcc 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -1,6 +1,10 @@
module Auth
class ContainerRegistryAuthenticationService < BaseService
+ AUDIENCE = 'container_registry'
+
def execute
+ return error('not found', 404) unless registry.enabled
+
if params[:offline_token]
return error('forbidden', 403) unless current_user
end
@@ -52,9 +56,11 @@ module Auth
end
def can_access?(requested_project, requested_action)
+ return false unless requested_project.container_registry_enabled?
+
case requested_action
when 'pull'
- requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
+ requested_project == project || can?(current_user, :read_container_registry, requested_project)
when 'push'
requested_project == project || can?(current_user, :create_container_registry, requested_project)
else
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 20:18:14 +0300