diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 03:09:57 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 03:09:57 +0300 |
commit | 9398d718d92a40a0a917040645a55dea51467a91 (patch) | |
tree | ce1242c69221f1e6abd701439631cf6e6d1b948d /app/services | |
parent | 602ea42669779ec431bcaeb41fd95e079b1a7021 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 9 | ||||
-rw-r--r-- | app/services/projects/update_repository_storage_service.rb | 7 |
2 files changed, 15 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 629c1cbdc5c..4a699fe3213 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -135,7 +135,7 @@ module Auth when 'pull' build_can_pull?(requested_project) || user_can_pull?(requested_project) || deploy_token_can_pull?(requested_project) when 'push' - build_can_push?(requested_project) || user_can_push?(requested_project) + build_can_push?(requested_project) || user_can_push?(requested_project) || deploy_token_can_push?(requested_project) when 'delete' build_can_delete?(requested_project) || user_can_admin?(requested_project) when '*' @@ -185,6 +185,13 @@ module Auth current_user.read_registry? end + def deploy_token_can_push?(requested_project) + has_authentication_ability?(:create_container_image) && + current_user.is_a?(DeployToken) && + current_user.has_access_to?(requested_project) && + current_user.write_registry? + end + ## # We still support legacy pipeline triggers which do not have associated # actor. New permissions model and new triggers are always associated with diff --git a/app/services/projects/update_repository_storage_service.rb b/app/services/projects/update_repository_storage_service.rb index 0602089a3ab..2e5de9411d1 100644 --- a/app/services/projects/update_repository_storage_service.rb +++ b/app/services/projects/update_repository_storage_service.rb @@ -5,12 +5,15 @@ module Projects include Gitlab::ShellAdapter Error = Class.new(StandardError) + SameFilesystemError = Class.new(Error) def initialize(project) @project = project end def execute(new_repository_storage_key) + raise SameFilesystemError if same_filesystem?(project.repository.storage, new_repository_storage_key) + mirror_repositories(new_repository_storage_key) mark_old_paths_for_archive @@ -33,6 +36,10 @@ module Projects private + def same_filesystem?(old_storage, new_storage) + Gitlab::GitalyClient.filesystem_id(old_storage) == Gitlab::GitalyClient.filesystem_id(new_storage) + end + def mirror_repositories(new_repository_storage_key) mirror_repository(new_repository_storage_key) |