Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-14 03:09:57 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-14 03:09:57 +0300
commit: 9398d718d92a40a0a917040645a55dea51467a91 (patch)
tree: ce1242c69221f1e6abd701439631cf6e6d1b948d /app/services
parent: 602ea42669779ec431bcaeb41fd95e079b1a7021 (diff)
2 files changed, 15 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 629c1cbdc5c..4a699fe3213 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -135,7 +135,7 @@ module Auth
       when 'pull'
         build_can_pull?(requested_project) || user_can_pull?(requested_project) || deploy_token_can_pull?(requested_project)
       when 'push'
-        build_can_push?(requested_project) || user_can_push?(requested_project)
+        build_can_push?(requested_project) || user_can_push?(requested_project) || deploy_token_can_push?(requested_project)
       when 'delete'
         build_can_delete?(requested_project) || user_can_admin?(requested_project)
       when '*'
@@ -185,6 +185,13 @@ module Auth
         current_user.read_registry?
     end
 
+    def deploy_token_can_push?(requested_project)
+      has_authentication_ability?(:create_container_image) &&
+        current_user.is_a?(DeployToken) &&
+        current_user.has_access_to?(requested_project) &&
+        current_user.write_registry?
+    end
+
     ##
     # We still support legacy pipeline triggers which do not have associated
     # actor. New permissions model and new triggers are always associated with
diff --git a/app/services/projects/update_repository_storage_service.rb b/app/services/projects/update_repository_storage_service.rb
index 0602089a3ab..2e5de9411d1 100644
--- a/app/services/projects/update_repository_storage_service.rb
+++ b/app/services/projects/update_repository_storage_service.rb
@@ -5,12 +5,15 @@ module Projects
     include Gitlab::ShellAdapter
 
     Error = Class.new(StandardError)
+    SameFilesystemError = Class.new(Error)
 
     def initialize(project)
       @project = project
     end
 
     def execute(new_repository_storage_key)
+      raise SameFilesystemError if same_filesystem?(project.repository.storage, new_repository_storage_key)
+
       mirror_repositories(new_repository_storage_key)
 
       mark_old_paths_for_archive
@@ -33,6 +36,10 @@ module Projects
 
     private
 
+    def same_filesystem?(old_storage, new_storage)
+      Gitlab::GitalyClient.filesystem_id(old_storage) == Gitlab::GitalyClient.filesystem_id(new_storage)
+    end
+
     def mirror_repositories(new_repository_storage_key)
       mirror_repository(new_repository_storage_key)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-14 03:09:57 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-14 03:09:57 +0300
commit	9398d718d92a40a0a917040645a55dea51467a91 (patch)
tree	ce1242c69221f1e6abd701439631cf6e6d1b948d /app/services
parent	602ea42669779ec431bcaeb41fd95e079b1a7021 (diff)