diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-21 03:13:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-21 03:13:46 +0300 |
commit | 4aa6fba6d825b88d23ff37668e78c851bec102b0 (patch) | |
tree | 2588fec6fc68f27fbfc23e89daf9b9af34d5466b /lib/api/helpers.rb | |
parent | faf60c19a9a1a29ce07d1b51ea3a69466e7129f3 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 6cb9d19a2ad..3489a4b21b3 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -211,18 +211,25 @@ module API not_found!('Pipeline') end + def find_organization!(id) + organization = Organizations::Organization.find_by_id(id) + check_organization_access(organization) + end + # rubocop: disable CodeReuse/ActiveRecord - def find_group(id) + def find_group(id, organization = nil) + collection = organization.present? ? Group.in_organization(organization) : Group.all + if id.to_s =~ INTEGER_ID_REGEX - Group.find_by(id: id) + collection.find_by(id: id) else - Group.find_by_full_path(id) + collection.find_by_full_path(id) end end # rubocop: enable CodeReuse/ActiveRecord - def find_group!(id) - group = find_group(id) + def find_group!(id, organization = nil) + group = find_group(id, organization) check_group_access(group) end @@ -835,6 +842,12 @@ module API @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER] end + def check_organization_access(organization) + return organization if can?(current_user, :read_organization, organization) + + not_found!('Organization') + end + def secret_token Gitlab::Shell.secret_token end |