diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-26 21:08:03 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-26 21:08:03 +0300 |
commit | dc003cd08b4cb72fecbb03aa978ea0c53c03aeb4 (patch) | |
tree | 5e77ce228c33619201ac6706b9789d4a2eed2a3b /lib/api | |
parent | e80e0dd64fbb04f60394cb1bb08e17dbcb22b8ce (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/deploy_tokens.rb | 8 | ||||
-rw-r--r-- | lib/api/helpers.rb | 4 | ||||
-rw-r--r-- | lib/api/repositories.rb | 2 | ||||
-rw-r--r-- | lib/api/snippets.rb | 2 | ||||
-rw-r--r-- | lib/api/triggers.rb | 2 |
5 files changed, 14 insertions, 4 deletions
diff --git a/lib/api/deploy_tokens.rb b/lib/api/deploy_tokens.rb index 2b1c485785b..a637bfcb180 100644 --- a/lib/api/deploy_tokens.rb +++ b/lib/api/deploy_tokens.rb @@ -53,10 +53,10 @@ module API params do requires :name, type: String, desc: "New deploy token's name" - requires :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' - requires :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository" or "read_registry".' + optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' + optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end desc 'Create a project deploy token' do detail 'This feature was introduced in GitLab 12.9' @@ -114,10 +114,10 @@ module API params do requires :name, type: String, desc: 'The name of the deploy token' - requires :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' - requires :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository" or "read_registry".' + optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' + optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end desc 'Create a group deploy token' do detail 'This feature was introduced in GitLab 12.9' diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 47784dc771e..ff61cceb4c9 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -367,6 +367,10 @@ module API render_api_error!('405 Method Not Allowed', 405) end + def not_acceptable! + render_api_error!('406 Not Acceptable', 406) + end + def service_unavailable! render_api_error!('503 Service Unavailable', 503) end diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 62f5b67af1e..0b2df85f61f 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -95,6 +95,8 @@ module API render_api_error!({ error: ::Gitlab::RateLimitHelpers::ARCHIVE_RATE_LIMIT_REACHED_MESSAGE }, 429) end + not_acceptable! if Gitlab::HotlinkingDetector.intercept_hotlinking?(request) + send_git_archive user_project.repository, ref: params[:sha], format: params[:format], append_sha: true rescue not_found!('File') diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index b5df036c5ca..0aaab9a812f 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -74,6 +74,8 @@ module API desc: 'The visibility of the snippet' end post do + authorize! :create_snippet + attrs = declared_params(include_missing: false).merge(request: request, api: true) service_response = ::Snippets::CreateService.new(nil, current_user, attrs).execute snippet = service_response.payload[:snippet] diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb index 76af29b2977..e1829403941 100644 --- a/lib/api/triggers.rb +++ b/lib/api/triggers.rb @@ -109,6 +109,8 @@ module API trigger = user_project.triggers.find(params.delete(:trigger_id)) break not_found!('Trigger') unless trigger + authorize! :admin_trigger, trigger + if trigger.update(declared_params(include_missing: false)) present trigger, with: Entities::Trigger, current_user: current_user else |