diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 20:56:41 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 20:56:41 +0300 |
commit | e5121cd2a1ea1df276317fa68765e969a0b21eae (patch) | |
tree | 3b9732ce48aab909276c030b9a60d1c12cee2525 /lib/gitlab/auth.rb | |
parent | 4ee3ab616fc8b89b957b531294b67097941e49f6 (diff) | |
parent | 63745c932cc8bc81fc2b2d30e9a171e346f4b969 (diff) |
Merge remote-tracking branch 'dev/12-9-stable' into 12-9-stable
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index c16c2ce96de..7f7bdda953f 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -171,6 +171,8 @@ module Gitlab if valid_oauth_token?(token) user = User.find_by(id: token.resource_owner_id) + return unless user.can?(:log_in) + Gitlab::Auth::Result.new(user, nil, :oauth, full_authentication_abilities) end end @@ -182,7 +184,7 @@ module Gitlab token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password) - if token && valid_scoped_token?(token, all_available_scopes) + if token && valid_scoped_token?(token, all_available_scopes) && token.user.can?(:log_in) Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes)) end end @@ -260,6 +262,8 @@ module Gitlab return unless build.project.builds_enabled? if build.user + return unless build.user.can?(:log_in) + # If user is assigned to build, use restricted credentials of user Gitlab::Auth::Result.new(build.user, build.project, :build, build_authentication_abilities) else |