diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-25 03:11:49 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-25 03:11:49 +0300 |
commit | 706338ea16ff0be915765ccc79429a50d0ff2edc (patch) | |
tree | 7489ae54afb8ca719b665e6d08dbb5d23f37f346 /lib/gitlab/auth.rb | |
parent | 8e73c80c681d8b02633ae25dbd642ecff4864511 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 38bc50a2cb8..257c73c47e6 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -207,7 +207,7 @@ module Gitlab return unless valid_scoped_token?(token, all_available_scopes) if project && token.user.project_bot? - return unless token_bot_in_project?(token.user, project) || token_bot_in_group?(token.user, project) + return unless token_bot_in_resource?(token.user, project) end if token.user.can_log_in_with_non_expired_password? || token.user.project_bot? @@ -229,6 +229,10 @@ module Gitlab end # rubocop: enable CodeReuse/ActiveRecord + def token_bot_in_resource?(user, project) + token_bot_in_project?(user, project) || token_bot_in_group?(user, project) + end + def valid_oauth_token?(token) token && token.accessible? && valid_scoped_token?(token, Doorkeeper.configuration.scopes) end @@ -309,7 +313,7 @@ module Gitlab return unless build.project.builds_enabled? if build.user - return unless build.user.can_log_in_with_non_expired_password? || (build.user.project_bot? && build.project.bots&.include?(build.user)) + return unless build.user.can_log_in_with_non_expired_password? || (build.user.project_bot? && token_bot_in_resource?(build.user, build.project)) # If user is assigned to build, use restricted credentials of user Gitlab::Auth::Result.new(build.user, build.project, :build, build_authentication_abilities) |