diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-08-08 13:01:25 +0300 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-13 14:30:26 +0300 |
commit | 505dc808b3c0dc98413506446d368b91b56ff682 (patch) | |
tree | 1f6d5c7fe805bf5ff11a4f5696d73e11d71ca3a6 /lib/gitlab/git_access.rb | |
parent | 45afdbef0de58f6de207b057e47151611d2ad7e6 (diff) |
Use a permissions of user to access all dependent projects from CI jobs (this also includes a container images, and in future LFS files)
Diffstat (limited to 'lib/gitlab/git_access.rb')
-rw-r--r-- | lib/gitlab/git_access.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 1882eb8d050..5bd0134ed45 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -5,12 +5,13 @@ module Gitlab DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive } PUSH_COMMANDS = %w{ git-receive-pack } - attr_reader :actor, :project, :protocol, :user_access + attr_reader :actor, :project, :protocol, :user_access, :access_type - def initialize(actor, project, protocol) + def initialize(actor, project, protocol, access_type: access_type) @actor = actor @project = project @protocol = protocol + @access_type = access_type @user_access = UserAccess.new(user, project: project) end @@ -60,14 +61,26 @@ module Gitlab end def user_download_access_check - unless user_access.can_do_action?(:download_code) + unless privileged_user_can_download_code? || restricted_user_can_download_code? return build_status_object(false, "You are not allowed to download code from this project.") end build_status_object(true) end + def privileged_user_can_download_code? + access_type == :full && user_access.can_do_action?(:download_code) + end + + def restricted_user_can_download_code? + access_type == :restricted && user_access.can_do_action?(:restricted_download_code) + end + def user_push_access_check(changes) + unless access_type == :full + return build_status_object(false, "You are not allowed to upload code for this project.") + end + if changes.blank? return build_status_object(true) end |