diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2016-12-20 16:19:07 +0300 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2016-12-20 16:19:07 +0300 |
| commit | 884f57c9102416805427d773eb21e09fd30c2452 (patch) | |
| tree | 42cf9ac2527723cc2ec25cf79ae34c4ac359792d /lib/gitlab/git_access.rb | |
| parent | 0f0738e78867f6822dd15cb26da1f17628acde77 (diff) | |
Use consistent names and move checks to the method,
and move those checks to be private. Feedback:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7383#note_20285012
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7383#note_20285279
Diffstat (limited to 'lib/gitlab/git_access.rb')
| -rw-r--r-- | lib/gitlab/git_access.rb | 82 |
1 files changed, 43 insertions, 39 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 545506f3dfd..f0b241fb5e6 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -29,16 +29,16 @@ module Gitlab def check(cmd, changes) check_protocol! - check_active_user! unless deploy_key? + check_active_user! check_project_accessibility! check_command_existence!(cmd) check_repository_existence! case cmd when *DOWNLOAD_COMMANDS - download_access_check unless deploy_key? + check_download_access! when *PUSH_COMMANDS - push_access_check(changes) + check_push_access!(changes) end build_status_object(true) @@ -46,30 +46,6 @@ module Gitlab build_status_object(false, ex.message) end - def download_access_check - passed = user_can_download_code? || - build_can_download_code? || - guest_can_download_code? - - unless passed - raise UnauthorizedError, ERROR_MESSAGES[:download] - end - end - - def push_access_check(changes) - if deploy_key - deploy_key_push_access_check - elsif user - user_push_access_check - else - raise UnauthorizedError, ERROR_MESSAGES[:upload] - end - - return if changes.blank? # Allow access. - - check_change_access!(changes) - end - def guest_can_download_code? Guest.can?(:download_code, project) end @@ -82,18 +58,6 @@ module Gitlab authentication_abilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code) end - def user_push_access_check - unless authentication_abilities.include?(:push_code) - raise UnauthorizedError, ERROR_MESSAGES[:upload] - end - end - - def deploy_key_push_access_check - unless deploy_key.can_push_to?(project) - raise UnauthorizedError, ERROR_MESSAGES[:deploy_key_upload] - end - end - def protocol_allowed? Gitlab::ProtocolAccess.allowed?(protocol) end @@ -107,6 +71,8 @@ module Gitlab end def check_active_user! + return if deploy_key? + if user && !user_access.allowed? raise UnauthorizedError, "Your account has been blocked." end @@ -130,6 +96,44 @@ module Gitlab end end + def check_download_access! + return if deploy_key? + + passed = user_can_download_code? || + build_can_download_code? || + guest_can_download_code? + + unless passed + raise UnauthorizedError, ERROR_MESSAGES[:download] + end + end + + def check_push_access!(changes) + if deploy_key + check_deploy_key_push_access! + elsif user + check_user_push_access! + else + raise UnauthorizedError, ERROR_MESSAGES[:upload] + end + + return if changes.blank? # Allow access. + + check_change_access!(changes) + end + + def check_user_push_access! + unless authentication_abilities.include?(:push_code) + raise UnauthorizedError, ERROR_MESSAGES[:upload] + end + end + + def check_deploy_key_push_access! + unless deploy_key.can_push_to?(project) + raise UnauthorizedError, ERROR_MESSAGES[:deploy_key_upload] + end + end + def check_change_access!(changes) changes_list = Gitlab::ChangesList.new(changes) |