diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-16 18:09:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-16 18:09:00 +0300 |
commit | a6533d71f53cd7f97a31100334154a82a9f37deb (patch) | |
tree | 225646046d9f101c54b7c91226c0fcf1e72005f7 /lib/gitlab/protocol_access.rb | |
parent | b019dc959ec16b15fe42a680dbd729542ff61537 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/protocol_access.rb')
-rw-r--r-- | lib/gitlab/protocol_access.rb | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/gitlab/protocol_access.rb b/lib/gitlab/protocol_access.rb index efeb1e07d49..5bcbf7b5cca 100644 --- a/lib/gitlab/protocol_access.rb +++ b/lib/gitlab/protocol_access.rb @@ -2,14 +2,42 @@ module Gitlab module ProtocolAccess - def self.allowed?(protocol) - if protocol == 'web' - true - elsif Gitlab::CurrentSettings.enabled_git_access_protocol.blank? + class << self + def allowed?(protocol, project: nil) + # Web is always allowed + return true if protocol == "web" + + # System settings + return false unless instance_allowed?(protocol) + + # Group-level settings + return false unless namespace_allowed?(protocol, namespace: project&.root_namespace) + + # Default to allowing all protocols true - else + end + + private + + def instance_allowed?(protocol) + # If admin hasn't configured this setting, default to true + return true if Gitlab::CurrentSettings.enabled_git_access_protocol.blank? + protocol == Gitlab::CurrentSettings.enabled_git_access_protocol end + + def namespace_allowed?(protocol, namespace: nil) + # If the namespace parameter was nil, we default to true here + return true if namespace.nil? + + # Return immediately if all protocols are allowed + return true if namespace.enabled_git_access_protocol == "all" + + # If the setting is somehow nil, such as in an unsaved state, we default to allow + return true if namespace.enabled_git_access_protocol.blank? + + protocol == namespace.enabled_git_access_protocol + end end end end |