diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-31 21:17:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-31 21:17:06 +0300 |
commit | 4747b1ebc408204ff9ac4e6b9afa1d97fcf8c91a (patch) | |
tree | 1a7cf972d18990f46fadee34dae9676b7016f7c9 /lib | |
parent | ccab6fb4df8bc12220334618e56d911c4d0e447c (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/branches.rb | 2 | ||||
-rw-r--r-- | lib/api/commits.rb | 2 | ||||
-rw-r--r-- | lib/api/files.rb | 2 | ||||
-rw-r--r-- | lib/api/helpers.rb | 4 | ||||
-rw-r--r-- | lib/api/lint.rb | 3 | ||||
-rw-r--r-- | lib/api/protected_branches.rb | 12 | ||||
-rw-r--r-- | lib/api/releases.rb | 4 | ||||
-rw-r--r-- | lib/api/repositories.rb | 4 | ||||
-rw-r--r-- | lib/api/tags.rb | 2 |
9 files changed, 22 insertions, 13 deletions
diff --git a/lib/api/branches.rb b/lib/api/branches.rb index 5ae1a80a7fd..c5ea3a2d3ad 100644 --- a/lib/api/branches.rb +++ b/lib/api/branches.rb @@ -14,7 +14,7 @@ module API before do require_repository_enabled! - authorize! :read_code, user_project + authorize_read_code! end rescue_from Gitlab::Git::Repository::NoRepository do diff --git a/lib/api/commits.rb b/lib/api/commits.rb index f884dde3552..7a86c995f1a 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -9,7 +9,7 @@ module API before do require_repository_enabled! - authorize! :read_code, user_project + authorize_read_code! verify_pagination_params! end diff --git a/lib/api/files.rb b/lib/api/files.rb index 1850413caa6..45e935d7ea2 100644 --- a/lib/api/files.rb +++ b/lib/api/files.rb @@ -30,7 +30,7 @@ module API end def assign_file_vars! - authorize! :read_code, user_project + authorize_read_code! @commit = user_project.commit(params[:ref]) not_found!('Commit') unless @commit diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 74c740f47cc..e55452fd07b 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -332,6 +332,10 @@ module API authorize! :read_build, user_project end + def authorize_read_code! + authorize! :read_code, user_project + end + def authorize_read_build_trace!(build) authorize! :read_build_trace, build end diff --git a/lib/api/lint.rb b/lib/api/lint.rb index 0dd06d27aeb..15ccf0da0b9 100644 --- a/lib/api/lint.rb +++ b/lib/api/lint.rb @@ -28,6 +28,7 @@ module API end post '/lint', urgency: :low do + render_api_error!('410 Gone', 410) unless Feature.disabled?(:ci_remove_post_lint, current_user) unauthorized! unless can_lint_ci? result = Gitlab::Ci::Lint.new(project: nil, current_user: current_user) @@ -56,7 +57,7 @@ module API end get ':id/ci/lint', urgency: :low do - authorize! :read_code, user_project + authorize_read_code! if user_project.commit.present? content = user_project.repository.gitlab_ci_yml_for(user_project.commit.id, user_project.ci_config_path_or_default) diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb index a50208d78d7..3d9abe23638 100644 --- a/lib/api/protected_branches.rb +++ b/lib/api/protected_branches.rb @@ -6,8 +6,6 @@ module API BRANCH_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(name: API::NO_SLASH_URL_PART_REGEX) - before { authorize_admin_project } - feature_category :source_code_management helpers Helpers::ProtectedBranchesHelpers @@ -33,6 +31,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord get ':id/protected_branches' do + authorize_read_code! + protected_branches = ProtectedBranchesFinder .new(user_project, params) @@ -55,6 +55,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord get ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS do + authorize_read_code! + protected_branch = user_project.protected_branches.find_by!(name: params[:name]) present protected_branch, with: Entities::ProtectedBranch, project: user_project @@ -86,6 +88,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord post ':id/protected_branches' do + authorize_admin_project + protected_branch = user_project.protected_branches.find_by(name: params[:name]) if protected_branch @@ -123,6 +127,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord patch ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS do + authorize_admin_project + protected_branch = user_project.protected_branches.find_by!(name: params[:name]) declared_params = declared_params(include_missing: false) @@ -150,6 +156,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord delete ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS, urgency: :low do + authorize_admin_project + protected_branch = user_project.protected_branches.find_by!(name: params[:name]) destroy_conditionally!(protected_branch) do diff --git a/lib/api/releases.rb b/lib/api/releases.rb index ebf1c03e86b..0b31a3e0309 100644 --- a/lib/api/releases.rb +++ b/lib/api/releases.rb @@ -387,10 +387,6 @@ module API authorize! :download_code, user_project end - def authorize_read_code! - authorize! :read_code, user_project - end - def authorize_create_evidence! # extended in EE end diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 6f8d34ea387..295d1d5ab16 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -41,7 +41,7 @@ module API end end - before { authorize! :read_code, user_project } + before { authorize_read_code! } feature_category :source_code_management @@ -63,7 +63,7 @@ module API end def assign_blob_vars!(limit:) - authorize! :read_code, user_project + authorize_read_code! @repo = user_project.repository diff --git a/lib/api/tags.rb b/lib/api/tags.rb index f918fb997bf..42b63af59e0 100644 --- a/lib/api/tags.rb +++ b/lib/api/tags.rb @@ -7,7 +7,7 @@ module API TAG_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(tag_name: API::NO_SLASH_URL_PART_REGEX) before do - authorize! :read_code, user_project + authorize_read_code! not_found! unless user_project.repo_exists? end |