diff options
| author | James Lopez <james@jameslopez.es> | 2018-12-04 13:55:34 +0300 |
|---|---|---|
| committer | James Lopez <james@jameslopez.es> | 2018-12-04 13:55:34 +0300 |
| commit | 1c34a2a01497f9db4602794b1aa37ae54dcee740 (patch) | |
| tree | f61e0629f087c844b8a2b9ab7df4cc5f8672c115 /lib | |
| parent | 403430968cf2a98a88d0c454501d883d6508e7e0 (diff) | |
Use read_repository scope on read-only files API
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/files.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/api/files.rb b/lib/api/files.rb index becf66d1467..ca59d330e1c 100644 --- a/lib/api/files.rb +++ b/lib/api/files.rb @@ -2,6 +2,8 @@ module API class Files < Grape::API + include APIGuard + FILE_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(file_path: API::NO_SLASH_URL_PART_REGEX) # Prevents returning plain/text responses for files with .txt extension @@ -79,6 +81,8 @@ module API requires :id, type: String, desc: 'The project ID' end resource :projects, requirements: FILE_ENDPOINT_REQUIREMENTS do + allow_access_with_scope :read_repository, if: -> (request) { request.get? || request.head? } + desc 'Get raw file metadata from repository' params do requires :file_path, type: String, desc: 'The url encoded path to the file. Ex. lib%2Fclass%2Erb' |