Merge branch 'ci-lfs-fetch' into 'master'

Allow to fetch LFS from CI ## What does this MR do? This adds support for fetching LFS object from CI jobs (mostly it's made for supporting GitLab CI). ## What is left? - [x] Write tests covering a new authorization mechanism cc @grzesiek @marin See merge request !4465
author: Rémy Coutable <remy@rymai.me> 2016-06-21 16:05:35 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2016-06-21 18:50:51 +0300
commit: 6d0f9bbc6baf7393b4152fc21991f373c6807b3e (patch)
tree: fe49f6769b4b7213656f706a543262532fcfa327 /lib
parent: 95621c0118c691f3523275d645364363d57f55e5 (diff)
3 files changed, 10 insertions, 6 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 7e3f5abba62..ab7b811c5d8 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -31,7 +31,7 @@ module Grack
 
       auth!
 
-      lfs_response = Gitlab::Lfs::Router.new(project, @user, @request).try_call
+      lfs_response = Gitlab::Lfs::Router.new(project, @user, @ci, @request).try_call
       return lfs_response unless lfs_response.nil?
 
       if @user.nil? && !@ci
diff --git a/lib/gitlab/lfs/response.rb b/lib/gitlab/lfs/response.rb
index 9d9617761b3..e3ed2f6791d 100644
--- a/lib/gitlab/lfs/response.rb
+++ b/lib/gitlab/lfs/response.rb
@@ -2,10 +2,11 @@ module Gitlab
   module Lfs
     class Response
 
-      def initialize(project, user, request)
+      def initialize(project, user, ci, request)
         @origin_project = project
         @project = storage_project(project)
         @user = user
+        @ci = ci
         @env = request.env
         @request = request
       end
@@ -189,7 +190,7 @@ module Gitlab
         return render_not_enabled unless Gitlab.config.lfs.enabled
 
         unless @project.public?
-          return render_unauthorized unless @user
+          return render_unauthorized unless @user || @ci
           return render_forbidden unless user_can_fetch?
         end
 
@@ -210,7 +211,7 @@ module Gitlab
 
       def user_can_fetch?
         # Check user access against the project they used to initiate the pull
-        @user.can?(:download_code, @origin_project)
+        @ci || @user.can?(:download_code, @origin_project)
       end
 
       def user_can_push?
diff --git a/lib/gitlab/lfs/router.rb b/lib/gitlab/lfs/router.rb
index 78d02891102..69bd5e62305 100644
--- a/lib/gitlab/lfs/router.rb
+++ b/lib/gitlab/lfs/router.rb
@@ -1,9 +1,12 @@
 module Gitlab
   module Lfs
     class Router
-      def initialize(project, user, request)
+      attr_reader :project, :user, :ci, :request
+
+      def initialize(project, user, ci, request)
         @project = project
         @user = user
+        @ci = ci
         @env = request.env
         @request = request
       end
@@ -80,7 +83,7 @@ module Gitlab
       def lfs
         return unless @project
 
-        Gitlab::Lfs::Response.new(@project, @user, @request)
+        Gitlab::Lfs::Response.new(@project, @user, @ci, @request)
       end
 
       def sanitize_tmp_filename(name)
author	Rémy Coutable <remy@rymai.me>	2016-06-21 16:05:35 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2016-06-21 18:50:51 +0300
commit	6d0f9bbc6baf7393b4152fc21991f373c6807b3e (patch)
tree	fe49f6769b4b7213656f706a543262532fcfa327 /lib
parent	95621c0118c691f3523275d645364363d57f55e5 (diff)