Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/api/ci/secure_files.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/api/ci/secure_files.rb')
-rw-r--r--lib/api/ci/secure_files.rb11
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/api/ci/secure_files.rb b/lib/api/ci/secure_files.rb
index 41faaf80c82..02f625f2130 100644
--- a/lib/api/ci/secure_files.rb
+++ b/lib/api/ci/secure_files.rb
@@ -6,6 +6,7 @@ module API
include PaginationParams
before do
+ check_api_enabled!
authenticate!
authorize! :read_secure_files, user_project
end
@@ -64,7 +65,7 @@ module API
resource do
before do
- read_only_feature_flag_enabled?
+ check_read_only_feature_flag_enabled!
authorize! :admin_secure_files, user_project
end
@@ -81,7 +82,7 @@ module API
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
post ':id/secure_files' do
secure_file = user_project.secure_files.new(
- name: Gitlab::Utils.check_path_traversal!(params[:name])
+ name: Gitlab::PathTraversal.check_path_traversal!(params[:name])
)
secure_file.file = params[:file]
@@ -112,7 +113,11 @@ module API
end
helpers do
- def read_only_feature_flag_enabled?
+ def check_api_enabled!
+ forbidden! unless Gitlab.config.ci_secure_files.enabled
+ end
+
+ def check_read_only_feature_flag_enabled!
service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops)
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 14:10:14 +0300