diff options
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 2d8a4f60e2a..632717e1b73 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -124,12 +124,22 @@ module API def find_project!(id) project = find_project(id) + return forbidden! unless authorized_project_scope?(project) + return project if can?(current_user, :read_project, project) return unauthorized! if authenticate_non_public? not_found!('Project') end + def authorized_project_scope?(project) + return true unless job_token_authentication? + return true unless route_authentication_setting[:job_token_scope] == :project + + ::Feature.enabled?(:ci_job_token_scope, project, default_enabled: :yaml) && + current_authenticated_job.project == project + end + # rubocop: disable CodeReuse/ActiveRecord def find_group(id) if id.to_s =~ /^\d+$/ @@ -308,7 +318,7 @@ module API def verify_workhorse_api! Gitlab::Workhorse.verify_api_request!(request.headers) - rescue => e + rescue StandardError => e Gitlab::ErrorTracking.track_exception(e) forbidden! @@ -549,7 +559,7 @@ module API return unless Feature.enabled?(feature_name) Gitlab::UsageDataCounters.count(event_name) - rescue => error + rescue StandardError => error Gitlab::AppLogger.warn("Redis tracking event failed for event: #{event_name}, message: #{error.message}") end @@ -559,7 +569,7 @@ module API return unless values.present? Gitlab::UsageDataCounters::HLLRedisCounter.track_event(event_name, values: values) - rescue => error + rescue StandardError => error Gitlab::AppLogger.warn("Redis tracking event failed for event: #{event_name}, message: #{error.message}") end @@ -582,18 +592,26 @@ module API def project_finder_params_ce finder_params = project_finder_params_visibility_ce + + finder_params.merge!( + params + .slice(:search, + :custom_attributes, + :last_activity_after, + :last_activity_before, + :repository_storage) + .symbolize_keys + .compact + ) + finder_params[:with_issues_enabled] = true if params[:with_issues_enabled].present? finder_params[:with_merge_requests_enabled] = true if params[:with_merge_requests_enabled].present? finder_params[:without_deleted] = true - finder_params[:search] = params[:search] if params[:search] finder_params[:search_namespaces] = true if params[:search_namespaces].present? finder_params[:user] = params.delete(:user) if params[:user] - finder_params[:custom_attributes] = params[:custom_attributes] if params[:custom_attributes] finder_params[:id_after] = sanitize_id_param(params[:id_after]) if params[:id_after] finder_params[:id_before] = sanitize_id_param(params[:id_before]) if params[:id_before] - finder_params[:last_activity_after] = params[:last_activity_after] if params[:last_activity_after] - finder_params[:last_activity_before] = params[:last_activity_before] if params[:last_activity_before] - finder_params[:repository_storage] = params[:repository_storage] if params[:repository_storage] + finder_params[:tag] = params[:topic] if params[:topic].present? finder_params end @@ -700,4 +718,4 @@ module API end end -API::Helpers.prepend_if_ee('EE::API::Helpers') +API::Helpers.prepend_mod_with('API::Helpers') |