Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
f18a714f
Commit
f18a714f
authored
Mar 19, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use GitAccess in internal api
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
19c28822
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
41 deletions
+19
-41
lib/api/internal.rb
lib/api/internal.rb
+19
-41
No files found.
lib/api/internal.rb
View file @
f18a714f
module
API
# Internal access API
class
Internal
<
Grape
::
API
DOWNLOAD_COMMANDS
=
%w{ git-upload-pack git-upload-archive }
PUSH_COMMANDS
=
%w{ git-receive-pack }
namespace
'internal'
do
#
# Check if ssh key has access to project code
# Check if git command is allowed to project
#
# Params:
# key_id - SSH Key id
# key_id - ssh key id for Git over SSH
# user_id - user id for Git over HTTP
# project - project path with namespace
# action - git action (git-upload-pack or git-receive-pack)
# ref - branch name
...
...
@@ -22,43 +18,25 @@ module API
# the wiki repository as well.
project_path
=
params
[
:project
]
project_path
.
gsub!
(
/\.wiki/
,
''
)
if
project_path
=~
/\.wiki/
key
=
Key
.
find
(
params
[
:key_id
])
project
=
Project
.
find_with_namespace
(
project_path
)
git_cmd
=
params
[
:action
]
return
false
unless
project
if
key
.
is_a?
DeployKey
key
.
projects
.
include?
(
project
)
&&
DOWNLOAD_COMMANDS
.
include?
(
git_cmd
)
else
user
=
key
.
user
return
false
if
user
.
blocked?
if
Gitlab
.
config
.
ldap
.
enabled
if
user
.
ldap_user?
# Check if LDAP user exists and match LDAP user_filter
unless
Gitlab
::
LDAP
::
Access
.
new
.
allowed?
(
user
)
return
false
end
end
end
action
=
case
git_cmd
when
*
DOWNLOAD_COMMANDS
then
:download_code
when
*
PUSH_COMMANDS
then
if
project
.
protected_branch?
(
params
[
:ref
])
:push_code_to_protected_branches
else
:push_code
end
end
user
.
can?
(
action
,
project
)
end
actor
=
if
params
[
:key_id
]
Key
.
find
(
params
[
:key_id
])
elsif
params
[
:user_id
]
User
.
find
(
params
[
:user_id
])
end
return
false
unless
actor
Gitlab
::
GitAccess
.
new
.
allowed?
(
actor
,
params
[
:action
],
project
,
params
[
:ref
],
params
[
:oldrev
],
params
[
:newrev
]
)
end
#
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>