Correct access control flow for Git HTTP requests.

9397ce91 · Patricio Cano · da15471b · 9397ce91 · 9397ce91
Commit 9397ce91 authored Jun 27, 2016 by Patricio Cano
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 6 deletions

app/controllers/projects/git_http_controller.rb app/controllers/projects/git_http_controller.rb +8 -2

lib/gitlab/git_access.rb lib/gitlab/git_access.rb +4 -4

No files found.
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -174,14 +174,20 @@ class Projects::GitHttpController < Projects::ApplicationController
    end
  end

+  def access
+    return @access if defined?(@access)
+
+    @access = Gitlab::GitAccess.new(user, project, 'http')
+  end
+
  def download_access
    return @download_access if defined?(@download_access)

-    @download_access = Gitlab::GitAccess.new(user, project, 'http').check('git-upload-pack')
+    @download_access = access.check('git-upload-pack')
  end

  def http_blocked?
-    download_access.protocol_allowed?
+    !access.protocol_allowed?
  end

  def receive_pack_allowed?

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -169,6 +169,10 @@ module Gitlab
      Gitlab::ForcePushCheck.force_push?(project, oldrev, newrev)
    end

+    def protocol_allowed?
+      Gitlab::ProtocolAccess.allowed?(protocol)
+    end
+
    private

    def protected_branch_action(oldrev, newrev, branch_name)
@@ -193,10 +197,6 @@ module Gitlab
      Gitlab::UserAccess.allowed?(user)
    end

-    def protocol_allowed?
-      Gitlab::ProtocolAccess.allowed?(protocol)
-    end
-
    def branch_name(ref)
      ref = ref.to_s
      if Gitlab::Git.branch_ref?(ref)