Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
715a8cfa
Commit
715a8cfa
authored
May 14, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix authentication service
parent
46cc04ce
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
1 deletion
+9
-1
app/models/ability.rb
app/models/ability.rb
+1
-0
app/services/auth/container_registry_authentication_service.rb
...ervices/auth/container_registry_authentication_service.rb
+7
-1
spec/services/auth/container_registry_authentication_service_spec.rb
...es/auth/container_registry_authentication_service_spec.rb
+1
-0
No files found.
app/models/ability.rb
View file @
715a8cfa
...
@@ -61,6 +61,7 @@ class Ability
...
@@ -61,6 +61,7 @@ class Ability
:read_merge_request
,
:read_merge_request
,
:read_note
,
:read_note
,
:read_commit_status
,
:read_commit_status
,
:read_container_registry
,
:download_code
:download_code
]
]
...
...
app/services/auth/container_registry_authentication_service.rb
View file @
715a8cfa
module
Auth
module
Auth
class
ContainerRegistryAuthenticationService
<
BaseService
class
ContainerRegistryAuthenticationService
<
BaseService
AUDIENCE
=
'container_registry'
def
execute
def
execute
return
error
(
'not found'
,
404
)
unless
registry
.
enabled
if
params
[
:offline_token
]
if
params
[
:offline_token
]
return
error
(
'forbidden'
,
403
)
unless
current_user
return
error
(
'forbidden'
,
403
)
unless
current_user
end
end
...
@@ -52,9 +56,11 @@ module Auth
...
@@ -52,9 +56,11 @@ module Auth
end
end
def
can_access?
(
requested_project
,
requested_action
)
def
can_access?
(
requested_project
,
requested_action
)
return
false
unless
requested_project
.
container_registry_enabled?
case
requested_action
case
requested_action
when
'pull'
when
'pull'
requested_project
.
public?
||
requested_project
==
project
||
can?
(
current_user
,
:read_container_registry
,
requested_project
)
requested_project
==
project
||
can?
(
current_user
,
:read_container_registry
,
requested_project
)
when
'push'
when
'push'
requested_project
==
project
||
can?
(
current_user
,
:create_container_registry
,
requested_project
)
requested_project
==
project
||
can?
(
current_user
,
:create_container_registry
,
requested_project
)
else
else
...
...
spec/services/auth/container_registry_authentication_service_spec.rb
View file @
715a8cfa
...
@@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
let
(
:rsa_key
)
{
OpenSSL
::
PKey
::
RSA
.
generate
(
512
)
}
let
(
:rsa_key
)
{
OpenSSL
::
PKey
::
RSA
.
generate
(
512
)
}
let
(
:registry_settings
)
do
let
(
:registry_settings
)
do
{
{
enabled:
true
,
issuer:
'rspec'
,
issuer:
'rspec'
,
key:
nil
key:
nil
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment