Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
39eac7b0
Commit
39eac7b0
authored
May 15, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'api_ldap' into 'master'
Check user access during API calls
parents
216704f3
223a8695
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
36 additions
and
12 deletions
+36
-12
CHANGELOG
CHANGELOG
+1
-0
lib/api/helpers.rb
lib/api/helpers.rb
+5
-0
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+1
-12
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+18
-0
spec/requests/api/api_helpers_spec.rb
spec/requests/api/api_helpers_spec.rb
+11
-0
No files found.
CHANGELOG
View file @
39eac7b0
...
@@ -16,6 +16,7 @@ v 6.9.0
...
@@ -16,6 +16,7 @@ v 6.9.0
- Two Step MR creation process
- Two Step MR creation process
- Remove unwanted files from satellite working directory with git clean -fdx
- Remove unwanted files from satellite working directory with git clean -fdx
- Accept merge request via API (sponsored by O'Reilly Media)
- Accept merge request via API (sponsored by O'Reilly Media)
- Add more access checks during API calls
v 6.8.0
v 6.8.0
- Ability to at mention users that are participating in issue and merge req. discussion
- Ability to at mention users that are participating in issue and merge req. discussion
...
...
lib/api/helpers.rb
View file @
39eac7b0
...
@@ -8,6 +8,11 @@ module API
...
@@ -8,6 +8,11 @@ module API
def
current_user
def
current_user
private_token
=
(
params
[
PRIVATE_TOKEN_PARAM
]
||
env
[
PRIVATE_TOKEN_HEADER
]).
to_s
private_token
=
(
params
[
PRIVATE_TOKEN_PARAM
]
||
env
[
PRIVATE_TOKEN_HEADER
]).
to_s
@current_user
||=
User
.
find_by
(
authentication_token:
private_token
)
@current_user
||=
User
.
find_by
(
authentication_token:
private_token
)
unless
@current_user
&&
Gitlab
::
UserAccess
.
allowed?
(
@current_user
)
return
nil
end
identifier
=
sudo_identifier
()
identifier
=
sudo_identifier
()
# If the sudo is the current user do nothing
# If the sudo is the current user do nothing
...
...
lib/gitlab/git_access.rb
View file @
39eac7b0
...
@@ -61,18 +61,7 @@ module Gitlab
...
@@ -61,18 +61,7 @@ module Gitlab
private
private
def
user_allowed?
(
user
)
def
user_allowed?
(
user
)
return
false
if
user
.
blocked?
Gitlab
::
UserAccess
.
allowed?
(
user
)
if
Gitlab
.
config
.
ldap
.
enabled
if
user
.
ldap_user?
# Check if LDAP user exists and match LDAP user_filter
Gitlab
::
LDAP
::
Access
.
open
do
|
adapter
|
return
false
unless
adapter
.
allowed?
(
user
)
end
end
end
true
end
end
end
end
end
end
lib/gitlab/user_access.rb
0 → 100644
View file @
39eac7b0
module
Gitlab
module
UserAccess
def
self
.
allowed?
(
user
)
return
false
if
user
.
blocked?
if
Gitlab
.
config
.
ldap
.
enabled
if
user
.
ldap_user?
# Check if LDAP user exists and match LDAP user_filter
Gitlab
::
LDAP
::
Access
.
open
do
|
adapter
|
return
false
unless
adapter
.
allowed?
(
user
)
end
end
end
true
end
end
end
spec/requests/api/api_helpers_spec.rb
View file @
39eac7b0
...
@@ -39,6 +39,17 @@ describe API, api: true do
...
@@ -39,6 +39,17 @@ describe API, api: true do
end
end
describe
".current_user"
do
describe
".current_user"
do
it
"should return nil for an invalid token"
do
env
[
API
::
APIHelpers
::
PRIVATE_TOKEN_HEADER
]
=
'invalid token'
current_user
.
should
be_nil
end
it
"should return nil for a user without access"
do
env
[
API
::
APIHelpers
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
Gitlab
::
UserAccess
.
stub
(
allowed?:
false
)
current_user
.
should
be_nil
end
it
"should leave user as is when sudo not specified"
do
it
"should leave user as is when sudo not specified"
do
env
[
API
::
APIHelpers
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
env
[
API
::
APIHelpers
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
current_user
.
should
==
user
current_user
.
should
==
user
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment