Commit 715a8cfa authored by Kamil Trzcinski's avatar Kamil Trzcinski

Fix authentication service

parent 46cc04ce
......@@ -61,6 +61,7 @@ class Ability
:read_merge_request,
:read_note,
:read_commit_status,
:read_container_registry,
:download_code
]
......
module Auth
class ContainerRegistryAuthenticationService < BaseService
AUDIENCE = 'container_registry'
def execute
return error('not found', 404) unless registry.enabled
if params[:offline_token]
return error('forbidden', 403) unless current_user
end
......@@ -52,9 +56,11 @@ module Auth
end
def can_access?(requested_project, requested_action)
return false unless requested_project.container_registry_enabled?
case requested_action
when 'pull'
requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
requested_project == project || can?(current_user, :read_container_registry, requested_project)
when 'push'
requested_project == project || can?(current_user, :create_container_registry, requested_project)
else
......
......@@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
let(:registry_settings) do
{
enabled: true,
issuer: 'rspec',
key: nil
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment