Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell...

Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell expects and make the `protocol` param in `GitAccess` mandatory.

Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell...
Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell expects and make the `protocol` param in `GitAccess` mandatory.
8b14d1d2 · Patricio Cano · 7735ef86 · 8b14d1d2 · 8b14d1d2 · 8b14d1d2
Commit 8b14d1d2 authored Jun 22, 2016 by Patricio Cano
9 changed files
--- a/app/helpers/branches_helper.rb
+++ b/app/helpers/branches_helper.rb
@@ -12,7 +12,7 @@ module BranchesHelper
  def can_push_branch?(project, branch_name)
    return false unless project.repository.branch_exists?(branch_name)
-    ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(branch_name)
+    ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(branch_name)
  end
  def project_branches

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -481,7 +481,7 @@ class MergeRequest < ActiveRecord::Base
  end
  def can_be_merged_by?(user)
-    ::Gitlab::GitAccess.new(user, project).can_push_to_branch?(target_branch)
+    ::Gitlab::GitAccess.new(user, project, 'web').can_push_to_branch?(target_branch)
  end
  def mergeable_ci_state?

--- a/app/services/commits/change_service.rb
+++ b/app/services/commits/change_service.rb
@@ -23,7 +23,7 @@ module Commits
    private
    def check_push_permissions
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
      unless allowed
        raise ValidationError.new('You are not allowed to push into this branch')

--- a/app/services/files/base_service.rb
+++ b/app/services/files/base_service.rb
@@ -43,7 +43,7 @@ module Files
    end
    def validate
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
      unless allowed
        raise_error("You are not allowed to push into this branch")

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -46,7 +46,7 @@
    .form-group
      %label.control-label.col-sm-2 Enabled Git access protocols
      .col-sm-10
-        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
+        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
        %span.help-block#clone-protocol-help
          Allow only the selected protocols to be used for Git access.
    .form-group

--- a/lib/gitlab/git/hook.rb
+++ b/lib/gitlab/git/hook.rb
@@ -35,7 +35,7 @@ module Gitlab
        vars = {
          'GL_ID' => gl_id,
          'PWD' => repo_path,
-          'PROTOCOL' => 'web'
+          'GL_PROTOCOL' => 'web'
        }
        options = {

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,7 +5,7 @@ module Gitlab
    attr_reader :actor, :project, :protocol
-    def initialize(actor, project, protocol = nil)
+    def initialize(actor, project, protocol)
      @actor    = actor
      @project  = project
      @protocol = protocol
@@ -50,6 +50,8 @@ module Gitlab
    end
    def check(cmd, changes = nil)
+      return build_status_object(false, 'Access denied due to unspecified Git access protocol') unless protocol
      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
      unless actor
@@ -75,8 +77,6 @@ module Gitlab
    end
    def download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
      if user
        user_download_access_check
      elsif deploy_key
@@ -87,8 +87,6 @@ module Gitlab
    end
    def push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
      if user
        user_push_access_check(changes)
      elsif deploy_key
@@ -99,8 +97,6 @@ module Gitlab
    end
    def user_download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
      unless user.can?(:download_code, project)
        return build_status_object(false, "You are not allowed to download code from this project.")
      end
@@ -109,8 +105,6 @@ module Gitlab
    end
    def user_push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
      if changes.blank?
        return build_status_object(true)
      end
@@ -200,7 +194,7 @@ module Gitlab
    end
    def protocol_allowed?
-      protocol ? Gitlab::ProtocolAccess.allowed?(protocol) : true
+      Gitlab::ProtocolAccess.allowed?(protocol)
    end
    def branch_name(ref)

--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
 require 'spec_helper'
 describe Gitlab::GitAccess, lib: true do
-  let(:access) { Gitlab::GitAccess.new(actor, project) }
+  let(:access) { Gitlab::GitAccess.new(actor, project, 'web') }
  let(:project) { create(:project) }
  let(:user) { create(:user) }
  let(:actor) { user }

--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
 require 'spec_helper'
 describe Gitlab::GitAccessWiki, lib: true do
-  let(:access) { Gitlab::GitAccessWiki.new(user, project) }
+  let(:access) { Gitlab::GitAccessWiki.new(user, project, 'web') }
  let(:project) { create(:project) }
  let(:user) { create(:user) }