Add path blacklist

995e656a · Dmitriy Zaporozhets · 8f52501e · 995e656a · 995e656a · 995e656a
Commit 995e656a authored Jun 12, 2013 by Dmitriy Zaporozhets
Showing with 13 additions and 9 deletions

app/models/namespace.rb app/models/namespace.rb +1 -0

app/models/project.rb app/models/project.rb +2 -9

app/models/user.rb app/models/user.rb +1 -0

lib/gitlab/blacklist.rb lib/gitlab/blacklist.rb +9 -0

No files found.
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base
                      message: "only letters, digits, spaces & '_' '-' '.' allowed." }
  validates :description, length: { within: 0..255 }
  validates :path, uniqueness: true, presence: true, length: { within: 1..255 },
+            exclusion: { in: Gitlab::Blacklist.path },
            format: { with: Gitlab::Regex.path_regex,
                      message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }


--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -79,6 +79,7 @@ class Project < ActiveRecord::Base
            format: { with: Gitlab::Regex.project_name_regex,
                      message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" }
  validates :path, presence: true, length: { within: 0..255 },
+            exclusion: { in: Gitlab::Blacklist.path },
            format: { with: Gitlab::Regex.path_regex,
                      message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
  validates :issues_enabled, :wall_enabled, :merge_requests_enabled,
@@ -92,7 +93,7 @@ class Project < ActiveRecord::Base
    format: { with: URI::regexp(%w(http https)), message: "should be a valid url" },
    if: :import?

-  validate :check_limit, :repo_name
+  validate :check_limit

  # Scopes
  scope :without_user, ->(user)  { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) }
@@ -166,14 +167,6 @@ class Project < ActiveRecord::Base
    errors[:base] << ("Can't check your ability to create project")
  end

-  def repo_name
-    denied_paths = %w(admin dashboard groups help profile projects search)
-
-    if denied_paths.include?(path)
-      errors.add(:path, "like #{path} is not allowed")
-    end
-  end
-
  def to_param
    if namespace
      namespace.path + "/" + path

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -104,6 +104,7 @@ class User < ActiveRecord::Base
  validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
  validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
  validates :username, presence: true, uniqueness: true,
+            exclusion: { in: Gitlab::Blacklist.path },
            format: { with: Gitlab::Regex.username_regex,
                      message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }


--- a/lib/gitlab/blacklist.rb
+++ b/lib/gitlab/blacklist.rb
+module Gitlab
+  module Blacklist
+    extend self
+
+    def path
+      %w(admin dashboard groups help profile projects search public assets u s teams merge_requests issues users snippets )
+    end
+  end
+end