Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
06b7907c
Commit
06b7907c
authored
10 years ago
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix deploy keys permission check in internal api
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
30e28a7e
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
37 additions
and
10 deletions
+37
-10
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+18
-10
spec/lib/gitlab/git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+19
-0
No files found.
lib/gitlab/git_access.rb
View file @
06b7907c
...
...
@@ -8,15 +8,7 @@ module Gitlab
def
check
(
actor
,
cmd
,
project
,
changes
=
nil
)
case
cmd
when
*
DOWNLOAD_COMMANDS
if
actor
.
is_a?
User
download_access_check
(
actor
,
project
)
elsif
actor
.
is_a?
DeployKey
actor
.
projects
.
include?
(
project
)
elsif
actor
.
is_a?
Key
download_access_check
(
actor
.
user
,
project
)
else
raise
'Wrong actor'
end
when
*
PUSH_COMMANDS
if
actor
.
is_a?
User
push_access_check
(
actor
,
project
,
changes
)
...
...
@@ -32,7 +24,23 @@ module Gitlab
end
end
def
download_access_check
(
user
,
project
)
def
download_access_check
(
actor
,
project
)
if
actor
.
is_a?
(
User
)
user_download_access_check
(
actor
,
project
)
elsif
actor
.
is_a?
(
DeployKey
)
if
actor
.
projects
.
include?
(
project
)
build_status_object
(
true
)
else
build_status_object
(
false
,
"Deploy key not allowed to access this project"
)
end
elsif
actor
.
is_a?
Key
user_download_access_check
(
actor
.
user
,
project
)
else
raise
'Wrong actor'
end
end
def
user_download_access_check
(
user
,
project
)
if
user
&&
user_allowed?
(
user
)
&&
user
.
can?
(
:download_code
,
project
)
build_status_object
(
true
)
else
...
...
This diff is collapsed.
Click to expand it.
spec/lib/gitlab/git_access_spec.rb
View file @
06b7907c
...
...
@@ -46,6 +46,25 @@ describe Gitlab::GitAccess do
it
{
subject
.
allowed?
.
should
be_false
}
end
end
describe
'deploy key permissions'
do
let
(
:key
)
{
create
(
:deploy_key
)
}
context
'pull code'
do
context
'allowed'
do
before
{
key
.
projects
<<
project
}
subject
{
access
.
download_access_check
(
key
,
project
)
}
it
{
subject
.
allowed?
.
should
be_true
}
end
context
'denied'
do
subject
{
access
.
download_access_check
(
key
,
project
)
}
it
{
subject
.
allowed?
.
should
be_false
}
end
end
end
end
describe
'push_access_check'
do
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment