Commit 2f950769 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'fix/push-read-only-message' into 'master'

Fix message when pushing to Geo secondary

Closes #3945

See merge request gitlab-org/gitlab-ee!3616
parents a6158aa0 ffdf79d1
---
title: Fix Git message when pushing to Geo secondary
merge_request: 3616
author:
type: fixed
[//]: # (Please update EE::GitLab::GeoGitAccess::GEO_SERVER_DOCS_URL if this file is moved)
# Using a Geo Server # Using a Geo Server
After you set up the [database replication and configure the GitLab Geo nodes][req], After you set up the [database replication and configure the GitLab Geo nodes][req],
......
module EE
module Gitlab
module GeoGitAccess
include ::Gitlab::ConfigHelper
include ::EE::GitlabRoutingHelper
GEO_SERVER_DOCS_URL = 'https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html'.freeze
protected
def project_or_wiki
@project
end
private
def push_to_read_only_message
message = super
if ::Gitlab::Geo.secondary_with_primary?
message += " Please use the Primary node URL: #{geo_primary_url_to_repo}. Documentation: #{GEO_SERVER_DOCS_URL}"
end
message
end
def geo_primary_url_to_repo
case protocol
when 'ssh'
geo_primary_ssh_url_to_repo(project_or_wiki)
else
geo_primary_http_url_to_repo(project_or_wiki)
end
end
end
end
end
module EE module EE
module Gitlab module Gitlab
module GitAccess module GitAccess
prepend GeoGitAccess
def check(cmd, changes) def check(cmd, changes)
raise NotImplementedError.new unless defined?(super) raise NotImplementedError.new unless defined?(super)
......
module EE
module Gitlab
module GitAccessWiki
include GeoGitAccess
private
def project_or_wiki
@project.wiki
end
end
end
end
...@@ -171,7 +171,7 @@ module Gitlab ...@@ -171,7 +171,7 @@ module Gitlab
end end
if Gitlab::Database.read_only? if Gitlab::Database.read_only?
raise UnauthorizedError, ERROR_MESSAGES[:cannot_push_to_read_only] raise UnauthorizedError, push_to_read_only_message
end end
if deploy_key if deploy_key
...@@ -304,5 +304,9 @@ module Gitlab ...@@ -304,5 +304,9 @@ module Gitlab
UserAccess.new(user, project: project) UserAccess.new(user, project: project)
end end
end end
def push_to_read_only_message
ERROR_MESSAGES[:cannot_push_to_read_only]
end
end end
end end
module Gitlab module Gitlab
class GitAccessWiki < GitAccess class GitAccessWiki < GitAccess
prepend EE::Gitlab::GitAccessWiki
ERROR_MESSAGES = { ERROR_MESSAGES = {
read_only: "You can't push code to a read-only GitLab instance.", read_only: "You can't push code to a read-only GitLab instance.",
write_to_wiki: "You are not allowed to write to this project's wiki." write_to_wiki: "You are not allowed to write to this project's wiki."
...@@ -19,10 +21,14 @@ module Gitlab ...@@ -19,10 +21,14 @@ module Gitlab
end end
if Gitlab::Database.read_only? if Gitlab::Database.read_only?
raise UnauthorizedError, ERROR_MESSAGES[:read_only] raise UnauthorizedError, push_to_read_only_message
end end
true true
end end
def push_to_read_only_message
ERROR_MESSAGES[:read_only]
end
end end
end end
require 'spec_helper'
describe Gitlab::GitAccess do
set(:user) { create(:user) }
let(:actor) { user }
let(:project) { create(:project, :repository) }
let(:protocol) { 'web' }
let(:authentication_abilities) { %i[read_project download_code push_code] }
let(:redirected_path) { nil }
let(:access) { described_class.new(actor, project, protocol, authentication_abilities: authentication_abilities, redirected_path: redirected_path) }
subject { access.check('git-receive-pack', '_any') }
context "when in a read-only GitLab instance" do
before do
create(:protected_branch, name: 'feature', project: project)
allow(Gitlab::Database).to receive(:read_only?) { true }
end
it 'denies push access' do
project.add_master(user)
expect { subject }.to raise_unauthorized("You can't push code to a read-only GitLab instance.")
end
it 'denies push access with primary present' do
error_message = "You can't push code to a read-only GitLab instance. "\
"Please use the Primary node URL: https://localhost:3000/gitlab/#{project.full_path}.git. Documentation: https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html"
primary_node = create(:geo_node, :primary, url: 'https://localhost:3000/gitlab')
allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)
allow(Gitlab::Geo).to receive(:secondary_with_primary?).and_return(true)
project.add_master(user)
expect { subject }.to raise_unauthorized(error_message)
end
end
private
def raise_unauthorized(message)
raise_error(Gitlab::GitAccess::UnauthorizedError, message)
end
end
require 'spec_helper'
describe Gitlab::GitAccessWiki do
let(:access) { described_class.new(user, project, 'web', authentication_abilities: authentication_abilities, redirected_path: redirected_path) }
let(:project) { create(:project, :repository) }
let(:user) { create(:user) }
let(:changes) { ['6f6d7e7ed 570e7b2ab refs/heads/master'] }
let(:redirected_path) { nil }
let(:authentication_abilities) do
[
:read_project,
:download_code,
:push_code
]
end
subject { access.check('git-receive-pack', changes) }
context "when in a read-only GitLab instance" do
before do
create(:protected_branch, name: 'feature', project: project)
allow(Gitlab::Database).to receive(:read_only?) { true }
end
it 'denies push access' do
project.add_master(user)
expect { subject }.to raise_unauthorized("You can't push code to a read-only GitLab instance.")
end
it 'denies push access with primary present' do
error_message = "You can't push code to a read-only GitLab instance. Please use the Primary node URL: "\
"https://localhost:3000/gitlab/#{project.full_path}.wiki.git. Documentation: https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html"
primary_node = create(:geo_node, :primary, url: 'https://localhost:3000/gitlab')
allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)
allow(Gitlab::Geo).to receive(:secondary_with_primary?).and_return(true)
project.add_master(user)
expect { subject }.to raise_unauthorized(error_message)
end
end
private
def raise_unauthorized(message)
raise_error(Gitlab::GitAccess::UnauthorizedError, message)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment