Refactor git http controller to stop referencing auth::result.actor directly

32a265c3 · Gosia Ksionek · Imre Farkas · fc0cfaa0 · 32a265c3 · 32a265c3
Commit 32a265c3 authored Aug 18, 2021 by Gosia Ksionek Committed by Imre Farkas Aug 18, 2021
4 changed files
--- a/app/controllers/concerns/lfs_request.rb
+++ b/app/controllers/concerns/lfs_request.rb
@@ -4,6 +4,7 @@
 # - a `#container` accessor
 # - a `#project` accessor
 # - a `#user` accessor
+# - a `#deploy_token` accessor
 # - a `#authentication_result` accessor
 # - a `#can?(object, action, subject)` method
 # - a `#ci?` method
@@ -83,26 +84,18 @@ module LfsRequest
  end

  def deploy_token_can_download_code?
-    deploy_token_present? &&
+    deploy_token.present? &&
      deploy_token.project == project &&
      deploy_token.active? &&
      deploy_token.read_repository?
  end

-  def deploy_token_present?
-    user && user.is_a?(DeployToken)
-  end
-
-  def deploy_token
-    user
-  end
-
  def lfs_upload_access?
    strong_memoize(:lfs_upload_access) do
      next false unless has_authentication_ability?(:push_code)
      next false if limit_exceeded?

-      lfs_deploy_token? || can?(user, :push_code, project)
+      lfs_deploy_token? || can?(user, :push_code, project) || can?(deploy_token, :push_code, project)
    end
  end

@@ -111,7 +104,7 @@ module LfsRequest
  end

  def user_can_download_code?
-    has_authentication_ability?(:download_code) && can?(user, :download_code, project) && !deploy_token_present?
+    has_authentication_ability?(:download_code) && can?(user, :download_code, project)
  end

  def build_can_download_code?

--- a/app/controllers/repositories/lfs_api_controller.rb
+++ b/app/controllers/repositories/lfs_api_controller.rb
@@ -10,6 +10,10 @@ module Repositories
    skip_before_action :lfs_check_access!, only: [:deprecated]
    before_action :lfs_check_batch_operation!, only: [:batch]

+    # added here as a part of the refactor, will be removed
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/328692
+    delegate :deploy_token, :user, to: :authentication_result, allow_nil: true
+
    def batch
      unless objects.present?
        render_lfs_not_found
@@ -141,7 +145,7 @@ module Repositories
    end

    def lfs_auth_header
-      return unless user.is_a?(User)
+      return unless user

      Gitlab::LfsToken.new(user).basic_encoding
    end

--- a/app/controllers/repositories/lfs_locks_api_controller.rb
+++ b/app/controllers/repositories/lfs_locks_api_controller.rb
@@ -4,6 +4,10 @@ module Repositories
  class LfsLocksApiController < Repositories::GitHttpClientController
    include LfsRequest

+    # added here as a part of the refactor, will be removed
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/328692
+    delegate :deploy_token, :user, to: :authentication_result, allow_nil: true
+
    def create
      @result = Lfs::LockFileService.new(project, user, lfs_params).execute


--- a/app/controllers/repositories/lfs_storage_controller.rb
+++ b/app/controllers/repositories/lfs_storage_controller.rb
@@ -8,6 +8,10 @@ module Repositories

    skip_before_action :verify_workhorse_api!, only: :download

+    # added here as a part of the refactor, will be removed
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/328692
+    delegate :deploy_token, :user, to: :authentication_result, allow_nil: true
+
    def download
      lfs_object = LfsObject.find_by_oid(oid)
      unless lfs_object && lfs_object.file.exists?