Move EE code out of API::Helpers

All this code has been moved to EE::API::Helpers.

Move EE code out of API::Helpers
All this code has been moved to EE::API::Helpers.
3ab6df23 · Yorick Peterse · 022f4c20 · 3ab6df23 · 3ab6df23
Commit 3ab6df23 authored Feb 21, 2019 by Yorick Peterse
Hide whitespace changes
Inline Side-by-side

Showing with 71 additions and 44 deletions

ee/lib/ee/api/helpers.rb ee/lib/ee/api/helpers.rb +64 -0

lib/api/helpers.rb lib/api/helpers.rb +7 -44

No files found.
--- a/ee/lib/ee/api/helpers.rb
+++ b/ee/lib/ee/api/helpers.rb
@@ -66,6 +66,70 @@ module EE
            ::Gitlab::CurrentSettings.current_application_settings
              .allow_group_owners_to_manage_ldap
      end
+      override :find_project!
+      def find_project!(id)
+        project = find_project(id)
+        # CI job token authentication:
+        # this method grants limited privileged for admin users
+        # admin users can only access project if they are direct member
+        ability = job_token_authentication? ? :build_read_project : :read_project
+        if can?(current_user, ability, project)
+          project
+        else
+          not_found!('Project')
+        end
+      end
+      override :find_group!
+      def find_group!(id)
+        # CI job token authentication:
+        # currently we do not allow any group access for CI job token
+        if job_token_authentication?
+          not_found!('Group')
+        else
+          super
+        end
+      end
+      override :find_project_issue
+      # rubocop: disable CodeReuse/ActiveRecord
+      def find_project_issue(iid, project_id = nil)
+        project = project_id ? find_project!(project_id) : user_project
+        ::IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+      private
+      def private_token
+        params[::APIGuard::PRIVATE_TOKEN_PARAM] || env[::APIGuard::PRIVATE_TOKEN_HEADER]
+      end
+      def job_token_authentication?
+        initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      end
+      def warden
+        env['warden']
+      end
+      # Check if the request is GET/HEAD, or if CSRF token is valid.
+      def verified_request?
+        ::Gitlab::RequestForgeryProtection.verified?(env)
+      end
+      # Check the Rails session for valid authentication details
+      def find_user_from_warden
+        warden.try(:authenticate) if verified_request?
+      end
+      def geo_token
+        ::Gitlab::Geo.current_node.system_hook.token
+      end
    end
  end
 end
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -2,10 +2,7 @@
 module API
  module Helpers
-    prepend EE::API::Helpers # rubocop: disable Cop/InjectEnterpriseEditionModule
    include Gitlab::Utils
-    include Gitlab::Utils::StrongMemoize
    include Helpers::Pagination
    SUDO_HEADER = "HTTP_SUDO".freeze
@@ -118,12 +115,7 @@ module API
    def find_project!(id)
      project = find_project(id)
-      # CI job token authentication:
+      if can?(current_user, :read_project, project)
-      # this method grants limited privileged for admin users
-      # admin users can only access project if they are direct member
-      ability = job_token_authentication? ? :build_read_project : :read_project
-      if can?(current_user, ability, project)
        project
      else
        not_found!('Project')
@@ -141,10 +133,6 @@ module API
    # rubocop: enable CodeReuse/ActiveRecord
    def find_group!(id)
-      # CI job token authentication:
-      # currently we do not allow any group access for CI job token
-      not_found!('Group') if job_token_authentication?
      group = find_group(id)
      if can?(current_user, :read_group, group)
@@ -183,9 +171,8 @@ module API
    end
    # rubocop: disable CodeReuse/ActiveRecord
-    def find_project_issue(iid, project_id = nil)
+    def find_project_issue(iid)
-      project = project_id ? find_project!(project_id) : user_project
+      IssuesFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid)
-      IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
    end
    # rubocop: enable CodeReuse/ActiveRecord
@@ -468,34 +455,12 @@ module API
    private
-    def private_token
-      params[APIGuard::PRIVATE_TOKEN_PARAM] || env[APIGuard::PRIVATE_TOKEN_HEADER]
-    end
-    def job_token_authentication?
-      initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
-    end
-    def warden
-      env['warden']
-    end
-    # Check if the request is GET/HEAD, or if CSRF token is valid.
-    def verified_request?
-      Gitlab::RequestForgeryProtection.verified?(env)
-    end
-    # Check the Rails session for valid authentication details
-    def find_user_from_warden
-      warden.try(:authenticate) if verified_request?
-    end
    # rubocop:disable Gitlab/ModuleWithInstanceVariables
    def initial_current_user
-      return @initial_current_user if defined?(@initial_current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      return @initial_current_user if defined?(@initial_current_user)
      begin
-        @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } # rubocop:disable Gitlab/ModuleWithInstanceVariables
+        @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! }
      rescue Gitlab::Auth::UnauthorizedError
        unauthorized!
      end
@@ -531,10 +496,6 @@ module API
      Gitlab::Shell.secret_token
    end
-    def geo_token
-      Gitlab::Geo.current_node.system_hook.token
-    end
    def send_git_blob(repository, blob)
      env['api.format'] = :txt
      content_type 'text/plain'
@@ -577,3 +538,5 @@ module API
    end
  end
 end
+API::Helpers.prepend(EE::API::Helpers)