Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4b9543bd
Commit
4b9543bd
authored
Sep 05, 2017
by
Oswaldo Ferreira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add EEP license checks
parent
b5af4fb1
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
116 additions
and
25 deletions
+116
-25
app/models/license.rb
app/models/license.rb
+3
-0
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+10
-0
lib/api/entities.rb
lib/api/entities.rb
+2
-2
lib/api/v3/github_repos.rb
lib/api/v3/github_repos.rb
+11
-4
spec/requests/api/v3/github_repos_spec.rb
spec/requests/api/v3/github_repos_spec.rb
+90
-19
No files found.
app/models/license.rb
View file @
4b9543bd
...
@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
...
@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
ISSUE_BOARD_MILESTONE_FEATURE
=
'GitLab_IssueBoardMilestone'
.
freeze
ISSUE_BOARD_MILESTONE_FEATURE
=
'GitLab_IssueBoardMilestone'
.
freeze
ISSUE_WEIGHTS_FEATURE
=
'GitLab_IssueWeights'
.
freeze
ISSUE_WEIGHTS_FEATURE
=
'GitLab_IssueWeights'
.
freeze
JENKINS_INTEGRATION_FEATURE
=
'GitLab_JenkinsIntegration'
.
freeze
JENKINS_INTEGRATION_FEATURE
=
'GitLab_JenkinsIntegration'
.
freeze
JIRA_DEV_PANEL_INTEGRATION_FEATURE
=
'GitLab_JiraDevelopmentPanelIntegration'
.
freeze
LDAP_EXTRAS_FEATURE
=
'GitLab_LdapExtras'
.
freeze
LDAP_EXTRAS_FEATURE
=
'GitLab_LdapExtras'
.
freeze
MERGE_REQUEST_APPROVERS_FEATURE
=
'GitLab_MergeRequestApprovers'
.
freeze
MERGE_REQUEST_APPROVERS_FEATURE
=
'GitLab_MergeRequestApprovers'
.
freeze
MERGE_REQUEST_REBASE_FEATURE
=
'GitLab_MergeRequestRebase'
.
freeze
MERGE_REQUEST_REBASE_FEATURE
=
'GitLab_MergeRequestRebase'
.
freeze
...
@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
...
@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
issue_board_milestone:
ISSUE_BOARD_MILESTONE_FEATURE
,
issue_board_milestone:
ISSUE_BOARD_MILESTONE_FEATURE
,
issue_weights:
ISSUE_WEIGHTS_FEATURE
,
issue_weights:
ISSUE_WEIGHTS_FEATURE
,
jenkins_integration:
JENKINS_INTEGRATION_FEATURE
,
jenkins_integration:
JENKINS_INTEGRATION_FEATURE
,
jira_dev_panel_integration:
JIRA_DEV_PANEL_INTEGRATION_FEATURE
,
merge_request_approvers:
MERGE_REQUEST_APPROVERS_FEATURE
,
merge_request_approvers:
MERGE_REQUEST_APPROVERS_FEATURE
,
merge_request_rebase:
MERGE_REQUEST_REBASE_FEATURE
,
merge_request_rebase:
MERGE_REQUEST_REBASE_FEATURE
,
merge_request_squash:
MERGE_REQUEST_SQUASH_FEATURE
,
merge_request_squash:
MERGE_REQUEST_SQUASH_FEATURE
,
...
@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
...
@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
{
FILE_LOCKS_FEATURE
=>
1
},
{
FILE_LOCKS_FEATURE
=>
1
},
{
GEO_FEATURE
=>
1
},
{
GEO_FEATURE
=>
1
},
{
OBJECT_STORAGE_FEATURE
=>
1
},
{
OBJECT_STORAGE_FEATURE
=>
1
},
{
JIRA_DEV_PANEL_INTEGRATION_FEATURE
=>
1
},
{
SERVICE_DESK_FEATURE
=>
1
},
{
SERVICE_DESK_FEATURE
=>
1
},
{
VARIABLE_ENVIRONMENT_SCOPE_FEATURE
=>
1
}
{
VARIABLE_ENVIRONMENT_SCOPE_FEATURE
=>
1
}
].
freeze
].
freeze
...
...
ee/app/policies/ee/project_policy.rb
View file @
4b9543bd
...
@@ -12,6 +12,11 @@ module EE
...
@@ -12,6 +12,11 @@ module EE
with_scope
:subject
with_scope
:subject
condition
(
:deploy_board_disabled
)
{
!
@subject
.
feature_available?
(
:deploy_board
)
}
condition
(
:deploy_board_disabled
)
{
!
@subject
.
feature_available?
(
:deploy_board
)
}
with_scope
:subject
condition
(
:jira_dev_panel_integration_disabled
)
do
!
@subject
.
feature_available?
(
:jira_dev_panel_integration
)
end
with_scope
:global
with_scope
:global
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
...
@@ -34,12 +39,17 @@ module EE
...
@@ -34,12 +39,17 @@ module EE
prevent
:admin_issue_link
prevent
:admin_issue_link
end
end
rule
{
jira_dev_panel_integration_disabled
}.
policy
do
prevent
:integrate_to_jira_dev_panel
end
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:reporter_access
)
}.
policy
do
rule
{
can?
(
:reporter_access
)
}.
policy
do
enable
:admin_board
enable
:admin_board
enable
:read_deploy_board
enable
:read_deploy_board
enable
:admin_issue_link
enable
:admin_issue_link
enable
:integrate_to_jira_dev_panel
end
end
rule
{
can?
(
:developer_access
)
}.
enable
:admin_board
rule
{
can?
(
:developer_access
)
}.
enable
:admin_board
...
...
lib/api/entities.rb
View file @
4b9543bd
...
@@ -1113,13 +1113,13 @@ module API
...
@@ -1113,13 +1113,13 @@ module API
expose
:id
,
as: :sha
expose
:id
,
as: :sha
expose
:author
do
|
commit
|
expose
:author
do
|
commit
|
{
{
login:
commit
.
author
.
username
,
login:
commit
.
author
&
.
username
,
email:
commit
.
author_email
email:
commit
.
author_email
}
}
end
end
expose
:committer
do
|
commit
|
expose
:committer
do
|
commit
|
{
{
login:
commit
.
author
.
username
,
login:
commit
.
author
&
.
username
,
email:
commit
.
committer_email
email:
commit
.
committer_email
}
}
end
end
...
...
lib/api/v3/github_repos.rb
View file @
4b9543bd
...
@@ -8,6 +8,12 @@ module API
...
@@ -8,6 +8,12 @@ module API
requires
:namespace
,
type:
String
requires
:namespace
,
type:
String
requires
:project
,
type:
String
requires
:project
,
type:
String
end
end
def
find_project_with_access
(
full_path
,
access_level
=
:integrate_to_jira_dev_panel
)
project
=
find_project!
(
full_path
)
authorize!
access_level
,
project
project
end
end
end
resource
:orgs
do
resource
:orgs
do
...
@@ -24,8 +30,9 @@ module API
...
@@ -24,8 +30,9 @@ module API
resource
:users
do
resource
:users
do
get
':namespace/repos'
do
get
':namespace/repos'
do
present
paginate
(
current_user
.
authorized_projects
),
projects
=
current_user
.
authorized_projects
.
select
{
|
project
|
can?
(
current_user
,
:integrate_to_jira_dev_panel
,
project
)
}
with:
::
API
::
Entities
::
Github
::
Repository
projects
=
::
Kaminari
.
paginate_array
(
projects
)
present
paginate
(
projects
),
with:
::
API
::
Entities
::
Github
::
Repository
end
end
end
end
...
@@ -40,7 +47,7 @@ module API
...
@@ -40,7 +47,7 @@ module API
get
':namespace/:project/branches'
do
get
':namespace/:project/branches'
do
namespace
=
params
[
:namespace
]
namespace
=
params
[
:namespace
]
project
=
params
[
:project
]
project
=
params
[
:project
]
user_project
=
find_project
!
(
"
#{
namespace
}
/
#{
project
}
"
)
user_project
=
find_project
_with_access
(
"
#{
namespace
}
/
#{
project
}
"
)
branches
=
::
Kaminari
.
paginate_array
(
user_project
.
repository
.
branches
.
sort_by
(
&
:name
))
branches
=
::
Kaminari
.
paginate_array
(
user_project
.
repository
.
branches
.
sort_by
(
&
:name
))
...
@@ -55,7 +62,7 @@ module API
...
@@ -55,7 +62,7 @@ module API
get
':namespace/:project/commits/:sha'
do
get
':namespace/:project/commits/:sha'
do
namespace
=
params
[
:namespace
]
namespace
=
params
[
:namespace
]
project
=
params
[
:project
]
project
=
params
[
:project
]
user_project
=
find_project
!
(
"
#{
namespace
}
/
#{
project
}
"
)
user_project
=
find_project
_with_access
(
"
#{
namespace
}
/
#{
project
}
"
)
commit
=
user_project
.
commit
(
params
[
:sha
])
commit
=
user_project
.
commit
(
params
[
:sha
])
...
...
spec/requests/api/v3/github_repos_spec.rb
View file @
4b9543bd
...
@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
...
@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
describe
'GET /user/repos'
do
describe
'GET /user/repos'
do
it
'returns an empty array'
do
it
'returns an empty array'
do
get
v3_api
(
"/user/repos"
,
user
)
get
v3_api
(
'/user/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
eq
([])
expect
(
json_response
).
to
eq
([])
...
@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
...
@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
describe
'GET /-/jira/pulls'
do
describe
'GET /-/jira/pulls'
do
it
'returns an empty array'
do
it
'returns an empty array'
do
get
v3_api
(
"/repos/-/jira/pulls"
,
user
)
get
v3_api
(
'/repos/-/jira/pulls'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
eq
([])
expect
(
json_response
).
to
eq
([])
...
@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
...
@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
describe
'GET /users/:id/repos'
do
describe
'GET /users/:id/repos'
do
context
'authenticated'
do
context
'authenticated'
do
it
'returns an array of projects with github format'
do
it
'returns an array of projects with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
group
=
create
(
:group
)
group
=
create
(
:group
)
create
(
:project
,
group:
group
)
create
(
:project
,
group:
group
)
group
.
add_master
(
user
)
group
.
add_master
(
user
)
get
v3_api
(
"/users/whatever/repos"
,
user
)
get
v3_api
(
'/users/foo/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
be_an
(
Array
)
expect
(
json_response
).
to
be_an
(
Array
)
...
@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do
...
@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do
context
'unauthenticated'
do
context
'unauthenticated'
do
it
'returns 401'
do
it
'returns 401'
do
get
v3_api
(
"/users/
whatever
/repos"
,
nil
)
get
v3_api
(
"/users/
foo
/repos"
,
nil
)
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
it
'filters unlicensed namespace projects'
do
silver_plan
=
Plan
.
find_by!
(
name:
'silver'
)
licensed_project
=
create
(
:project
,
:empty_repo
)
licensed_project
.
add_reporter
(
user
)
licensed_project
.
namespace
.
update!
(
plan_id:
silver_plan
.
id
)
stub_licensed_features
(
jira_dev_panel_integration:
true
)
stub_application_setting_on_object
(
project
,
should_check_namespace_plan:
true
)
stub_application_setting_on_object
(
licensed_project
,
should_check_namespace_plan:
true
)
get
v3_api
(
'/users/foo/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
size
).
to
eq
(
1
)
expect
(
json_response
.
first
[
'id'
]).
to
eq
(
licensed_project
.
id
)
end
end
end
describe
'GET /repos/:namespace/:
repo
/branches'
do
describe
'GET /repos/:namespace/:
project
/branches'
do
context
'authenticated'
do
context
'authenticated'
do
context
'when user namespace path
'
do
it
'returns an array of project branches with github format
'
do
it
'returns an array of project branches with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
be_an
(
Array
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
first
.
keys
).
to
contain_exactly
(
'name'
,
'commit'
)
expect
(
json_response
).
to
be_an
(
Array
)
expect
(
json_response
.
first
[
'commit'
].
keys
).
to
contain_exactly
(
'sha'
,
'type
'
)
expect
(
json_response
.
first
.
keys
).
to
contain_exactly
(
'name'
,
'commit
'
)
e
nd
e
xpect
(
json_response
.
first
[
'commit'
].
keys
).
to
contain_exactly
(
'sha'
,
'type'
)
end
end
end
end
context
'unauthenticated'
do
context
'unauthenticated'
do
before
do
end
it
'returns 401'
do
it
'returns 401'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
nil
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
nil
)
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
context
'unauthorized'
do
it
'returns 403 when lower access level'
do
unauthorized_user
=
create
(
:user
)
project
.
add_guest
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
it
'returns 403 when not licensed'
do
stub_licensed_features
(
jira_dev_panel_integration:
false
)
unauthorized_user
=
create
(
:user
)
project
.
add_reporter
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
describe
'GET /repos/:namespace/:
repo
/commits/:sha'
do
describe
'GET /repos/:namespace/:
project
/commits/:sha'
do
let
(
:commit
)
{
project
.
repository
.
commit
}
let
(
:commit
)
{
project
.
repository
.
commit
}
let
(
:commit_id
)
{
commit
.
id
}
let
(
:commit_id
)
{
commit
.
id
}
context
'authenticated'
do
context
'authenticated'
do
it
'returns commit with expected format'
do
it
'returns commit with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
user
)
commit_author
=
{
commit_author
=
{
'name'
=>
commit
.
author_name
,
'name'
=>
commit
.
author_name
,
'email'
=>
commit
.
author_email
,
'email'
=>
commit
.
author_email
,
'date'
=>
commit
.
authored_date
.
iso8601
(
3
)
'date'
=>
commit
.
authored_date
.
iso8601
,
'type'
=>
'User'
}
}
commit_committer
=
{
commit_committer
=
{
'name'
=>
commit
.
committer_name
,
'name'
=>
commit
.
committer_name
,
'email'
=>
commit
.
committer_email
,
'email'
=>
commit
.
committer_email
,
'date'
=>
commit
.
committed_date
.
iso8601
(
3
)
'date'
=>
commit
.
committed_date
.
iso8601
,
'type'
=>
'User'
}
}
parent_commits
=
commit
.
parent_ids
.
map
{
|
id
|
{
'sha'
=>
id
}
}
parent_commits
=
commit
.
parent_ids
.
map
{
|
id
|
{
'sha'
=>
id
}
}
...
@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
...
@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
context
'unauthorized'
do
it
'returns 403 when lower access level'
do
unauthorized_user
=
create
(
:user
)
project
.
add_guest
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
it
'returns 403 when not licensed'
do
stub_licensed_features
(
jira_dev_panel_integration:
false
)
unauthorized_user
=
create
(
:user
)
project
.
add_reporter
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment