Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4b9543bd
Commit
4b9543bd
authored
Sep 05, 2017
by
Oswaldo Ferreira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add EEP license checks
parent
b5af4fb1
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
116 additions
and
25 deletions
+116
-25
app/models/license.rb
app/models/license.rb
+3
-0
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+10
-0
lib/api/entities.rb
lib/api/entities.rb
+2
-2
lib/api/v3/github_repos.rb
lib/api/v3/github_repos.rb
+11
-4
spec/requests/api/v3/github_repos_spec.rb
spec/requests/api/v3/github_repos_spec.rb
+90
-19
No files found.
app/models/license.rb
View file @
4b9543bd
...
@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
...
@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
ISSUE_BOARD_MILESTONE_FEATURE
=
'GitLab_IssueBoardMilestone'
.
freeze
ISSUE_BOARD_MILESTONE_FEATURE
=
'GitLab_IssueBoardMilestone'
.
freeze
ISSUE_WEIGHTS_FEATURE
=
'GitLab_IssueWeights'
.
freeze
ISSUE_WEIGHTS_FEATURE
=
'GitLab_IssueWeights'
.
freeze
JENKINS_INTEGRATION_FEATURE
=
'GitLab_JenkinsIntegration'
.
freeze
JENKINS_INTEGRATION_FEATURE
=
'GitLab_JenkinsIntegration'
.
freeze
JIRA_DEV_PANEL_INTEGRATION_FEATURE
=
'GitLab_JiraDevelopmentPanelIntegration'
.
freeze
LDAP_EXTRAS_FEATURE
=
'GitLab_LdapExtras'
.
freeze
LDAP_EXTRAS_FEATURE
=
'GitLab_LdapExtras'
.
freeze
MERGE_REQUEST_APPROVERS_FEATURE
=
'GitLab_MergeRequestApprovers'
.
freeze
MERGE_REQUEST_APPROVERS_FEATURE
=
'GitLab_MergeRequestApprovers'
.
freeze
MERGE_REQUEST_REBASE_FEATURE
=
'GitLab_MergeRequestRebase'
.
freeze
MERGE_REQUEST_REBASE_FEATURE
=
'GitLab_MergeRequestRebase'
.
freeze
...
@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
...
@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
issue_board_milestone:
ISSUE_BOARD_MILESTONE_FEATURE
,
issue_board_milestone:
ISSUE_BOARD_MILESTONE_FEATURE
,
issue_weights:
ISSUE_WEIGHTS_FEATURE
,
issue_weights:
ISSUE_WEIGHTS_FEATURE
,
jenkins_integration:
JENKINS_INTEGRATION_FEATURE
,
jenkins_integration:
JENKINS_INTEGRATION_FEATURE
,
jira_dev_panel_integration:
JIRA_DEV_PANEL_INTEGRATION_FEATURE
,
merge_request_approvers:
MERGE_REQUEST_APPROVERS_FEATURE
,
merge_request_approvers:
MERGE_REQUEST_APPROVERS_FEATURE
,
merge_request_rebase:
MERGE_REQUEST_REBASE_FEATURE
,
merge_request_rebase:
MERGE_REQUEST_REBASE_FEATURE
,
merge_request_squash:
MERGE_REQUEST_SQUASH_FEATURE
,
merge_request_squash:
MERGE_REQUEST_SQUASH_FEATURE
,
...
@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
...
@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
{
FILE_LOCKS_FEATURE
=>
1
},
{
FILE_LOCKS_FEATURE
=>
1
},
{
GEO_FEATURE
=>
1
},
{
GEO_FEATURE
=>
1
},
{
OBJECT_STORAGE_FEATURE
=>
1
},
{
OBJECT_STORAGE_FEATURE
=>
1
},
{
JIRA_DEV_PANEL_INTEGRATION_FEATURE
=>
1
},
{
SERVICE_DESK_FEATURE
=>
1
},
{
SERVICE_DESK_FEATURE
=>
1
},
{
VARIABLE_ENVIRONMENT_SCOPE_FEATURE
=>
1
}
{
VARIABLE_ENVIRONMENT_SCOPE_FEATURE
=>
1
}
].
freeze
].
freeze
...
...
ee/app/policies/ee/project_policy.rb
View file @
4b9543bd
...
@@ -12,6 +12,11 @@ module EE
...
@@ -12,6 +12,11 @@ module EE
with_scope
:subject
with_scope
:subject
condition
(
:deploy_board_disabled
)
{
!
@subject
.
feature_available?
(
:deploy_board
)
}
condition
(
:deploy_board_disabled
)
{
!
@subject
.
feature_available?
(
:deploy_board
)
}
with_scope
:subject
condition
(
:jira_dev_panel_integration_disabled
)
do
!
@subject
.
feature_available?
(
:jira_dev_panel_integration
)
end
with_scope
:global
with_scope
:global
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
...
@@ -34,12 +39,17 @@ module EE
...
@@ -34,12 +39,17 @@ module EE
prevent
:admin_issue_link
prevent
:admin_issue_link
end
end
rule
{
jira_dev_panel_integration_disabled
}.
policy
do
prevent
:integrate_to_jira_dev_panel
end
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:reporter_access
)
}.
policy
do
rule
{
can?
(
:reporter_access
)
}.
policy
do
enable
:admin_board
enable
:admin_board
enable
:read_deploy_board
enable
:read_deploy_board
enable
:admin_issue_link
enable
:admin_issue_link
enable
:integrate_to_jira_dev_panel
end
end
rule
{
can?
(
:developer_access
)
}.
enable
:admin_board
rule
{
can?
(
:developer_access
)
}.
enable
:admin_board
...
...
lib/api/entities.rb
View file @
4b9543bd
...
@@ -1113,13 +1113,13 @@ module API
...
@@ -1113,13 +1113,13 @@ module API
expose
:id
,
as: :sha
expose
:id
,
as: :sha
expose
:author
do
|
commit
|
expose
:author
do
|
commit
|
{
{
login:
commit
.
author
.
username
,
login:
commit
.
author
&
.
username
,
email:
commit
.
author_email
email:
commit
.
author_email
}
}
end
end
expose
:committer
do
|
commit
|
expose
:committer
do
|
commit
|
{
{
login:
commit
.
author
.
username
,
login:
commit
.
author
&
.
username
,
email:
commit
.
committer_email
email:
commit
.
committer_email
}
}
end
end
...
...
lib/api/v3/github_repos.rb
View file @
4b9543bd
...
@@ -8,6 +8,12 @@ module API
...
@@ -8,6 +8,12 @@ module API
requires
:namespace
,
type:
String
requires
:namespace
,
type:
String
requires
:project
,
type:
String
requires
:project
,
type:
String
end
end
def
find_project_with_access
(
full_path
,
access_level
=
:integrate_to_jira_dev_panel
)
project
=
find_project!
(
full_path
)
authorize!
access_level
,
project
project
end
end
end
resource
:orgs
do
resource
:orgs
do
...
@@ -24,8 +30,9 @@ module API
...
@@ -24,8 +30,9 @@ module API
resource
:users
do
resource
:users
do
get
':namespace/repos'
do
get
':namespace/repos'
do
present
paginate
(
current_user
.
authorized_projects
),
projects
=
current_user
.
authorized_projects
.
select
{
|
project
|
can?
(
current_user
,
:integrate_to_jira_dev_panel
,
project
)
}
with:
::
API
::
Entities
::
Github
::
Repository
projects
=
::
Kaminari
.
paginate_array
(
projects
)
present
paginate
(
projects
),
with:
::
API
::
Entities
::
Github
::
Repository
end
end
end
end
...
@@ -40,7 +47,7 @@ module API
...
@@ -40,7 +47,7 @@ module API
get
':namespace/:project/branches'
do
get
':namespace/:project/branches'
do
namespace
=
params
[
:namespace
]
namespace
=
params
[
:namespace
]
project
=
params
[
:project
]
project
=
params
[
:project
]
user_project
=
find_project
!
(
"
#{
namespace
}
/
#{
project
}
"
)
user_project
=
find_project
_with_access
(
"
#{
namespace
}
/
#{
project
}
"
)
branches
=
::
Kaminari
.
paginate_array
(
user_project
.
repository
.
branches
.
sort_by
(
&
:name
))
branches
=
::
Kaminari
.
paginate_array
(
user_project
.
repository
.
branches
.
sort_by
(
&
:name
))
...
@@ -55,7 +62,7 @@ module API
...
@@ -55,7 +62,7 @@ module API
get
':namespace/:project/commits/:sha'
do
get
':namespace/:project/commits/:sha'
do
namespace
=
params
[
:namespace
]
namespace
=
params
[
:namespace
]
project
=
params
[
:project
]
project
=
params
[
:project
]
user_project
=
find_project
!
(
"
#{
namespace
}
/
#{
project
}
"
)
user_project
=
find_project
_with_access
(
"
#{
namespace
}
/
#{
project
}
"
)
commit
=
user_project
.
commit
(
params
[
:sha
])
commit
=
user_project
.
commit
(
params
[
:sha
])
...
...
spec/requests/api/v3/github_repos_spec.rb
View file @
4b9543bd
...
@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
...
@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
describe
'GET /user/repos'
do
describe
'GET /user/repos'
do
it
'returns an empty array'
do
it
'returns an empty array'
do
get
v3_api
(
"/user/repos"
,
user
)
get
v3_api
(
'/user/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
eq
([])
expect
(
json_response
).
to
eq
([])
...
@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
...
@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
describe
'GET /-/jira/pulls'
do
describe
'GET /-/jira/pulls'
do
it
'returns an empty array'
do
it
'returns an empty array'
do
get
v3_api
(
"/repos/-/jira/pulls"
,
user
)
get
v3_api
(
'/repos/-/jira/pulls'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
eq
([])
expect
(
json_response
).
to
eq
([])
...
@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
...
@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
describe
'GET /users/:id/repos'
do
describe
'GET /users/:id/repos'
do
context
'authenticated'
do
context
'authenticated'
do
it
'returns an array of projects with github format'
do
it
'returns an array of projects with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
group
=
create
(
:group
)
group
=
create
(
:group
)
create
(
:project
,
group:
group
)
create
(
:project
,
group:
group
)
group
.
add_master
(
user
)
group
.
add_master
(
user
)
get
v3_api
(
"/users/whatever/repos"
,
user
)
get
v3_api
(
'/users/foo/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
be_an
(
Array
)
expect
(
json_response
).
to
be_an
(
Array
)
...
@@ -60,17 +61,35 @@ describe API::V3::GithubRepos do
...
@@ -60,17 +61,35 @@ describe API::V3::GithubRepos do
context
'unauthenticated'
do
context
'unauthenticated'
do
it
'returns 401'
do
it
'returns 401'
do
get
v3_api
(
"/users/
whatever
/repos"
,
nil
)
get
v3_api
(
"/users/
foo
/repos"
,
nil
)
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
it
'filters unlicensed namespace projects'
do
silver_plan
=
Plan
.
find_by!
(
name:
'silver'
)
licensed_project
=
create
(
:project
,
:empty_repo
)
licensed_project
.
add_reporter
(
user
)
licensed_project
.
namespace
.
update!
(
plan_id:
silver_plan
.
id
)
stub_licensed_features
(
jira_dev_panel_integration:
true
)
stub_application_setting_on_object
(
project
,
should_check_namespace_plan:
true
)
stub_application_setting_on_object
(
licensed_project
,
should_check_namespace_plan:
true
)
get
v3_api
(
'/users/foo/repos'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
size
).
to
eq
(
1
)
expect
(
json_response
.
first
[
'id'
]).
to
eq
(
licensed_project
.
id
)
end
end
end
describe
'GET /repos/:namespace/:
repo
/branches'
do
describe
'GET /repos/:namespace/:
project
/branches'
do
context
'authenticated'
do
context
'authenticated'
do
context
'when user namespace path'
do
it
'returns an array of project branches with github format'
do
it
'returns an array of project branches with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
...
@@ -79,35 +98,64 @@ describe API::V3::GithubRepos do
...
@@ -79,35 +98,64 @@ describe API::V3::GithubRepos do
expect
(
json_response
.
first
[
'commit'
].
keys
).
to
contain_exactly
(
'sha'
,
'type'
)
expect
(
json_response
.
first
[
'commit'
].
keys
).
to
contain_exactly
(
'sha'
,
'type'
)
end
end
end
end
end
context
'unauthenticated'
do
context
'unauthenticated'
do
before
do
end
it
'returns 401'
do
it
'returns 401'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
nil
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
nil
)
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
context
'unauthorized'
do
it
'returns 403 when lower access level'
do
unauthorized_user
=
create
(
:user
)
project
.
add_guest
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
describe
'GET /repos/:namespace/:repo/commits/:sha'
do
it
'returns 403 when not licensed'
do
stub_licensed_features
(
jira_dev_panel_integration:
false
)
unauthorized_user
=
create
(
:user
)
project
.
add_reporter
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/branches"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
describe
'GET /repos/:namespace/:project/commits/:sha'
do
let
(
:commit
)
{
project
.
repository
.
commit
}
let
(
:commit
)
{
project
.
repository
.
commit
}
let
(
:commit_id
)
{
commit
.
id
}
let
(
:commit_id
)
{
commit
.
id
}
context
'authenticated'
do
context
'authenticated'
do
it
'returns commit with expected format'
do
it
'returns commit with github format'
do
stub_licensed_features
(
jira_dev_panel_integration:
true
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
user
)
commit_author
=
{
commit_author
=
{
'name'
=>
commit
.
author_name
,
'name'
=>
commit
.
author_name
,
'email'
=>
commit
.
author_email
,
'email'
=>
commit
.
author_email
,
'date'
=>
commit
.
authored_date
.
iso8601
(
3
)
'date'
=>
commit
.
authored_date
.
iso8601
,
'type'
=>
'User'
}
}
commit_committer
=
{
commit_committer
=
{
'name'
=>
commit
.
committer_name
,
'name'
=>
commit
.
committer_name
,
'email'
=>
commit
.
committer_email
,
'email'
=>
commit
.
committer_email
,
'date'
=>
commit
.
committed_date
.
iso8601
(
3
)
'date'
=>
commit
.
committed_date
.
iso8601
,
'type'
=>
'User'
}
}
parent_commits
=
commit
.
parent_ids
.
map
{
|
id
|
{
'sha'
=>
id
}
}
parent_commits
=
commit
.
parent_ids
.
map
{
|
id
|
{
'sha'
=>
id
}
}
...
@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
...
@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
expect
(
response
).
to
have_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
context
'unauthorized'
do
it
'returns 403 when lower access level'
do
unauthorized_user
=
create
(
:user
)
project
.
add_guest
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
it
'returns 403 when not licensed'
do
stub_licensed_features
(
jira_dev_panel_integration:
false
)
unauthorized_user
=
create
(
:user
)
project
.
add_reporter
(
unauthorized_user
)
get
v3_api
(
"/repos/
#{
project
.
namespace
.
path
}
/
#{
project
.
path
}
/commits/
#{
commit_id
}
"
,
unauthorized_user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment