Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8c508037
Commit
8c508037
authored
May 13, 2016
by
James Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
updated controllers with permissions check
parent
5355589c
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
19 additions
and
69 deletions
+19
-69
app/controllers/import/gitlab_project_controller.rb
app/controllers/import/gitlab_project_controller.rb
+0
-45
app/controllers/import/gitlab_projects_controller.rb
app/controllers/import/gitlab_projects_controller.rb
+18
-23
app/controllers/projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
No files found.
app/controllers/import/gitlab_project_controller.rb
deleted
100644 → 0
View file @
5355589c
class
Import::GitlabProjectController
<
Import
::
BaseController
before_action
:verify_gitlab_project_import_enabled
before_action
:gitlab_project_auth
,
except: :callback
rescue_from
OAuth
::
Error
,
with: :gitlab_project_unauthorized
#TODO permissions stuff
def
callback
redirect_to
status_import_gitlab_project_url
end
def
status
@repos
=
client
.
projects
@incompatible_repos
=
client
.
incompatible_projects
@already_added_projects
=
current_user
.
created_projects
.
where
(
import_type:
"gitlab_project"
)
already_added_projects_names
=
@already_added_projects
.
pluck
(
:import_source
)
@repos
.
to_a
.
reject!
{
|
repo
|
already_added_projects_names
.
include?
"
#{
repo
[
"owner"
]
}
/
#{
repo
[
"slug"
]
}
"
}
end
def
jobs
jobs
=
current_user
.
created_projects
.
where
(
import_type:
"gitlab_project"
).
to_json
(
only:
[
:id
,
:import_status
])
render
json:
jobs
end
def
create
@file
=
params
[
:file
]
repo_owner
=
current_user
.
username
@target_namespace
=
params
[
:new_namespace
].
presence
||
repo_owner
# namespace = get_or_create_namespace || (render and return)
@project
=
Gitlab
::
ImportExport
::
ImportService
.
execute
(
archive_file:
file
,
owner:
repo_owner
)
end
private
def
verify_gitlab_project_import_enabled
render_404
unless
gitlab_project_import_enabled?
end
end
app/controllers/import/gitlab_projects_controller.rb
View file @
8c508037
class
Import::GitlabProjectsController
<
Import
::
BaseController
class
Import::GitlabProjectsController
<
Import
::
BaseController
before_action
:verify_gitlab_project_import_enabled
before_action
:verify_gitlab_project_import_enabled
#before_action :gitlab_project_auth, except: :callback
before_action
:verify_project_and_namespace_access
rescue_from
OAuth
::
Error
,
with: :gitlab_project_unauthorized
rescue_from
OAuth
::
Error
,
with: :gitlab_project_unauthorized
#TODO permissions stuff
def
new
def
new
@namespace_id
=
project_params
[
:namespace_id
]
@namespace_id
=
project_params
[
:namespace_id
]
@path
=
project_params
[
:path
]
@path
=
project_params
[
:path
]
end
end
def
status
def
create
@project
=
Project
.
create_from_import_job
(
current_user_id:
current_user
.
id
,
end
tmp_file:
File
.
expand_path
(
params
[
:file
].
path
),
namespace_id:
project_params
[
:namespace_id
],
project_path:
project_params
[
:path
])
def
jobs
redirect_to
dashboard_projects_path
jobs
=
current_user
.
created_projects
.
where
(
import_type:
"gitlab_project"
).
to_json
(
only:
[
:id
,
:import_status
])
render
json:
jobs
end
end
def
create
private
# TODO verify access to namespace and path
file
=
params
[
:file
]
namespace_id
=
project_params
[
:namespace_id
]
path
=
project_params
[
:path
]
repo_owner
=
current_user
.
username
@target_namespace
=
params
[
:new_namespace
].
presence
||
repo_owner
@project
=
Project
.
create_from_import_job
(
current_user_id:
current_user
.
id
,
def
verify_project_and_namespace_access
tmp_file:
File
.
expand_path
(
file
.
path
),
unless
namespace_access?
&&
project_access?
namespace_id:
namespace_id
,
render_403
project_path:
path
)
end
end
redirect_to
status_import_gitlab_project_path
def
project_access?
can?
(
current_user
,
:admin_project
,
@project
)
end
end
private
def
namespace_access?
current_user
.
can?
(
:create_projects
,
Namespace
.
find
(
project_params
[
:namespace_id
]))
end
def
verify_gitlab_project_import_enabled
def
verify_gitlab_project_import_enabled
render_404
unless
gitlab_project_import_enabled?
render_404
unless
gitlab_project_import_enabled?
...
...
app/controllers/projects_controller.rb
View file @
8c508037
...
@@ -7,7 +7,7 @@ class ProjectsController < Projects::ApplicationController
...
@@ -7,7 +7,7 @@ class ProjectsController < Projects::ApplicationController
before_action
:assign_ref_vars
,
:tree
,
only:
[
:show
],
if: :repo_exists?
before_action
:assign_ref_vars
,
:tree
,
only:
[
:show
],
if: :repo_exists?
# Authorize
# Authorize
before_action
:authorize_admin_project!
,
only:
[
:edit
,
:update
,
:housekeeping
]
before_action
:authorize_admin_project!
,
only:
[
:edit
,
:update
,
:housekeeping
,
:download_export
,
:export
]
before_action
:event_filter
,
only:
[
:show
,
:activity
]
before_action
:event_filter
,
only:
[
:show
,
:activity
]
layout
:determine_layout
layout
:determine_layout
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment