Adds option to push over HTTP to create a new project

921d2afc · Tiago Botelho · b9d547b1 · 921d2afc · 921d2afc
Commit 921d2afc authored Jan 18, 2018 by Tiago Botelho
Show whitespace changes
Inline Side-by-side

Showing with 44 additions and 6 deletions

app/controllers/projects/git_http_controller.rb app/controllers/projects/git_http_controller.rb +20 -1

lib/gitlab/git_access.rb lib/gitlab/git_access.rb +24 -5

No files found.
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -11,6 +11,12 @@ class Projects::GitHttpController < Projects::GitHttpClientController
  def info_refs
    log_user_activity if upload_pack?

+    if project.blank? && params[:service] == 'git-receive-pack'
+      @project = ::Projects::CreateService.new(access_actor, project_params).execute
+
+      return render_ok if @project.saved?
+    end
+
    render_ok
  end

@@ -26,6 +32,15 @@ class Projects::GitHttpController < Projects::GitHttpClientController

  private

+  def project_params
+    {
+        description: "",
+        path: params[:project_id].gsub("\.git", ''),
+        namespace_id: namespace.id.to_s,
+        visibility_level: Gitlab::VisibilityLevel::PRIVATE.to_s
+    }
+  end
+
  def download_request?
    upload_pack?
  end
@@ -56,7 +71,11 @@ class Projects::GitHttpController < Projects::GitHttpClientController
  end

  def access
-    @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, redirected_path: redirected_path)
+    @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, redirected_path: redirected_path, target_namespace: namespace)
+  end
+
+  def namespace
+    @namespace = Namespace.find_by_path_or_name(params[:namespace_id])
  end

  def access_actor

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -18,21 +18,23 @@ module Gitlab
      upload_pack_disabled_over_http: 'Pulling over HTTP is not allowed.',
      receive_pack_disabled_over_http: 'Pushing over HTTP is not allowed.',
      read_only: 'The repository is temporarily read-only. Please try again later.',
-      cannot_push_to_read_only: "You can't push code to a read-only GitLab instance."
+      cannot_push_to_read_only: "You can't push code to a read-only GitLab instance.",
+      create: "Creating a repository to that namespace is not allowed."
    }.freeze

    DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }.freeze
    PUSH_COMMANDS = %w{ git-receive-pack }.freeze
    ALL_COMMANDS = DOWNLOAD_COMMANDS + PUSH_COMMANDS

-    attr_reader :actor, :project, :protocol, :authentication_abilities, :redirected_path
+    attr_reader :actor, :project, :protocol, :authentication_abilities, :redirected_path, :target_namespace

-    def initialize(actor, project, protocol, authentication_abilities:, redirected_path: nil)
+    def initialize(actor, project, protocol, authentication_abilities:, redirected_path: nil, target_namespace: nil)
      @actor    = actor
      @project  = project
      @protocol = protocol
      @redirected_path = redirected_path
      @authentication_abilities = authentication_abilities
+      @target_namespace = target_namespace
    end

    def check(cmd, changes)
@@ -44,6 +46,7 @@ module Gitlab
      check_command_disabled!(cmd)
      check_command_existence!(cmd)
      check_repository_existence!
+      check_repository_creation!

      case cmd
      when *DOWNLOAD_COMMANDS
@@ -96,7 +99,7 @@ module Gitlab
    end

    def check_project_accessibility!
-      if project.blank? || !can_read_project?
+      if (project.blank? || !can_read_project?) && !can_create_project_in_namespace?
        raise NotFoundError, ERROR_MESSAGES[:project_not_found]
      end
    end
@@ -140,11 +143,19 @@ module Gitlab
    end

    def check_repository_existence!
-      unless project.repository.exists?
+      if (project.blank? || !project.repository.exists?) && !can_create_project_in_namespace?
        raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
      end
    end

+    def check_repository_creation!
+      return unless target_namespace
+
+      unless can_create_project_in_namespace?
+        raise UnauthorizedError, ERROR_MESSAGES[:create]
+      end
+    end
+
    def check_download_access!
      return if deploy_key?

@@ -158,6 +169,8 @@ module Gitlab
    end

    def check_push_access!(changes)
+      return if can_create_project_in_namespace?
+
      if project.repository_read_only?
        raise UnauthorizedError, ERROR_MESSAGES[:read_only]
      end
@@ -234,6 +247,12 @@ module Gitlab
      end || Guest.can?(:read_project, project)
    end

+    def can_create_project_in_namespace?
+      return unless target_namespace
+
+      actor.can?(:create_projects, target_namespace)
+    end
+
    def http?
      protocol == 'http'
    end