Commit 9397ce91 authored by Patricio Cano's avatar Patricio Cano

Correct access control flow for Git HTTP requests.

parent da15471b
......@@ -174,14 +174,20 @@ class Projects::GitHttpController < Projects::ApplicationController
end
end
def access
return @access if defined?(@access)
@access = Gitlab::GitAccess.new(user, project, 'http')
end
def download_access
return @download_access if defined?(@download_access)
@download_access = Gitlab::GitAccess.new(user, project, 'http').check('git-upload-pack')
@download_access = access.check('git-upload-pack')
end
def http_blocked?
download_access.protocol_allowed?
!access.protocol_allowed?
end
def receive_pack_allowed?
......
......@@ -169,6 +169,10 @@ module Gitlab
Gitlab::ForcePushCheck.force_push?(project, oldrev, newrev)
end
def protocol_allowed?
Gitlab::ProtocolAccess.allowed?(protocol)
end
private
def protected_branch_action(oldrev, newrev, branch_name)
......@@ -193,10 +197,6 @@ module Gitlab
Gitlab::UserAccess.allowed?(user)
end
def protocol_allowed?
Gitlab::ProtocolAccess.allowed?(protocol)
end
def branch_name(ref)
ref = ref.to_s
if Gitlab::Git.branch_ref?(ref)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment