Access @project through user_project in the API

This makes sure we're always working with the project that we've validated access for.

Access @project through user_project in the API
This makes sure we're always working with the project that we've validated access for.
c386ab4a · Bob Van Landuyt · 41537027 · c386ab4a · c386ab4a · c386ab4a
Commit c386ab4a authored Nov 27, 2019 by Bob Van Landuyt
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 8 deletions

ee/lib/ee/api/job_artifacts.rb ee/lib/ee/api/job_artifacts.rb +1 -1

lib/api/commit_statuses.rb lib/api/commit_statuses.rb +6 -6

lib/api/projects.rb lib/api/projects.rb +1 -1

No files found.
--- a/ee/lib/ee/api/job_artifacts.rb
+++ b/ee/lib/ee/api/job_artifacts.rb
@@ -13,7 +13,7 @@ module EE
          end

          def check_cross_project_pipelines_feature!
-            if job_token_authentication? && !@project.feature_available?(:cross_project_pipelines)
+            if job_token_authentication? && !user_project.feature_available?(:cross_project_pipelines)
              not_found!('Project')
            end
          end

--- a/lib/api/commit_statuses.rb
+++ b/lib/api/commit_statuses.rb
@@ -71,27 +71,27 @@ module API

        ref = params[:ref]
        ref ||= pipeline&.ref
-        ref ||= @project.repository.branch_names_contains(commit.sha).first
+        ref ||= user_project.repository.branch_names_contains(commit.sha).first
        not_found! 'References for commit' unless ref

        name = params[:name] || params[:context] || 'default'

        unless pipeline
-          pipeline = @project.ci_pipelines.create!(
+          pipeline = user_project.ci_pipelines.create!(
            source: :external,
            sha: commit.sha,
            ref: ref,
            user: current_user,
-            protected: @project.protected_for?(ref))
+            protected: user_project.protected_for?(ref))
        end

        status = GenericCommitStatus.running_or_pending.find_or_initialize_by(
-          project: @project,
+          project: user_project,
          pipeline: pipeline,
          name: name,
          ref: ref,
          user: current_user,
-          protected: @project.protected_for?(ref)
+          protected: user_project.protected_for?(ref)
        )

        optional_attributes =
@@ -117,7 +117,7 @@ module API
            render_api_error!('invalid state', 400)
          end

-          MergeRequest.where(source_project: @project, source_branch: ref)
+          MergeRequest.where(source_project: user_project, source_branch: ref)
            .update_all(head_pipeline_id: pipeline.id) if pipeline.latest?

          present status, with: Entities::CommitStatus

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -355,7 +355,7 @@ module API
      post ':id/unarchive' do
        authorize!(:archive_project, user_project)

-        ::Projects::UpdateService.new(@project, current_user, archived: false).execute
+        ::Projects::UpdateService.new(user_project, current_user, archived: false).execute

        present user_project, with: Entities::Project, current_user: current_user
      end