Commit d2cec126 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

block user should not be able to push

parent 9c2a6e20
...@@ -20,6 +20,9 @@ module Gitlab ...@@ -20,6 +20,9 @@ module Gitlab
project == key.project && git_cmd == 'git-upload-pack' project == key.project && git_cmd == 'git-upload-pack'
else else
user = key.user user = key.user
return false if user.blocked?
action = case git_cmd action = case git_cmd
when 'git-upload-pack' when 'git-upload-pack'
then :download_code then :download_code
......
...@@ -34,13 +34,7 @@ describe Gitlab::API do ...@@ -34,13 +34,7 @@ describe Gitlab::API do
context "git pull" do context "git pull" do
it do it do
get( pull(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'true' response.body.should == 'true'
...@@ -49,13 +43,7 @@ describe Gitlab::API do ...@@ -49,13 +43,7 @@ describe Gitlab::API do
context "git push" do context "git push" do
it do it do
get( push(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'true' response.body.should == 'true'
...@@ -70,13 +58,33 @@ describe Gitlab::API do ...@@ -70,13 +58,33 @@ describe Gitlab::API do
context "git pull" do context "git pull" do
it do it do
get( pull(key, project)
api("/internal/allowed"),
ref: 'master', response.status.should == 200
key_id: key.id, response.body.should == 'false'
project: project.path_with_namespace, end
action: 'git-upload-pack' end
)
context "git push" do
it do
push(key, project)
response.status.should == 200
response.body.should == 'false'
end
end
end
context "blocked user" do
let(:personal_project) { create(:project, namespace: user.namespace) }
before do
user.block
end
context "git pull" do
it do
pull(key, personal_project)
response.status.should == 200 response.status.should == 200
response.body.should == 'false' response.body.should == 'false'
...@@ -85,19 +93,32 @@ describe Gitlab::API do ...@@ -85,19 +93,32 @@ describe Gitlab::API do
context "git push" do context "git push" do
it do it do
push(key, personal_project)
response.status.should == 200
response.body.should == 'false'
end
end
end
end
def pull(key, project)
get( get(
api("/internal/allowed"), api("/internal/allowed"),
ref: 'master', ref: 'master',
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-receive-pack' action: 'git-upload-pack'
) )
response.status.should == 200
response.body.should == 'false'
end
end
end end
def push(key, project)
get(
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack'
)
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment