Commit da15471b authored by Patricio Cano's avatar Patricio Cano

Clarify protocol access check, and make Git HTTP access call more specific.

parent 0f54e2ae
...@@ -157,7 +157,7 @@ class Projects::GitHttpController < Projects::ApplicationController ...@@ -157,7 +157,7 @@ class Projects::GitHttpController < Projects::ApplicationController
end end
def render_not_allowed def render_not_allowed
render plain: access.message, status: :forbidden render plain: download_access.message, status: :forbidden
end end
def ci? def ci?
...@@ -168,20 +168,20 @@ class Projects::GitHttpController < Projects::ApplicationController ...@@ -168,20 +168,20 @@ class Projects::GitHttpController < Projects::ApplicationController
return false unless Gitlab.config.gitlab_shell.upload_pack return false unless Gitlab.config.gitlab_shell.upload_pack
if user if user
access.allowed? download_access.allowed?
else else
ci? || project.public? ci? || project.public?
end end
end end
def access def download_access
return @access if defined?(@access) return @download_access if defined?(@download_access)
@access = Gitlab::GitAccess.new(user, project, 'http').check('git-upload-pack') @download_access = Gitlab::GitAccess.new(user, project, 'http').check('git-upload-pack')
end end
def http_blocked? def http_blocked?
access.message.include?('HTTP') download_access.protocol_allowed?
end end
def receive_pack_allowed? def receive_pack_allowed?
......
...@@ -3,7 +3,7 @@ module Gitlab ...@@ -3,7 +3,7 @@ module Gitlab
def self.allowed?(protocol) def self.allowed?(protocol)
if protocol.to_s == 'web' if protocol.to_s == 'web'
true true
elsif !current_application_settings.enabled_git_access_protocols.present? elsif current_application_settings.enabled_git_access_protocols.blank?
true true
else else
protocol.to_s == current_application_settings.enabled_git_access_protocols protocol.to_s == current_application_settings.enabled_git_access_protocols
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment