Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e2135248
Commit
e2135248
authored
Jul 25, 2017
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use route_setting authentication job_token_allowed to be true
parent
b500d58c
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
12 additions
and
16 deletions
+12
-16
app/models/ability.rb
app/models/ability.rb
+3
-2
app/models/ci/job_user.rb
app/models/ci/job_user.rb
+0
-9
app/policies/base_policy.rb
app/policies/base_policy.rb
+0
-2
lib/api/api_guard.rb
lib/api/api_guard.rb
+7
-3
lib/api/jobs.rb
lib/api/jobs.rb
+2
-0
No files found.
app/models/ability.rb
View file @
e2135248
...
@@ -33,9 +33,10 @@ class Ability
...
@@ -33,9 +33,10 @@ class Ability
end
end
def
allowed?
(
user
,
action
,
subject
=
:global
,
opts
=
{})
def
allowed?
(
user
,
action
,
subject
=
:global
,
opts
=
{})
return
user
.
abilities
.
include?
(
action
)
if
user
.
is_a?
(
Ci
::
JobUser
)
if
subject
.
is_a?
(
Hash
)
opts
,
subject
=
subject
,
:global
end
opts
,
subject
=
subject
,
:global
if
subject
.
is_a?
(
Hash
)
policy
=
policy_for
(
user
,
subject
)
policy
=
policy_for
(
user
,
subject
)
case
opts
[
:scope
]
case
opts
[
:scope
]
...
...
app/models/ci/job_user.rb
deleted
100644 → 0
View file @
b500d58c
module
Ci
# Empty class to differenciate between users that have authenticated by
# CI_JOB_TOKEN
class
JobUser
<
User
def
abilities
%i[read_build read_project access_git access_api]
end
end
end
app/policies/base_policy.rb
View file @
e2135248
...
@@ -27,6 +27,4 @@ class BasePolicy < DeclarativePolicy::Base
...
@@ -27,6 +27,4 @@ class BasePolicy < DeclarativePolicy::Base
with_scope
:global
with_scope
:global
condition
(
:license_block
)
{
License
.
block_changes?
}
condition
(
:license_block
)
{
License
.
block_changes?
}
rule
{
ci_job_user
}.
prevent_all
end
end
lib/api/api_guard.rb
View file @
e2135248
...
@@ -89,13 +89,13 @@ module API
...
@@ -89,13 +89,13 @@ module API
end
end
def
find_user_by_ci_token
def
find_user_by_ci_token
return
nil
unless
route_authentication_setting
[
:job_token_allowed
]
job_token
=
params
[
CI_JOB_TOKEN_PARAM
].
to_s
job_token
=
params
[
CI_JOB_TOKEN_PARAM
].
to_s
return
nil
unless
job_token
.
present?
return
nil
unless
job_token
.
present?
user
=
Ci
::
Build
.
find_by_token
(
job_token
)
&
.
user
Ci
::
Build
.
find_by_token
(
job_token
)
&
.
user
user
.
becomes
(
Ci
::
JobUser
)
if
user
end
end
def
current_user
def
current_user
...
@@ -104,6 +104,10 @@ module API
...
@@ -104,6 +104,10 @@ module API
private
private
def
route_authentication_setting
route_setting
(
:authentication
)
||
{}
end
def
find_user_by_authentication_token
(
token_string
)
def
find_user_by_authentication_token
(
token_string
)
User
.
find_by_authentication_token
(
token_string
)
User
.
find_by_authentication_token
(
token_string
)
end
end
...
...
lib/api/jobs.rb
View file @
e2135248
...
@@ -77,6 +77,7 @@ module API
...
@@ -77,6 +77,7 @@ module API
params
do
params
do
requires
:job_id
,
type:
Integer
,
desc:
'The ID of a job'
requires
:job_id
,
type:
Integer
,
desc:
'The ID of a job'
end
end
route_setting
:authentication
,
job_token_allowed:
true
get
':id/jobs/:job_id/artifacts'
do
get
':id/jobs/:job_id/artifacts'
do
authorize_read_builds!
authorize_read_builds!
...
@@ -92,6 +93,7 @@ module API
...
@@ -92,6 +93,7 @@ module API
requires
:ref_name
,
type:
String
,
desc:
'The ref from repository'
requires
:ref_name
,
type:
String
,
desc:
'The ref from repository'
requires
:job
,
type:
String
,
desc:
'The name for the job'
requires
:job
,
type:
String
,
desc:
'The name for the job'
end
end
route_setting
:authentication
,
job_token_allowed:
true
get
':id/jobs/artifacts/:ref_name/download'
,
get
':id/jobs/artifacts/:ref_name/download'
,
requirements:
{
ref_name:
/.+/
}
do
requirements:
{
ref_name:
/.+/
}
do
authorize_read_builds!
authorize_read_builds!
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment