Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e59a8e9a
Commit
e59a8e9a
authored
Jul 19, 2021
by
Serena Fang
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update group check comment
parent
896c57f8
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
3 additions
and
3 deletions
+3
-3
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+3
-3
No files found.
lib/gitlab/auth.rb
View file @
e59a8e9a
...
...
@@ -214,9 +214,9 @@ module Gitlab
# rubocop: disable CodeReuse/ActiveRecord
#
The generic implementation of resource access token is functional
#
but requires an additional check to verify if the token user is a member of
#
the project's group, its ancestor groups, or its shared groups
.
#
A workaround for adding group-level automation is to add the bot user of a project access token as a group member.
#
In order to make project access tokens work this way during git authentication, we need to add an additional check for group membership.
#
This is a temporary workaround until service accounts are implemented
.
def
token_bot_in_group?
(
user
,
project
)
project
.
group
&&
project
.
group
.
members_with_parents
.
where
(
user_id:
user
.
id
).
exists?
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
