Fix authentication service

715a8cfa · Kamil Trzcinski · 46cc04ce · 715a8cfa · 715a8cfa · 715a8cfa
Commit 715a8cfa authored May 14, 2016 by Kamil Trzcinski
3 changed files
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -61,6 +61,7 @@ class Ability
          :read_merge_request,
          :read_note,
          :read_commit_status,
+          :read_container_registry,
          :download_code
        ]


--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
 module Auth
  class ContainerRegistryAuthenticationService < BaseService
+    AUDIENCE = 'container_registry'
+
    def execute
+      return error('not found', 404) unless registry.enabled
+
      if params[:offline_token]
        return error('forbidden', 403) unless current_user
      end
@@ -52,9 +56,11 @@ module Auth
    end

    def can_access?(requested_project, requested_action)
+      return false unless requested_project.container_registry_enabled?
+
      case requested_action
      when 'pull'
-        requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        requested_project == project || can?(current_user, :read_container_registry, requested_project)
      when 'push'
        requested_project == project || can?(current_user, :create_container_registry, requested_project)
      else

--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
  let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
  let(:registry_settings) do
    {
+      enabled: true,
      issuer: 'rspec',
      key: nil
    }