2013-08-21 05:33:12 -04:00
|
|
|
class ApplicationController < ActionController::Base
|
2011-10-08 17:36:38 -04:00
|
|
|
before_filter :authenticate_user!
|
2012-04-16 16:33:03 -04:00
|
|
|
before_filter :reject_blocked!
|
2013-06-13 13:01:35 -04:00
|
|
|
before_filter :check_password_expiration
|
2013-06-11 11:15:18 -04:00
|
|
|
before_filter :set_current_user_for_thread
|
2012-11-28 23:29:11 -05:00
|
|
|
before_filter :add_abilities
|
2012-08-02 02:48:24 -04:00
|
|
|
before_filter :dev_tools if Rails.env == 'development'
|
2013-02-02 13:32:13 -05:00
|
|
|
before_filter :default_headers
|
2013-02-19 07:37:43 -05:00
|
|
|
before_filter :add_gon_variables
|
2012-06-24 03:01:42 -04:00
|
|
|
|
2011-10-08 17:36:38 -04:00
|
|
|
protect_from_forgery
|
2012-06-24 03:01:42 -04:00
|
|
|
|
2011-10-08 17:36:38 -04:00
|
|
|
helper_method :abilities, :can?
|
|
|
|
|
2012-05-31 16:36:52 -04:00
|
|
|
rescue_from Encoding::CompatibilityError do |exception|
|
2012-11-06 15:15:25 -05:00
|
|
|
log_exception(exception)
|
2012-09-26 16:24:52 -04:00
|
|
|
render "errors/encoding", layout: "errors", status: 500
|
2012-05-31 16:36:52 -04:00
|
|
|
end
|
|
|
|
|
2012-02-22 00:14:54 -05:00
|
|
|
rescue_from ActiveRecord::RecordNotFound do |exception|
|
2012-11-06 15:15:25 -05:00
|
|
|
log_exception(exception)
|
2012-09-26 16:24:52 -04:00
|
|
|
render "errors/not_found", layout: "errors", status: 404
|
2011-10-09 17:15:28 -04:00
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
protected
|
2011-10-08 17:36:38 -04:00
|
|
|
|
2012-11-06 15:15:25 -05:00
|
|
|
def log_exception(exception)
|
|
|
|
application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
|
|
|
|
application_trace.map!{ |t| " #{t}\n" }
|
|
|
|
logger.error "\n#{exception.class.name} (#{exception.message}):\n#{application_trace.join}"
|
|
|
|
end
|
|
|
|
|
2012-04-16 16:33:03 -04:00
|
|
|
def reject_blocked!
|
2013-03-04 09:52:30 -05:00
|
|
|
if current_user && current_user.blocked?
|
2012-06-01 09:56:28 -04:00
|
|
|
sign_out current_user
|
2013-05-28 13:48:51 -04:00
|
|
|
flash[:alert] = "Your account is blocked. Retry when an admin has unblocked it."
|
2012-04-16 16:33:03 -04:00
|
|
|
redirect_to new_user_session_path
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-04-13 01:12:34 -04:00
|
|
|
def after_sign_in_path_for resource
|
2013-03-04 09:52:30 -05:00
|
|
|
if resource.is_a?(User) && resource.respond_to?(:blocked?) && resource.blocked?
|
2012-04-13 01:12:34 -04:00
|
|
|
sign_out resource
|
2013-05-28 13:48:51 -04:00
|
|
|
flash[:alert] = "Your account is blocked. Retry when an admin has unblocked it."
|
2012-04-13 01:12:34 -04:00
|
|
|
new_user_session_path
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-06-11 11:15:18 -04:00
|
|
|
def set_current_user_for_thread
|
|
|
|
Thread.current[:current_user] = current_user
|
2012-06-24 03:01:42 -04:00
|
|
|
end
|
|
|
|
|
2011-10-08 17:36:38 -04:00
|
|
|
def abilities
|
|
|
|
@abilities ||= Six.new
|
|
|
|
end
|
|
|
|
|
|
|
|
def can?(object, action, subject)
|
|
|
|
abilities.allowed?(object, action, subject)
|
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
def project
|
2012-11-22 15:34:06 -05:00
|
|
|
id = params[:project_id] || params[:id]
|
|
|
|
|
2012-11-28 23:29:11 -05:00
|
|
|
@project = Project.find_with_namespace(id)
|
|
|
|
|
|
|
|
if @project and can?(current_user, :read_project, @project)
|
|
|
|
@project
|
|
|
|
else
|
|
|
|
@project = nil
|
2013-05-24 17:07:19 -04:00
|
|
|
render_404 and return
|
2012-11-28 23:29:11 -05:00
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2013-01-03 14:09:18 -05:00
|
|
|
def repository
|
|
|
|
@repository ||= project.repository
|
|
|
|
rescue Grit::NoSuchPathError
|
|
|
|
nil
|
|
|
|
end
|
|
|
|
|
2012-11-28 23:29:11 -05:00
|
|
|
def add_abilities
|
2011-10-08 17:36:38 -04:00
|
|
|
abilities << Ability
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_project!(action)
|
2012-02-22 00:14:54 -05:00
|
|
|
return access_denied! unless can?(current_user, action, project)
|
2011-10-17 06:39:03 -04:00
|
|
|
end
|
|
|
|
|
2012-02-21 17:31:18 -05:00
|
|
|
def authorize_code_access!
|
Internally public projects
Public projects listed in the public section will be linked to the
actual project's page. Public projects now give any user Guest
permissions to the project, allowing them to download the code, read
and create issues, and view anything else in the project's pages.
Ample access tests have been added to the project_access_spec to
verify correct permissions and behavior on public projects.
- Visitors to the site who are not logged in still cannot view the
project's pages.
- Logged-in users visiting a public project where they are not a team
member can create issues, but not snippets. They can view the projects
code, issues, merge requests, etc, just as if they were a Guest member
of the project.
- Since this is a public project, the user is also granted :download_code
permissions, a permission normally reserved for Reporters, since they
can clone the repo anyways and browse commits and branches locally.
2013-05-02 02:52:05 -04:00
|
|
|
return access_denied! unless can?(current_user, :download_code, project) or project.public?
|
2012-02-21 17:31:18 -05:00
|
|
|
end
|
|
|
|
|
2013-07-17 01:26:00 -04:00
|
|
|
def authorize_push!
|
|
|
|
return access_denied! unless can?(current_user, :push_code, project)
|
|
|
|
end
|
|
|
|
|
2011-10-17 06:39:03 -04:00
|
|
|
def access_denied!
|
2012-09-26 16:24:52 -04:00
|
|
|
render "errors/access_denied", layout: "errors", status: 404
|
2012-02-22 00:14:54 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def not_found!
|
2012-09-26 16:24:52 -04:00
|
|
|
render "errors/not_found", layout: "errors", status: 404
|
2012-02-22 00:14:54 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def git_not_found!
|
2012-09-26 16:24:52 -04:00
|
|
|
render "errors/git_not_found", layout: "errors", status: 404
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def method_missing(method_sym, *arguments, &block)
|
|
|
|
if method_sym.to_s =~ /^authorize_(.*)!$/
|
|
|
|
authorize_project!($1.to_sym)
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
2011-10-14 11:08:25 -04:00
|
|
|
|
2011-10-14 12:30:31 -04:00
|
|
|
def render_404
|
2012-09-26 14:52:01 -04:00
|
|
|
render file: Rails.root.join("public", "404"), layout: false, status: "404"
|
2011-10-14 11:08:25 -04:00
|
|
|
end
|
2011-10-15 11:51:58 -04:00
|
|
|
|
2012-12-04 22:14:05 -05:00
|
|
|
def render_403
|
|
|
|
render file: Rails.root.join("public", "403"), layout: false, status: "403"
|
|
|
|
end
|
|
|
|
|
2011-10-15 11:51:58 -04:00
|
|
|
def require_non_empty_project
|
2012-09-04 11:37:38 -04:00
|
|
|
redirect_to @project if @project.empty_repo?
|
2011-10-15 11:51:58 -04:00
|
|
|
end
|
2011-11-03 18:37:02 -04:00
|
|
|
|
2011-11-20 15:32:12 -05:00
|
|
|
def no_cache_headers
|
|
|
|
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
|
|
|
|
response.headers["Pragma"] = "no-cache"
|
|
|
|
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
|
|
|
|
end
|
2012-01-27 18:49:14 -05:00
|
|
|
|
2012-08-02 02:48:24 -04:00
|
|
|
def dev_tools
|
|
|
|
Rack::MiniProfiler.authorize_request
|
|
|
|
end
|
2013-01-22 17:20:27 -05:00
|
|
|
|
2013-02-02 13:32:13 -05:00
|
|
|
def default_headers
|
|
|
|
headers['X-Frame-Options'] = 'DENY'
|
|
|
|
headers['X-XSS-Protection'] = '1; mode=block'
|
|
|
|
end
|
2013-02-19 07:37:43 -05:00
|
|
|
|
|
|
|
def add_gon_variables
|
|
|
|
gon.default_issues_tracker = Project.issues_tracker.default_value
|
2013-05-14 08:33:31 -04:00
|
|
|
gon.api_version = API::API.version
|
2013-03-14 04:16:27 -04:00
|
|
|
gon.api_token = current_user.private_token if current_user
|
2013-05-31 04:30:21 -04:00
|
|
|
gon.gravatar_url = request.ssl? || Gitlab.config.gitlab.https ? Gitlab.config.gravatar.ssl_url : Gitlab.config.gravatar.plain_url
|
2013-04-24 03:31:36 -04:00
|
|
|
gon.relative_url_root = Gitlab.config.gitlab.relative_url_root
|
2013-02-19 07:37:43 -05:00
|
|
|
end
|
2013-06-13 12:53:04 -04:00
|
|
|
|
|
|
|
def check_password_expiration
|
2013-09-17 16:37:36 -04:00
|
|
|
if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now && !current_user.ldap_user?
|
2013-06-13 12:53:04 -04:00
|
|
|
redirect_to new_profile_password_path and return
|
|
|
|
end
|
|
|
|
end
|
2013-08-26 09:30:03 -04:00
|
|
|
|
|
|
|
def event_filter
|
|
|
|
filters = cookies['event_filter'].split(',') if cookies['event_filter'].present?
|
|
|
|
@event_filter ||= EventFilter.new(filters)
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|