gitlab-org--gitlab-foss/app/controllers/ci/application_controller.rb

134 lines
2.9 KiB
Ruby
Raw Normal View History

2015-08-25 21:42:46 -04:00
module Ci
class ApplicationController < ActionController::Base
def self.railtie_helpers_paths
"app/helpers/ci"
end
include Ci::UserSessionsHelper
rescue_from Ci::Network::UnauthorizedError, with: :invalid_token
before_filter :default_headers
#before_filter :check_config
2015-08-25 21:42:46 -04:00
protect_from_forgery
helper_method :current_user
before_filter :reset_cache
private
def current_user
@current_user ||= session[:ci_current_user]
end
def sign_in(user)
session[:ci_current_user] = user
end
def sign_out
reset_session
end
def authenticate_user!
unless current_user
redirect_to new_ci_user_sessions_path
return
end
end
def authenticate_admin!
unless current_user && current_user.is_admin
redirect_to new_ci_user_sessions_path
return
end
end
def authenticate_public_page!
unless project.public
unless current_user
redirect_to(new_ci_user_sessions_path(state: generate_oauth_state(request.fullpath))) and return
end
unless current_user.can_access_project?(project.gitlab_id)
page_404 and return
end
end
end
def authenticate_token!
unless project.valid_token?(params[:token])
return head(403)
end
end
def authorize_access_project!
unless current_user.can_access_project?(@project.gitlab_id)
return page_404
end
end
def authorize_project_developer!
unless current_user.has_developer_access?(@project.gitlab_id)
return page_404
end
end
def authorize_manage_project!
unless current_user.can_manage_project?(@project.gitlab_id)
return page_404
end
end
def page_404
render file: "#{Rails.root}/public/404.html", status: 404, layout: false
end
# Reset user cache every day for security purposes
def reset_cache
if current_user && current_user.sync_at < (Time.zone.now - 24.hours)
current_user.reset_cache
end
end
def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
end
# JSON for infinite scroll via Pager object
def pager_json(partial, count)
html = render_to_string(
partial,
layout: false,
formats: [:html]
)
render json: {
html: html,
count: count
}
end
def check_config
redirect_to oauth2_ci_help_path unless valid_config?
end
def valid_config?
server = GitlabCi.config.gitlab_server
if server.blank? || server.url.blank? || server.app_id.blank? || server.app_secret.blank?
false
else
true
end
rescue Settingslogic::MissingSetting, NoMethodError
false
end
def invalid_token
reset_session
redirect_to ci_root_path
end
end
end