Fix deploy keys permission check in internal api

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
Dmitriy Zaporozhets 2014-12-01 16:25:10 +02:00
parent 30e28a7e0c
commit 06b7907c2a
No known key found for this signature in database
GPG key ID: 161B5D6A44D3D88A
2 changed files with 37 additions and 10 deletions

View file

@ -8,15 +8,7 @@ module Gitlab
def check(actor, cmd, project, changes = nil)
case cmd
when *DOWNLOAD_COMMANDS
if actor.is_a? User
download_access_check(actor, project)
elsif actor.is_a? DeployKey
actor.projects.include?(project)
elsif actor.is_a? Key
download_access_check(actor.user, project)
else
raise 'Wrong actor'
end
download_access_check(actor, project)
when *PUSH_COMMANDS
if actor.is_a? User
push_access_check(actor, project, changes)
@ -32,7 +24,23 @@ module Gitlab
end
end
def download_access_check(user, project)
def download_access_check(actor, project)
if actor.is_a?(User)
user_download_access_check(actor, project)
elsif actor.is_a?(DeployKey)
if actor.projects.include?(project)
build_status_object(true)
else
build_status_object(false, "Deploy key not allowed to access this project")
end
elsif actor.is_a? Key
user_download_access_check(actor.user, project)
else
raise 'Wrong actor'
end
end
def user_download_access_check(user, project)
if user && user_allowed?(user) && user.can?(:download_code, project)
build_status_object(true)
else

View file

@ -46,6 +46,25 @@ describe Gitlab::GitAccess do
it { subject.allowed?.should be_false }
end
end
describe 'deploy key permissions' do
let(:key) { create(:deploy_key) }
context 'pull code' do
context 'allowed' do
before { key.projects << project }
subject { access.download_access_check(key, project) }
it { subject.allowed?.should be_true }
end
context 'denied' do
subject { access.download_access_check(key, project) }
it { subject.allowed?.should be_false }
end
end
end
end
describe 'push_access_check' do