Improve authentication_result usage
This commit is contained in:
Kamil Trzcinski
parent
b0195d5c55
commit
2742f9fb98
2 changed files with 21 additions and 14 deletions
|
|
@ -19,6 +19,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
private
|
||||
|
||||
def authenticate_user
|
||||
@authentication_result = Gitlab::Auth::Result.new
|
||||
|
||||
if project && project.public? && download_request?
|
||||
return # Allow access
|
||||
end
|
||||
|
|
@ -124,6 +126,18 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def ci?
|
||||
authentication_result.ci? &&
|
||||
authentication_project &&
|
||||
authentication_project == project
|
||||
end
|
||||
|
||||
def lfs_deploy_key?
|
||||
authentication_result.lfs_deploy_token? &&
|
||||
actor &&
|
||||
actor.projects.include?(project)
|
||||
end
|
||||
|
||||
def authentication_has_download_access?
|
||||
has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code)
|
||||
end
|
||||
|
|
@ -132,19 +146,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
has_authentication_ability?(:push_code)
|
||||
end
|
||||
|
||||
def ci?
|
||||
authentication_result && authentication_result.ci? &&
|
||||
authentication_result.project && authentication_result.project == project
|
||||
end
|
||||
|
||||
def lfs_deploy_key?
|
||||
authentication_result && authentication_result.lfs_deploy_token? &&
|
||||
actor && actor.projects.include?(project)
|
||||
end
|
||||
|
||||
def has_authentication_ability?(capability)
|
||||
authentication_abilities &&
|
||||
authentication_abilities.include?(capability)
|
||||
(authentication_abilities || []).include?(capability)
|
||||
end
|
||||
|
||||
def authentication_project
|
||||
authentication_result.project
|
||||
end
|
||||
|
||||
def verify_workhorse_api!
|
||||
|
|
|
|||
|
|
@ -322,10 +322,10 @@ describe 'Git HTTP requests', lib: true do
|
|||
expect(response).to have_http_status(401)
|
||||
end
|
||||
|
||||
it "downloads from other project get status 401" do
|
||||
it "downloads from other project get status 404" do
|
||||
clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(401)
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue