kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix internal API for missing project or key

Browse source 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
Dmitriy Zaporozhets 2014-12-01 16:55:33 +02:00
parent 06b7907c2a
commit 612b8806dd
No known key found for this signature in database
GPG key ID: 161B5D6A44D3D88A
2 changed files with 30 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/api/internal.rb
View file

@ -33,15 +33,20 @@ module API
end
project = Project.find_with_namespace(project_path)
return false unless project
actor = if params[:key_id]
Key.find(params[:key_id])
elsif params[:user_id]
User.find(params[:user_id])
unless project
return Gitlab::GitAccessStatus.new(false, 'No such project')
end
return false unless actor
actor = if params[:key_id]
Key.find_by(id: params[:key_id])
elsif params[:user_id]
User.find_by(id: params[:user_id])
end
unless actor
return Gitlab::GitAccessStatus.new(false, 'No such user or key')
end
access.check(
actor,

24
spec/requests/api/internal_spec.rb
View file

@ -26,7 +26,7 @@ describe API::API, api: true do
end
end
describe "GET /internal/allowed" do
describe "POST /internal/allowed" do
context "access granted" do
before do
project.team << [user, :developer]
@ -140,7 +140,7 @@ describe API::API, api: true do
archive(key, project)
response.status.should == 200
response.body.should == 'true'
JSON.parse(response.body)["status"].should be_true
end
end
@ -149,10 +149,28 @@ describe API::API, api: true do
archive(key, project)
response.status.should == 200
response.body.should == 'false'
JSON.parse(response.body)["status"].should be_false
end
end
end
context 'project does not exist' do
it do
pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))
response.status.should == 200
JSON.parse(response.body)["status"].should be_false
end
end
context 'user does not exist' do
it do
pull(OpenStruct.new(id: 0), project)
response.status.should == 200
JSON.parse(response.body)["status"].should be_false
end
end
end
def pull(key, project)