Fix authentication service

2016-05-14 14:22:45 -05:00 · 2016-05-14 14:22:45 -05:00 · 715a8cfa2f
commit 715a8cfa2f
parent 46cc04ce7a
3 changed files with 9 additions and 1 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -61,6 +61,7 @@ class Ability
          :read_merge_request,
          :read_note,
          :read_commit_status,
+          :read_container_registry,
          :download_code
        ]

--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@ -1,6 +1,10 @@
 module Auth
  class ContainerRegistryAuthenticationService < BaseService
+    AUDIENCE = 'container_registry'
+
    def execute
+      return error('not found', 404) unless registry.enabled
+
      if params[:offline_token]
        return error('forbidden', 403) unless current_user
      end
@ -52,9 +56,11 @@ module Auth
    end

    def can_access?(requested_project, requested_action)
+      return false unless requested_project.container_registry_enabled?
+
      case requested_action
      when 'pull'
-        requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        requested_project == project || can?(current_user, :read_container_registry, requested_project)
      when 'push'
        requested_project == project || can?(current_user, :create_container_registry, requested_project)
      else
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
  let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
  let(:registry_settings) do
    {
+      enabled: true,
      issuer: 'rspec',
      key: nil
    }