Merge pull request #4662 from jzi/allow_archive_for_deploy_key
allow all git-upload-* commands for deploy keys
This commit is contained in:
Dmitriy Zaporozhets
commit
8c08fb9b28
2 changed files with 43 additions and 3 deletions
|
|
@ -1,6 +1,10 @@
|
||||||
module API
|
module API
|
||||||
# Internal access API
|
# Internal access API
|
||||||
class Internal < Grape::API
|
class Internal < Grape::API
|
||||||
|
|
||||||
|
DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }
|
||||||
|
PUSH_COMMANDS = %w{ git-receive-pack }
|
||||||
|
|
||||||
namespace 'internal' do
|
namespace 'internal' do
|
||||||
#
|
#
|
||||||
# Check if ssh key has access to project code
|
# Check if ssh key has access to project code
|
||||||
|
|
@ -26,16 +30,16 @@ module API
|
||||||
|
|
||||||
|
|
||||||
if key.is_a? DeployKey
|
if key.is_a? DeployKey
|
||||||
key.projects.include?(project) && git_cmd == 'git-upload-pack'
|
key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd)
|
||||||
else
|
else
|
||||||
user = key.user
|
user = key.user
|
||||||
|
|
||||||
return false if user.blocked?
|
return false if user.blocked?
|
||||||
|
|
||||||
action = case git_cmd
|
action = case git_cmd
|
||||||
when 'git-upload-pack', 'git-upload-archive'
|
when *DOWNLOAD_COMMANDS
|
||||||
then :download_code
|
then :download_code
|
||||||
when 'git-receive-pack'
|
when *PUSH_COMMANDS
|
||||||
then
|
then
|
||||||
if project.protected_branch?(params[:ref])
|
if project.protected_branch?(params[:ref])
|
||||||
:push_code_to_protected_branches
|
:push_code_to_protected_branches
|
||||||
|
|
|
||||||
|
|
@ -100,6 +100,32 @@ describe API::API do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "deploy key" do
|
||||||
|
let(:key) { create(:deploy_key) }
|
||||||
|
|
||||||
|
context "added to project" do
|
||||||
|
before do
|
||||||
|
key.projects << project
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
archive(key, project)
|
||||||
|
|
||||||
|
response.status.should == 200
|
||||||
|
response.body.should == 'true'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "not added to project" do
|
||||||
|
it do
|
||||||
|
archive(key, project)
|
||||||
|
|
||||||
|
response.status.should == 200
|
||||||
|
response.body.should == 'false'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def pull(key, project)
|
def pull(key, project)
|
||||||
|
|
@ -121,4 +147,14 @@ describe API::API do
|
||||||
action: 'git-receive-pack'
|
action: 'git-receive-pack'
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def archive(key, project)
|
||||||
|
get(
|
||||||
|
api("/internal/allowed"),
|
||||||
|
ref: 'master',
|
||||||
|
key_id: key.id,
|
||||||
|
project: project.path_with_namespace,
|
||||||
|
action: 'git-upload-archive'
|
||||||
|
)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue