Commit graph

22 commits

Author SHA1 Message Date
Bob Van Landuyt
148816cd67 Port read_cross_project ability from EE 2018-02-22 17:11:36 +01:00
Sean McGivern
5883ce95ef current_application_settings belongs on Gitlab::CurrentSettings
The initializers including this were doing so at the top level, so every object
loaded after them had a `current_application_settings` method. However, if
someone had rack-attack enabled (which was loaded before these initializers), it
would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't
have that method.

To fix this:

1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need
   `Object.new.current_application_settings` to work.
2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it
   like that in several places.
3. Change the initializers to use that new form.
2017-08-31 13:38:33 +01:00
Timothy Andrew
5dedea358d Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api
- Modify policy code to work with the `DeclarativePolicy` refactor
  in 37c401433b.
2017-06-30 13:45:51 +00:00
Timothy Andrew
3c88a7869b Implement review comments for !12445 from @godfat and @rymai.
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can
  fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC`
  visibility level is not restricted.

- Further, as before, `/api/v4/users` is only accessible to unauthenticated users if
  the `username` parameter is passed.

- Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual
  route + method, rather than the description.

- Change the type of `current_user` check in `UsersFinder` to be more
  compatible with EE.
2017-06-30 13:06:03 +00:00
http://jneen.net/
7765dd6a1d bugfix: use require_dependency to bring in DeclarativePolicy 2017-06-29 11:57:59 -07:00
http://jneen.net/
37c401433b convert all the policies to DeclarativePolicy 2017-06-27 12:44:37 -07:00
Grzegorz Bizon
7fc6b5b6ff Do not inherit build policy in pipeline policy 2017-04-12 12:57:13 +02:00
http://jneen.net/
846e581732 use a magic default :global symbol instead of nil
to make sure we mean the global permissions
2017-03-09 11:49:52 -08:00
Douwe Maan
75f5fa997d Enable Rails/Delegate 2017-02-23 09:32:42 -06:00
Rémy Coutable
061bb6eb6e More improvements to presenters
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-01-18 16:38:35 +01:00
Rémy Coutable
fd72c0f4c7 Handle presenters in BasePolicy
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-01-18 16:38:34 +01:00
http://jneen.net/
bc0a513f62 s/NB:/NOTE:/ 2016-08-30 15:55:28 -07:00
http://jneen.net/
482795a908 implement RuleSet#size for tests 2016-08-30 11:42:23 -07:00
http://jneen.net/
57def53c84 factor out a RuleSet so that delegate! retains @cannot 2016-08-30 11:39:22 -07:00
http://jneen.net/
35779223a6 special-case blocked users 2016-08-30 11:39:22 -07:00
http://jneen.net/
5b7edc74b6 use the cached abilities in #delegate! 2016-08-30 11:39:22 -07:00
http://jneen.net/
9a0ea13501 factor in global permissions 2016-08-30 11:39:22 -07:00
http://jneen.net/
3656d3b88a add automatic detection of the policy class 2016-08-30 11:39:22 -07:00
http://jneen.net/
16fe6dc7b1 port CommitStatus/Build 2016-08-30 11:39:22 -07:00
http://jneen.net/
4d904bf352 port issues to Issu{able,e}Policy 2016-08-30 11:39:22 -07:00
http://jneen.net/
1ca9b3354a add support for anonymous abilities 2016-08-30 11:39:22 -07:00
http://jneen.net/
e208765a92 add policies, and factor out ProjectPolicy 2016-08-30 11:35:06 -07:00