3a0ae96c0e
When the `changes` passed to `GitAccess` are the literal string `_any`, which indicates that this is a pre-authorization check, we now check whether the user can push to any branch in the project in question, instead of running the per-change check with `oldrev` `_any`, `newrev` `nil`, and `ref` `nil`.
40 lines
946 B
Ruby
40 lines
946 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
class GitAccessWiki < GitAccess
|
|
ERROR_MESSAGES = {
|
|
read_only: "You can't push code to a read-only GitLab instance.",
|
|
write_to_wiki: "You are not allowed to write to this project's wiki."
|
|
}.freeze
|
|
|
|
def guest_can_download_code?
|
|
Guest.can?(:download_wiki_code, project)
|
|
end
|
|
|
|
def user_can_download_code?
|
|
authentication_abilities.include?(:download_code) && user_access.can_do_action?(:download_wiki_code)
|
|
end
|
|
|
|
def check_change_access!
|
|
unless user_access.can_do_action?(:create_wiki)
|
|
raise UnauthorizedError, ERROR_MESSAGES[:write_to_wiki]
|
|
end
|
|
|
|
if Gitlab::Database.read_only?
|
|
raise UnauthorizedError, push_to_read_only_message
|
|
end
|
|
|
|
true
|
|
end
|
|
|
|
def push_to_read_only_message
|
|
ERROR_MESSAGES[:read_only]
|
|
end
|
|
|
|
private
|
|
|
|
def repository
|
|
project.wiki.repository
|
|
end
|
|
end
|
|
end
|