gitlab-org--gitlab-foss/lib/gitlab/git_access_wiki.rb
Douwe Maan 3a0ae96c0e
Don't run single change checks when changes are unknown
When the `changes` passed to `GitAccess` are the literal string `_any`,
which indicates that this is a pre-authorization check, we now check
whether the user can push to any branch in the project in question,
instead of running the per-change check with `oldrev` `_any`, `newrev`
`nil`, and `ref` `nil`.
2019-01-02 15:31:32 +01:00

40 lines
946 B
Ruby

# frozen_string_literal: true
module Gitlab
class GitAccessWiki < GitAccess
ERROR_MESSAGES = {
read_only: "You can't push code to a read-only GitLab instance.",
write_to_wiki: "You are not allowed to write to this project's wiki."
}.freeze
def guest_can_download_code?
Guest.can?(:download_wiki_code, project)
end
def user_can_download_code?
authentication_abilities.include?(:download_code) && user_access.can_do_action?(:download_wiki_code)
end
def check_change_access!
unless user_access.can_do_action?(:create_wiki)
raise UnauthorizedError, ERROR_MESSAGES[:write_to_wiki]
end
if Gitlab::Database.read_only?
raise UnauthorizedError, push_to_read_only_message
end
true
end
def push_to_read_only_message
ERROR_MESSAGES[:read_only]
end
private
def repository
project.wiki.repository
end
end
end