Parse all refs when do push via HTTP and check permissions for all of them

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Parse all refs when do push via HTTP and check permissions for all of them
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 3f3b202c
Showing 1 changed file with 14 additions and 10 deletions Show diff stats
lib/gitlab/backend/grack_auth.rb
@@ -82,13 +82,17 @@ module Grack
       when 'git-upload-pack'
         project.public || can?(user, :download_code, project)
       when'git-receive-pack'
-        action = if project.protected_branch?(ref)
-                   :push_code_to_protected_branches
-                 else
-                   :push_code
-                 end
+        refs.each do |ref|
+          action = if project.protected_branch?(ref)
+                     :push_code_to_protected_branches
+                   else
+                     :push_code
+                   end
+
+          return false unless can?(user, action, project)
+        end
  
-        can?(user, action, project)
+        true
       else
         false
       end
@@ -108,11 +112,11 @@ module Grack
       @project ||= project_by_path(@request.path_info)
     end
  
-    def ref
-      @ref ||= parse_ref
+    def refs
+      @refs ||= parse_refs
     end
  
-    def parse_ref
+    def parse_refs
       input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
                 Zlib::GzipReader.new(@request.body).read
               else
@@ -121,7 +125,7 @@ module Grack
  
       # Need to reset seek point
       @request.body.rewind
-      /refs\/heads\/([\/\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
+      input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact
     end
   end
 end
...	...	@@ -82,13 +82,17 @@ module Grack
82	82	when 'git-upload-pack'
83	83	project.public \|\| can?(user, :download_code, project)
84	84	when'git-receive-pack'
85		- action = if project.protected_branch?(ref)
86		- :push_code_to_protected_branches
87		- else
88		- :push_code
89		- end
	85	+ refs.each do \|ref\|
	86	+ action = if project.protected_branch?(ref)
	87	+ :push_code_to_protected_branches
	88	+ else
	89	+ :push_code
	90	+ end
	91	+
	92	+ return false unless can?(user, action, project)
	93	+ end
90	94
91		- can?(user, action, project)
	95	+ true
92	96	else
93	97	false
94	98	end
...	...	@@ -108,11 +112,11 @@ module Grack
108	112	@project \|\|= project_by_path(@request.path_info)
109	113	end
110	114
111		- def ref
112		- @ref \|\|= parse_ref
	115	+ def refs
	116	+ @refs \|\|= parse_refs
113	117	end
114	118
115		- def parse_ref
	119	+ def parse_refs
116	120	input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
117	121	Zlib::GzipReader.new(@request.body).read
118	122	else
...	...	@@ -121,7 +125,7 @@ module Grack
121	125
122	126	# Need to reset seek point
123	127	@request.body.rewind
124		- /refs\/heads\/([\/\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
	128	+ input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact
125	129	end
126	130	end
127	131	end
...	...