Improve grack auth

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Improve grack auth
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 612a909e
Showing 2 changed files with 17 additions and 32 deletions Show diff stats
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_helpers.rb
 require_relative 'shell_env'
-require_relative 'grack_helpers'
  
 module Grack
   class Auth < Rack::Auth::Basic
-    include Helpers
  
     attr_accessor :user, :project, :env
  
@@ -79,12 +77,14 @@ module Grack
  
     def authorize_request(service)
       case service
-      when 'git-upload-pack'
+      when *Gitlab::GitAccess::DOWNLOAD_COMMANDS
         # Serve only upload request.
         # Authorization on push will be serverd by update hook in repository
         Gitlab::GitAccess.new.download_allowed?(user, project)
-      else
+      when *Gitlab::GitAccess::PUSH_COMMANDS
         true
+      else
+        false
       end
     end
  
@@ -101,5 +101,18 @@ module Grack
     def project
       @project ||= project_by_path(@request.path_info)
     end
+
+    def project_by_path(path)
+      if m = /^([\w\.\/-]+)\.git/.match(path).to_a
+        path_with_namespace = m.last
+        path_with_namespace.gsub!(/\.wiki$/, '')
+
+        Project.find_with_namespace(path_with_namespace)
+      end
+    end
+
+    def render_not_found
+      [404, {"Content-Type" => "text/plain"}, ["Not Found"]]
+    end
   end
 end
@@ -1,28 +0,0 @@
-module Grack
-  module Helpers
-    def project_by_path(path)
-      if m = /^([\w\.\/-]+)\.git/.match(path).to_a
-        path_with_namespace = m.last
-        path_with_namespace.gsub!(/\.wiki$/, '')
-
-        Project.find_with_namespace(path_with_namespace)
-      end
-    end
-
-    def render_not_found
-      [404, {"Content-Type" => "text/plain"}, ["Not Found"]]
-    end
-
-    def can?(object, action, subject)
-      abilities.allowed?(object, action, subject)
-    end
-
-    def abilities
-      @abilities ||= begin
-                       abilities = Six.new
-                       abilities << Ability
-                       abilities
-                     end
-    end
-  end
-end
1	1	require_relative 'shell_env'
2		-require_relative 'grack_helpers'
3	2
4	3	module Grack
5	4	class Auth < Rack::Auth::Basic
6		- include Helpers
7	5
8	6	attr_accessor :user, :project, :env
9	7
...	...	@@ -79,12 +77,14 @@ module Grack
79	77
80	78	def authorize_request(service)
81	79	case service
82		- when 'git-upload-pack'
	80	+ when *Gitlab::GitAccess::DOWNLOAD_COMMANDS
83	81	# Serve only upload request.
84	82	# Authorization on push will be serverd by update hook in repository
85	83	Gitlab::GitAccess.new.download_allowed?(user, project)
86		- else
	84	+ when *Gitlab::GitAccess::PUSH_COMMANDS
87	85	true
	86	+ else
	87	+ false
88	88	end
89	89	end
90	90
...	...	@@ -101,5 +101,18 @@ module Grack
101	101	def project
102	102	@project \|\|= project_by_path(@request.path_info)
103	103	end
	104	+
	105	+ def project_by_path(path)
	106	+ if m = /^([\w\.\/-]+)\.git/.match(path).to_a
	107	+ path_with_namespace = m.last
	108	+ path_with_namespace.gsub!(/\.wiki$/, '')
	109	+
	110	+ Project.find_with_namespace(path_with_namespace)
	111	+ end
	112	+ end
	113	+
	114	+ def render_not_found
	115	+ [404, {"Content-Type" => "text/plain"}, ["Not Found"]]
	116	+ end
104	117	end
105	118	end
...	...
...	...	@@ -1,28 +0,0 @@
1		-module Grack
2		- module Helpers
3		- def project_by_path(path)
4		- if m = /^([\w\.\/-]+)\.git/.match(path).to_a
5		- path_with_namespace = m.last
6		- path_with_namespace.gsub!(/\.wiki$/, '')
7		-
8		- Project.find_with_namespace(path_with_namespace)
9		- end
10		- end
11		-
12		- def render_not_found
13		- [404, {"Content-Type" => "text/plain"}, ["Not Found"]]
14		- end
15		-
16		- def can?(object, action, subject)
17		- abilities.allowed?(object, action, subject)
18		- end
19		-
20		- def abilities
21		- @abilities \|\|= begin
22		- abilities = Six.new
23		- abilities << Ability
24		- abilities
25		- end
26		- end
27		- end
28		-end