Commit 83e83b6617694c03457ca3a36230b54560ce6833

Authored by Dmitriy Zaporozhets
1 parent 612a909e

Improve grack auth

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
lib/gitlab/backend/grack_auth.rb
1 require_relative 'shell_env' 1 require_relative 'shell_env'
2 -require_relative 'grack_helpers'  
3 2
4 module Grack 3 module Grack
5 class Auth < Rack::Auth::Basic 4 class Auth < Rack::Auth::Basic
6 - include Helpers  
7 5
8 attr_accessor :user, :project, :env 6 attr_accessor :user, :project, :env
9 7
@@ -79,12 +77,14 @@ module Grack @@ -79,12 +77,14 @@ module Grack
79 77
80 def authorize_request(service) 78 def authorize_request(service)
81 case service 79 case service
82 - when 'git-upload-pack' 80 + when *Gitlab::GitAccess::DOWNLOAD_COMMANDS
83 # Serve only upload request. 81 # Serve only upload request.
84 # Authorization on push will be serverd by update hook in repository 82 # Authorization on push will be serverd by update hook in repository
85 Gitlab::GitAccess.new.download_allowed?(user, project) 83 Gitlab::GitAccess.new.download_allowed?(user, project)
86 - else 84 + when *Gitlab::GitAccess::PUSH_COMMANDS
87 true 85 true
  86 + else
  87 + false
88 end 88 end
89 end 89 end
90 90
@@ -101,5 +101,18 @@ module Grack @@ -101,5 +101,18 @@ module Grack
101 def project 101 def project
102 @project ||= project_by_path(@request.path_info) 102 @project ||= project_by_path(@request.path_info)
103 end 103 end
  104 +
  105 + def project_by_path(path)
  106 + if m = /^([\w\.\/-]+)\.git/.match(path).to_a
  107 + path_with_namespace = m.last
  108 + path_with_namespace.gsub!(/\.wiki$/, '')
  109 +
  110 + Project.find_with_namespace(path_with_namespace)
  111 + end
  112 + end
  113 +
  114 + def render_not_found
  115 + [404, {"Content-Type" => "text/plain"}, ["Not Found"]]
  116 + end
104 end 117 end
105 end 118 end
lib/gitlab/backend/grack_helpers.rb
@@ -1,28 +0,0 @@ @@ -1,28 +0,0 @@
1 -module Grack  
2 - module Helpers  
3 - def project_by_path(path)  
4 - if m = /^([\w\.\/-]+)\.git/.match(path).to_a  
5 - path_with_namespace = m.last  
6 - path_with_namespace.gsub!(/\.wiki$/, '')  
7 -  
8 - Project.find_with_namespace(path_with_namespace)  
9 - end  
10 - end  
11 -  
12 - def render_not_found  
13 - [404, {"Content-Type" => "text/plain"}, ["Not Found"]]  
14 - end  
15 -  
16 - def can?(object, action, subject)  
17 - abilities.allowed?(object, action, subject)  
18 - end  
19 -  
20 - def abilities  
21 - @abilities ||= begin  
22 - abilities = Six.new  
23 - abilities << Ability  
24 - abilities  
25 - end  
26 - end  
27 - end  
28 -end