Commit 83e83b6617694c03457ca3a36230b54560ce6833
1 parent
612a909e
Exists in
spb-stable
and in
3 other branches
Improve grack auth
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
2 changed files
with
17 additions
and
32 deletions
Show diff stats
lib/gitlab/backend/grack_auth.rb
| 1 | require_relative 'shell_env' | 1 | require_relative 'shell_env' |
| 2 | -require_relative 'grack_helpers' | ||
| 3 | 2 | ||
| 4 | module Grack | 3 | module Grack |
| 5 | class Auth < Rack::Auth::Basic | 4 | class Auth < Rack::Auth::Basic |
| 6 | - include Helpers | ||
| 7 | 5 | ||
| 8 | attr_accessor :user, :project, :env | 6 | attr_accessor :user, :project, :env |
| 9 | 7 | ||
| @@ -79,12 +77,14 @@ module Grack | @@ -79,12 +77,14 @@ module Grack | ||
| 79 | 77 | ||
| 80 | def authorize_request(service) | 78 | def authorize_request(service) |
| 81 | case service | 79 | case service |
| 82 | - when 'git-upload-pack' | 80 | + when *Gitlab::GitAccess::DOWNLOAD_COMMANDS |
| 83 | # Serve only upload request. | 81 | # Serve only upload request. |
| 84 | # Authorization on push will be serverd by update hook in repository | 82 | # Authorization on push will be serverd by update hook in repository |
| 85 | Gitlab::GitAccess.new.download_allowed?(user, project) | 83 | Gitlab::GitAccess.new.download_allowed?(user, project) |
| 86 | - else | 84 | + when *Gitlab::GitAccess::PUSH_COMMANDS |
| 87 | true | 85 | true |
| 86 | + else | ||
| 87 | + false | ||
| 88 | end | 88 | end |
| 89 | end | 89 | end |
| 90 | 90 | ||
| @@ -101,5 +101,18 @@ module Grack | @@ -101,5 +101,18 @@ module Grack | ||
| 101 | def project | 101 | def project |
| 102 | @project ||= project_by_path(@request.path_info) | 102 | @project ||= project_by_path(@request.path_info) |
| 103 | end | 103 | end |
| 104 | + | ||
| 105 | + def project_by_path(path) | ||
| 106 | + if m = /^([\w\.\/-]+)\.git/.match(path).to_a | ||
| 107 | + path_with_namespace = m.last | ||
| 108 | + path_with_namespace.gsub!(/\.wiki$/, '') | ||
| 109 | + | ||
| 110 | + Project.find_with_namespace(path_with_namespace) | ||
| 111 | + end | ||
| 112 | + end | ||
| 113 | + | ||
| 114 | + def render_not_found | ||
| 115 | + [404, {"Content-Type" => "text/plain"}, ["Not Found"]] | ||
| 116 | + end | ||
| 104 | end | 117 | end |
| 105 | end | 118 | end |
lib/gitlab/backend/grack_helpers.rb
| @@ -1,28 +0,0 @@ | @@ -1,28 +0,0 @@ | ||
| 1 | -module Grack | ||
| 2 | - module Helpers | ||
| 3 | - def project_by_path(path) | ||
| 4 | - if m = /^([\w\.\/-]+)\.git/.match(path).to_a | ||
| 5 | - path_with_namespace = m.last | ||
| 6 | - path_with_namespace.gsub!(/\.wiki$/, '') | ||
| 7 | - | ||
| 8 | - Project.find_with_namespace(path_with_namespace) | ||
| 9 | - end | ||
| 10 | - end | ||
| 11 | - | ||
| 12 | - def render_not_found | ||
| 13 | - [404, {"Content-Type" => "text/plain"}, ["Not Found"]] | ||
| 14 | - end | ||
| 15 | - | ||
| 16 | - def can?(object, action, subject) | ||
| 17 | - abilities.allowed?(object, action, subject) | ||
| 18 | - end | ||
| 19 | - | ||
| 20 | - def abilities | ||
| 21 | - @abilities ||= begin | ||
| 22 | - abilities = Six.new | ||
| 23 | - abilities << Ability | ||
| 24 | - abilities | ||
| 25 | - end | ||
| 26 | - end | ||
| 27 | - end | ||
| 28 | -end |