Commit 83e83b6617694c03457ca3a36230b54560ce6833
1 parent
612a909e
Exists in
spb-stable
and in
3 other branches
Improve grack auth
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
2 changed files
with
17 additions
and
32 deletions
Show diff stats
lib/gitlab/backend/grack_auth.rb
1 | require_relative 'shell_env' | 1 | require_relative 'shell_env' |
2 | -require_relative 'grack_helpers' | ||
3 | 2 | ||
4 | module Grack | 3 | module Grack |
5 | class Auth < Rack::Auth::Basic | 4 | class Auth < Rack::Auth::Basic |
6 | - include Helpers | ||
7 | 5 | ||
8 | attr_accessor :user, :project, :env | 6 | attr_accessor :user, :project, :env |
9 | 7 | ||
@@ -79,12 +77,14 @@ module Grack | @@ -79,12 +77,14 @@ module Grack | ||
79 | 77 | ||
80 | def authorize_request(service) | 78 | def authorize_request(service) |
81 | case service | 79 | case service |
82 | - when 'git-upload-pack' | 80 | + when *Gitlab::GitAccess::DOWNLOAD_COMMANDS |
83 | # Serve only upload request. | 81 | # Serve only upload request. |
84 | # Authorization on push will be serverd by update hook in repository | 82 | # Authorization on push will be serverd by update hook in repository |
85 | Gitlab::GitAccess.new.download_allowed?(user, project) | 83 | Gitlab::GitAccess.new.download_allowed?(user, project) |
86 | - else | 84 | + when *Gitlab::GitAccess::PUSH_COMMANDS |
87 | true | 85 | true |
86 | + else | ||
87 | + false | ||
88 | end | 88 | end |
89 | end | 89 | end |
90 | 90 | ||
@@ -101,5 +101,18 @@ module Grack | @@ -101,5 +101,18 @@ module Grack | ||
101 | def project | 101 | def project |
102 | @project ||= project_by_path(@request.path_info) | 102 | @project ||= project_by_path(@request.path_info) |
103 | end | 103 | end |
104 | + | ||
105 | + def project_by_path(path) | ||
106 | + if m = /^([\w\.\/-]+)\.git/.match(path).to_a | ||
107 | + path_with_namespace = m.last | ||
108 | + path_with_namespace.gsub!(/\.wiki$/, '') | ||
109 | + | ||
110 | + Project.find_with_namespace(path_with_namespace) | ||
111 | + end | ||
112 | + end | ||
113 | + | ||
114 | + def render_not_found | ||
115 | + [404, {"Content-Type" => "text/plain"}, ["Not Found"]] | ||
116 | + end | ||
104 | end | 117 | end |
105 | end | 118 | end |
lib/gitlab/backend/grack_helpers.rb
@@ -1,28 +0,0 @@ | @@ -1,28 +0,0 @@ | ||
1 | -module Grack | ||
2 | - module Helpers | ||
3 | - def project_by_path(path) | ||
4 | - if m = /^([\w\.\/-]+)\.git/.match(path).to_a | ||
5 | - path_with_namespace = m.last | ||
6 | - path_with_namespace.gsub!(/\.wiki$/, '') | ||
7 | - | ||
8 | - Project.find_with_namespace(path_with_namespace) | ||
9 | - end | ||
10 | - end | ||
11 | - | ||
12 | - def render_not_found | ||
13 | - [404, {"Content-Type" => "text/plain"}, ["Not Found"]] | ||
14 | - end | ||
15 | - | ||
16 | - def can?(object, action, subject) | ||
17 | - abilities.allowed?(object, action, subject) | ||
18 | - end | ||
19 | - | ||
20 | - def abilities | ||
21 | - @abilities ||= begin | ||
22 | - abilities = Six.new | ||
23 | - abilities << Ability | ||
24 | - abilities | ||
25 | - end | ||
26 | - end | ||
27 | - end | ||
28 | -end |