Commit 8c08fb9b28c77fb5bb19bfd7c041d557c89f7120
Exists in
master
and in
4 other branches
Merge pull request #4662 from jzi/allow_archive_for_deploy_key
allow all git-upload-* commands for deploy keys
Showing
2 changed files
with
43 additions
and
3 deletions
Show diff stats
lib/api/internal.rb
| 1 | 1 | module API |
| 2 | 2 | # Internal access API |
| 3 | 3 | class Internal < Grape::API |
| 4 | + | |
| 5 | + DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive } | |
| 6 | + PUSH_COMMANDS = %w{ git-receive-pack } | |
| 7 | + | |
| 4 | 8 | namespace 'internal' do |
| 5 | 9 | # |
| 6 | 10 | # Check if ssh key has access to project code |
| ... | ... | @@ -26,16 +30,16 @@ module API |
| 26 | 30 | |
| 27 | 31 | |
| 28 | 32 | if key.is_a? DeployKey |
| 29 | - key.projects.include?(project) && git_cmd == 'git-upload-pack' | |
| 33 | + key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd) | |
| 30 | 34 | else |
| 31 | 35 | user = key.user |
| 32 | 36 | |
| 33 | 37 | return false if user.blocked? |
| 34 | 38 | |
| 35 | 39 | action = case git_cmd |
| 36 | - when 'git-upload-pack', 'git-upload-archive' | |
| 40 | + when *DOWNLOAD_COMMANDS | |
| 37 | 41 | then :download_code |
| 38 | - when 'git-receive-pack' | |
| 42 | + when *PUSH_COMMANDS | |
| 39 | 43 | then |
| 40 | 44 | if project.protected_branch?(params[:ref]) |
| 41 | 45 | :push_code_to_protected_branches | ... | ... |
spec/requests/api/internal_spec.rb
| ... | ... | @@ -100,6 +100,32 @@ describe API::API do |
| 100 | 100 | end |
| 101 | 101 | end |
| 102 | 102 | end |
| 103 | + | |
| 104 | + context "deploy key" do | |
| 105 | + let(:key) { create(:deploy_key) } | |
| 106 | + | |
| 107 | + context "added to project" do | |
| 108 | + before do | |
| 109 | + key.projects << project | |
| 110 | + end | |
| 111 | + | |
| 112 | + it do | |
| 113 | + archive(key, project) | |
| 114 | + | |
| 115 | + response.status.should == 200 | |
| 116 | + response.body.should == 'true' | |
| 117 | + end | |
| 118 | + end | |
| 119 | + | |
| 120 | + context "not added to project" do | |
| 121 | + it do | |
| 122 | + archive(key, project) | |
| 123 | + | |
| 124 | + response.status.should == 200 | |
| 125 | + response.body.should == 'false' | |
| 126 | + end | |
| 127 | + end | |
| 128 | + end | |
| 103 | 129 | end |
| 104 | 130 | |
| 105 | 131 | def pull(key, project) |
| ... | ... | @@ -121,4 +147,14 @@ describe API::API do |
| 121 | 147 | action: 'git-receive-pack' |
| 122 | 148 | ) |
| 123 | 149 | end |
| 150 | + | |
| 151 | + def archive(key, project) | |
| 152 | + get( | |
| 153 | + api("/internal/allowed"), | |
| 154 | + ref: 'master', | |
| 155 | + key_id: key.id, | |
| 156 | + project: project.path_with_namespace, | |
| 157 | + action: 'git-upload-archive' | |
| 158 | + ) | |
| 159 | + end | |
| 124 | 160 | end | ... | ... |