Commit 8c08fb9b28c77fb5bb19bfd7c041d557c89f7120
Exists in
master
and in
4 other branches
Merge pull request #4662 from jzi/allow_archive_for_deploy_key
allow all git-upload-* commands for deploy keys
Showing
2 changed files
with
43 additions
and
3 deletions
Show diff stats
lib/api/internal.rb
| 1 | module API | 1 | module API |
| 2 | # Internal access API | 2 | # Internal access API |
| 3 | class Internal < Grape::API | 3 | class Internal < Grape::API |
| 4 | + | ||
| 5 | + DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive } | ||
| 6 | + PUSH_COMMANDS = %w{ git-receive-pack } | ||
| 7 | + | ||
| 4 | namespace 'internal' do | 8 | namespace 'internal' do |
| 5 | # | 9 | # |
| 6 | # Check if ssh key has access to project code | 10 | # Check if ssh key has access to project code |
| @@ -26,16 +30,16 @@ module API | @@ -26,16 +30,16 @@ module API | ||
| 26 | 30 | ||
| 27 | 31 | ||
| 28 | if key.is_a? DeployKey | 32 | if key.is_a? DeployKey |
| 29 | - key.projects.include?(project) && git_cmd == 'git-upload-pack' | 33 | + key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd) |
| 30 | else | 34 | else |
| 31 | user = key.user | 35 | user = key.user |
| 32 | 36 | ||
| 33 | return false if user.blocked? | 37 | return false if user.blocked? |
| 34 | 38 | ||
| 35 | action = case git_cmd | 39 | action = case git_cmd |
| 36 | - when 'git-upload-pack', 'git-upload-archive' | 40 | + when *DOWNLOAD_COMMANDS |
| 37 | then :download_code | 41 | then :download_code |
| 38 | - when 'git-receive-pack' | 42 | + when *PUSH_COMMANDS |
| 39 | then | 43 | then |
| 40 | if project.protected_branch?(params[:ref]) | 44 | if project.protected_branch?(params[:ref]) |
| 41 | :push_code_to_protected_branches | 45 | :push_code_to_protected_branches |
spec/requests/api/internal_spec.rb
| @@ -100,6 +100,32 @@ describe API::API do | @@ -100,6 +100,32 @@ describe API::API do | ||
| 100 | end | 100 | end |
| 101 | end | 101 | end |
| 102 | end | 102 | end |
| 103 | + | ||
| 104 | + context "deploy key" do | ||
| 105 | + let(:key) { create(:deploy_key) } | ||
| 106 | + | ||
| 107 | + context "added to project" do | ||
| 108 | + before do | ||
| 109 | + key.projects << project | ||
| 110 | + end | ||
| 111 | + | ||
| 112 | + it do | ||
| 113 | + archive(key, project) | ||
| 114 | + | ||
| 115 | + response.status.should == 200 | ||
| 116 | + response.body.should == 'true' | ||
| 117 | + end | ||
| 118 | + end | ||
| 119 | + | ||
| 120 | + context "not added to project" do | ||
| 121 | + it do | ||
| 122 | + archive(key, project) | ||
| 123 | + | ||
| 124 | + response.status.should == 200 | ||
| 125 | + response.body.should == 'false' | ||
| 126 | + end | ||
| 127 | + end | ||
| 128 | + end | ||
| 103 | end | 129 | end |
| 104 | 130 | ||
| 105 | def pull(key, project) | 131 | def pull(key, project) |
| @@ -121,4 +147,14 @@ describe API::API do | @@ -121,4 +147,14 @@ describe API::API do | ||
| 121 | action: 'git-receive-pack' | 147 | action: 'git-receive-pack' |
| 122 | ) | 148 | ) |
| 123 | end | 149 | end |
| 150 | + | ||
| 151 | + def archive(key, project) | ||
| 152 | + get( | ||
| 153 | + api("/internal/allowed"), | ||
| 154 | + ref: 'master', | ||
| 155 | + key_id: key.id, | ||
| 156 | + project: project.path_with_namespace, | ||
| 157 | + action: 'git-upload-archive' | ||
| 158 | + ) | ||
| 159 | + end | ||
| 124 | end | 160 | end |