Commit 8ec42ff85ced58f925a1214738c841372f774eda
Exists in
spb-stable
and in
2 other branches
Merge pull request #7090 from NARKOZ/api-files-access
fix permissions for files API
Showing
1 changed file
with
8 additions
and
1 deletions
Show diff stats
lib/api/files.rb
| @@ -2,7 +2,6 @@ module API | @@ -2,7 +2,6 @@ module API | ||
| 2 | # Projects API | 2 | # Projects API |
| 3 | class Files < Grape::API | 3 | class Files < Grape::API |
| 4 | before { authenticate! } | 4 | before { authenticate! } |
| 5 | - before { authorize! :push_code, user_project } | ||
| 6 | 5 | ||
| 7 | resource :projects do | 6 | resource :projects do |
| 8 | # Get file from repository | 7 | # Get file from repository |
| @@ -28,6 +27,8 @@ module API | @@ -28,6 +27,8 @@ module API | ||
| 28 | # } | 27 | # } |
| 29 | # | 28 | # |
| 30 | get ":id/repository/files" do | 29 | get ":id/repository/files" do |
| 30 | + authorize! :download_code, user_project | ||
| 31 | + | ||
| 31 | required_attributes! [:file_path, :ref] | 32 | required_attributes! [:file_path, :ref] |
| 32 | attrs = attributes_for_keys [:file_path, :ref] | 33 | attrs = attributes_for_keys [:file_path, :ref] |
| 33 | ref = attrs.delete(:ref) | 34 | ref = attrs.delete(:ref) |
| @@ -68,6 +69,8 @@ module API | @@ -68,6 +69,8 @@ module API | ||
| 68 | # POST /projects/:id/repository/files | 69 | # POST /projects/:id/repository/files |
| 69 | # | 70 | # |
| 70 | post ":id/repository/files" do | 71 | post ":id/repository/files" do |
| 72 | + authorize! :push_code, user_project | ||
| 73 | + | ||
| 71 | required_attributes! [:file_path, :branch_name, :content, :commit_message] | 74 | required_attributes! [:file_path, :branch_name, :content, :commit_message] |
| 72 | attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] | 75 | attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] |
| 73 | branch_name = attrs.delete(:branch_name) | 76 | branch_name = attrs.delete(:branch_name) |
| @@ -98,6 +101,8 @@ module API | @@ -98,6 +101,8 @@ module API | ||
| 98 | # PUT /projects/:id/repository/files | 101 | # PUT /projects/:id/repository/files |
| 99 | # | 102 | # |
| 100 | put ":id/repository/files" do | 103 | put ":id/repository/files" do |
| 104 | + authorize! :push_code, user_project | ||
| 105 | + | ||
| 101 | required_attributes! [:file_path, :branch_name, :content, :commit_message] | 106 | required_attributes! [:file_path, :branch_name, :content, :commit_message] |
| 102 | attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] | 107 | attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] |
| 103 | branch_name = attrs.delete(:branch_name) | 108 | branch_name = attrs.delete(:branch_name) |
| @@ -128,6 +133,8 @@ module API | @@ -128,6 +133,8 @@ module API | ||
| 128 | # DELETE /projects/:id/repository/files | 133 | # DELETE /projects/:id/repository/files |
| 129 | # | 134 | # |
| 130 | delete ":id/repository/files" do | 135 | delete ":id/repository/files" do |
| 136 | + authorize! :push_code, user_project | ||
| 137 | + | ||
| 131 | required_attributes! [:file_path, :branch_name, :commit_message] | 138 | required_attributes! [:file_path, :branch_name, :commit_message] |
| 132 | attrs = attributes_for_keys [:file_path, :branch_name, :commit_message] | 139 | attrs = attributes_for_keys [:file_path, :branch_name, :commit_message] |
| 133 | branch_name = attrs.delete(:branch_name) | 140 | branch_name = attrs.delete(:branch_name) |