From 995e656addd588377fbf8ae6f9e04dee37ebc604 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 12 Jun 2013 22:11:35 +0300 Subject: [PATCH] Add path blacklist --- app/models/namespace.rb | 1 + app/models/project.rb | 11 ++--------- app/models/user.rb | 1 + lib/gitlab/blacklist.rb | 9 +++++++++ 4 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 lib/gitlab/blacklist.rb diff --git a/app/models/namespace.rb b/app/models/namespace.rb index cb7164e..c74e0cf 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base message: "only letters, digits, spaces & '_' '-' '.' allowed." } validates :description, length: { within: 0..255 } validates :path, uniqueness: true, presence: true, length: { within: 1..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } diff --git a/app/models/project.rb b/app/models/project.rb index f5c2b4f..22a9c1f 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -79,6 +79,7 @@ class Project < ActiveRecord::Base format: { with: Gitlab::Regex.project_name_regex, message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" } validates :path, presence: true, length: { within: 0..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } validates :issues_enabled, :wall_enabled, :merge_requests_enabled, @@ -92,7 +93,7 @@ class Project < ActiveRecord::Base format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }, if: :import? - validate :check_limit, :repo_name + validate :check_limit # Scopes scope :without_user, ->(user) { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) } @@ -166,14 +167,6 @@ class Project < ActiveRecord::Base errors[:base] << ("Can't check your ability to create project") end - def repo_name - denied_paths = %w(admin dashboard groups help profile projects search) - - if denied_paths.include?(path) - errors.add(:path, "like #{path} is not allowed") - end - end - def to_param if namespace namespace.path + "/" + path diff --git a/app/models/user.rb b/app/models/user.rb index 3f51d7a..0a3a40b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -104,6 +104,7 @@ class User < ActiveRecord::Base validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider} validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0} validates :username, presence: true, uniqueness: true, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.username_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } diff --git a/lib/gitlab/blacklist.rb b/lib/gitlab/blacklist.rb new file mode 100644 index 0000000..b678a83 --- /dev/null +++ b/lib/gitlab/blacklist.rb @@ -0,0 +1,9 @@ +module Gitlab + module Blacklist + extend self + + def path + %w(admin dashboard groups help profile projects search public assets u s teams merge_requests issues users snippets ) + end + end +end -- libgit2 0.21.2