block user should not be able to push

Dmitriy Zaporozhets
1 parent 9c2a6e20
Showing 2 changed files with 52 additions and 28 deletions Show diff stats
lib/api/internal.rb
spec/requests/api/internal_spec.rb
@@ -20,6 +20,9 @@ module Gitlab
           project == key.project && git_cmd == 'git-upload-pack'
         else
           user = key.user
+
+          return false if user.blocked?
+
           action = case git_cmd
                    when 'git-upload-pack'
                      then :download_code
@@ -34,13 +34,7 @@ describe Gitlab::API do
  
       context "git pull" do
         it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-upload-pack'
-          )
+          pull(key, project)
  
           response.status.should == 200
           response.body.should == 'true'
@@ -49,13 +43,7 @@ describe Gitlab::API do
  
       context "git push" do
         it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-receive-pack'
-          )
+          push(key, project)
  
           response.status.should == 200
           response.body.should == 'true'
@@ -70,13 +58,7 @@ describe Gitlab::API do
  
       context "git pull" do
         it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-upload-pack'
-          )
+          pull(key, project)
  
           response.status.should == 200
           response.body.should == 'false'
@@ -85,13 +67,7 @@ describe Gitlab::API do
  
       context "git push" do
         it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-receive-pack'
-          )
+          push(key, project)
  
           response.status.should == 200
           response.body.should == 'false'
@@ -99,5 +75,50 @@ describe Gitlab::API do
       end
     end
  
+    context "blocked user" do
+      let(:personal_project) { create(:project, namespace: user.namespace) }
+
+      before do
+        user.block
+      end
+
+      context "git pull" do
+        it do
+          pull(key, personal_project)
+
+          response.status.should == 200
+          response.body.should == 'false'
+        end
+      end
+
+      context "git push" do
+        it do
+          push(key, personal_project)
+
+          response.status.should == 200
+          response.body.should == 'false'
+        end
+      end
+    end
+  end
+
+  def pull(key, project)
+    get(
+      api("/internal/allowed"),
+      ref: 'master',
+      key_id: key.id,
+      project: project.path_with_namespace,
+      action: 'git-upload-pack'
+    )
+  end
+
+  def push(key, project)
+    get(
+      api("/internal/allowed"),
+      ref: 'master',
+      key_id: key.id,
+      project: project.path_with_namespace,
+      action: 'git-receive-pack'
+    )
   end
 end
...	...	@@ -20,6 +20,9 @@ module Gitlab
20	20	project == key.project && git_cmd == 'git-upload-pack'
21	21	else
22	22	user = key.user
	23	+
	24	+ return false if user.blocked?
	25	+
23	26	action = case git_cmd
24	27	when 'git-upload-pack'
25	28	then :download_code
...	...
...	...	@@ -34,13 +34,7 @@ describe Gitlab::API do
34	34
35	35	context "git pull" do
36	36	it do
37		- get(
38		- api("/internal/allowed"),
39		- ref: 'master',
40		- key_id: key.id,
41		- project: project.path_with_namespace,
42		- action: 'git-upload-pack'
43		- )
	37	+ pull(key, project)
44	38
45	39	response.status.should == 200
46	40	response.body.should == 'true'
...	...	@@ -49,13 +43,7 @@ describe Gitlab::API do
49	43
50	44	context "git push" do
51	45	it do
52		- get(
53		- api("/internal/allowed"),
54		- ref: 'master',
55		- key_id: key.id,
56		- project: project.path_with_namespace,
57		- action: 'git-receive-pack'
58		- )
	46	+ push(key, project)
59	47
60	48	response.status.should == 200
61	49	response.body.should == 'true'
...	...	@@ -70,13 +58,7 @@ describe Gitlab::API do
70	58
71	59	context "git pull" do
72	60	it do
73		- get(
74		- api("/internal/allowed"),
75		- ref: 'master',
76		- key_id: key.id,
77		- project: project.path_with_namespace,
78		- action: 'git-upload-pack'
79		- )
	61	+ pull(key, project)
80	62
81	63	response.status.should == 200
82	64	response.body.should == 'false'
...	...	@@ -85,13 +67,7 @@ describe Gitlab::API do
85	67
86	68	context "git push" do
87	69	it do
88		- get(
89		- api("/internal/allowed"),
90		- ref: 'master',
91		- key_id: key.id,
92		- project: project.path_with_namespace,
93		- action: 'git-receive-pack'
94		- )
	70	+ push(key, project)
95	71
96	72	response.status.should == 200
97	73	response.body.should == 'false'
...	...	@@ -99,5 +75,50 @@ describe Gitlab::API do
99	75	end
100	76	end
101	77
	78	+ context "blocked user" do
	79	+ let(:personal_project) { create(:project, namespace: user.namespace) }
	80	+
	81	+ before do
	82	+ user.block
	83	+ end
	84	+
	85	+ context "git pull" do
	86	+ it do
	87	+ pull(key, personal_project)
	88	+
	89	+ response.status.should == 200
	90	+ response.body.should == 'false'
	91	+ end
	92	+ end
	93	+
	94	+ context "git push" do
	95	+ it do
	96	+ push(key, personal_project)
	97	+
	98	+ response.status.should == 200
	99	+ response.body.should == 'false'
	100	+ end
	101	+ end
	102	+ end
	103	+ end
	104	+
	105	+ def pull(key, project)
	106	+ get(
	107	+ api("/internal/allowed"),
	108	+ ref: 'master',
	109	+ key_id: key.id,
	110	+ project: project.path_with_namespace,
	111	+ action: 'git-upload-pack'
	112	+ )
	113	+ end
	114	+
	115	+ def push(key, project)
	116	+ get(
	117	+ api("/internal/allowed"),
	118	+ ref: 'master',
	119	+ key_id: key.id,
	120	+ project: project.path_with_namespace,
	121	+ action: 'git-receive-pack'
	122	+ )
102	123	end
103	124	end
...	...