Download as
Browse Code »

Commit d2cec12632079e07ff40876e7c6ecd4c21418dc3

Authored by Dmitriy Zaporozhets
1 parent 9c2a6e20
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

block user should not be able to push

Showing 2 changed files with 52 additions and 28 deletions   Show diff stats
lib/api/internal.rb
  Diff comments   View file @d2cec12
@@ -20,6 +20,9 @@ module Gitlab @@ -20,6 +20,9 @@ module Gitlab
20 project == key.project && git_cmd == 'git-upload-pack' 20 project == key.project && git_cmd == 'git-upload-pack'
21 else 21 else
22 user = key.user 22 user = key.user
  23 +
  24 + return false if user.blocked?
  25 +
23 action = case git_cmd 26 action = case git_cmd
24 when 'git-upload-pack' 27 when 'git-upload-pack'
25 then :download_code 28 then :download_code
spec/requests/api/internal_spec.rb
  Diff comments   View file @d2cec12
@@ -34,13 +34,7 @@ describe Gitlab::API do @@ -34,13 +34,7 @@ describe Gitlab::API do
34 34
35 context "git pull" do 35 context "git pull" do
36 it do 36 it do
37 - get(  
38 - api("/internal/allowed"),  
39 - ref: 'master',  
40 - key_id: key.id,  
41 - project: project.path_with_namespace,  
42 - action: 'git-upload-pack'  
43 - ) 37 + pull(key, project)
44 38
45 response.status.should == 200 39 response.status.should == 200
46 response.body.should == 'true' 40 response.body.should == 'true'
@@ -49,13 +43,7 @@ describe Gitlab::API do @@ -49,13 +43,7 @@ describe Gitlab::API do
49 43
50 context "git push" do 44 context "git push" do
51 it do 45 it do
52 - get(  
53 - api("/internal/allowed"),  
54 - ref: 'master',  
55 - key_id: key.id,  
56 - project: project.path_with_namespace,  
57 - action: 'git-receive-pack'  
58 - ) 46 + push(key, project)
59 47
60 response.status.should == 200 48 response.status.should == 200
61 response.body.should == 'true' 49 response.body.should == 'true'
@@ -70,13 +58,7 @@ describe Gitlab::API do @@ -70,13 +58,7 @@ describe Gitlab::API do
70 58
71 context "git pull" do 59 context "git pull" do
72 it do 60 it do
73 - get(  
74 - api("/internal/allowed"),  
75 - ref: 'master',  
76 - key_id: key.id,  
77 - project: project.path_with_namespace,  
78 - action: 'git-upload-pack'  
79 - ) 61 + pull(key, project)
80 62
81 response.status.should == 200 63 response.status.should == 200
82 response.body.should == 'false' 64 response.body.should == 'false'
@@ -85,13 +67,7 @@ describe Gitlab::API do @@ -85,13 +67,7 @@ describe Gitlab::API do
85 67
86 context "git push" do 68 context "git push" do
87 it do 69 it do
88 - get(  
89 - api("/internal/allowed"),  
90 - ref: 'master',  
91 - key_id: key.id,  
92 - project: project.path_with_namespace,  
93 - action: 'git-receive-pack'  
94 - ) 70 + push(key, project)
95 71
96 response.status.should == 200 72 response.status.should == 200
97 response.body.should == 'false' 73 response.body.should == 'false'
@@ -99,5 +75,50 @@ describe Gitlab::API do @@ -99,5 +75,50 @@ describe Gitlab::API do
99 end 75 end
100 end 76 end
101 77
  78 + context "blocked user" do
  79 + let(:personal_project) { create(:project, namespace: user.namespace) }
  80 +
  81 + before do
  82 + user.block
  83 + end
  84 +
  85 + context "git pull" do
  86 + it do
  87 + pull(key, personal_project)
  88 +
  89 + response.status.should == 200
  90 + response.body.should == 'false'
  91 + end
  92 + end
  93 +
  94 + context "git push" do
  95 + it do
  96 + push(key, personal_project)
  97 +
  98 + response.status.should == 200
  99 + response.body.should == 'false'
  100 + end
  101 + end
  102 + end
  103 + end
  104 +
  105 + def pull(key, project)
  106 + get(
  107 + api("/internal/allowed"),
  108 + ref: 'master',
  109 + key_id: key.id,
  110 + project: project.path_with_namespace,
  111 + action: 'git-upload-pack'
  112 + )
  113 + end
  114 +
  115 + def push(key, project)
  116 + get(
  117 + api("/internal/allowed"),
  118 + ref: 'master',
  119 + key_id: key.id,
  120 + project: project.path_with_namespace,
  121 + action: 'git-receive-pack'
  122 + )
102 end 123 end
103 end 124 end