Commit 7ff1c0e3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'fix-internal-api' into 'master'

Fix internal api

Fixes #1787

See merge request !1280
parents 27077ab2 612b8806
...@@ -33,15 +33,20 @@ module API ...@@ -33,15 +33,20 @@ module API
end end
project = Project.find_with_namespace(project_path) project = Project.find_with_namespace(project_path)
return false unless project
unless project
return Gitlab::GitAccessStatus.new(false, 'No such project')
end
actor = if params[:key_id] actor = if params[:key_id]
Key.find(params[:key_id]) Key.find_by(id: params[:key_id])
elsif params[:user_id] elsif params[:user_id]
User.find(params[:user_id]) User.find_by(id: params[:user_id])
end end
return false unless actor unless actor
return Gitlab::GitAccessStatus.new(false, 'No such user or key')
end
access.check( access.check(
actor, actor,
......
...@@ -8,15 +8,7 @@ module Gitlab ...@@ -8,15 +8,7 @@ module Gitlab
def check(actor, cmd, project, changes = nil) def check(actor, cmd, project, changes = nil)
case cmd case cmd
when *DOWNLOAD_COMMANDS when *DOWNLOAD_COMMANDS
if actor.is_a? User
download_access_check(actor, project) download_access_check(actor, project)
elsif actor.is_a? DeployKey
actor.projects.include?(project)
elsif actor.is_a? Key
download_access_check(actor.user, project)
else
raise 'Wrong actor'
end
when *PUSH_COMMANDS when *PUSH_COMMANDS
if actor.is_a? User if actor.is_a? User
push_access_check(actor, project, changes) push_access_check(actor, project, changes)
...@@ -32,7 +24,23 @@ module Gitlab ...@@ -32,7 +24,23 @@ module Gitlab
end end
end end
def download_access_check(user, project) def download_access_check(actor, project)
if actor.is_a?(User)
user_download_access_check(actor, project)
elsif actor.is_a?(DeployKey)
if actor.projects.include?(project)
build_status_object(true)
else
build_status_object(false, "Deploy key not allowed to access this project")
end
elsif actor.is_a? Key
user_download_access_check(actor.user, project)
else
raise 'Wrong actor'
end
end
def user_download_access_check(user, project)
if user && user_allowed?(user) && user.can?(:download_code, project) if user && user_allowed?(user) && user.can?(:download_code, project)
build_status_object(true) build_status_object(true)
else else
......
...@@ -46,6 +46,25 @@ describe Gitlab::GitAccess do ...@@ -46,6 +46,25 @@ describe Gitlab::GitAccess do
it { subject.allowed?.should be_false } it { subject.allowed?.should be_false }
end end
end end
describe 'deploy key permissions' do
let(:key) { create(:deploy_key) }
context 'pull code' do
context 'allowed' do
before { key.projects << project }
subject { access.download_access_check(key, project) }
it { subject.allowed?.should be_true }
end
context 'denied' do
subject { access.download_access_check(key, project) }
it { subject.allowed?.should be_false }
end
end
end
end end
describe 'push_access_check' do describe 'push_access_check' do
......
...@@ -26,7 +26,7 @@ describe API::API, api: true do ...@@ -26,7 +26,7 @@ describe API::API, api: true do
end end
end end
describe "GET /internal/allowed" do describe "POST /internal/allowed" do
context "access granted" do context "access granted" do
before do before do
project.team << [user, :developer] project.team << [user, :developer]
...@@ -140,7 +140,7 @@ describe API::API, api: true do ...@@ -140,7 +140,7 @@ describe API::API, api: true do
archive(key, project) archive(key, project)
response.status.should == 200 response.status.should == 200
response.body.should == 'true' JSON.parse(response.body)["status"].should be_true
end end
end end
...@@ -149,9 +149,27 @@ describe API::API, api: true do ...@@ -149,9 +149,27 @@ describe API::API, api: true do
archive(key, project) archive(key, project)
response.status.should == 200 response.status.should == 200
response.body.should == 'false' JSON.parse(response.body)["status"].should be_false
end
end
end
context 'project does not exist' do
it do
pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))
response.status.should == 200
JSON.parse(response.body)["status"].should be_false
end end
end end
context 'user does not exist' do
it do
pull(OpenStruct.new(id: 0), project)
response.status.should == 200
JSON.parse(response.body)["status"].should be_false
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment