Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
9d79d6e1
Commit
9d79d6e1
authored
Nov 08, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make sure private_token for API is a string
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
dfade97e
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
6 additions
and
1 deletion
+6
-1
lib/api/helpers.rb
lib/api/helpers.rb
+6
-1
No files found.
lib/api/helpers.rb
View file @
9d79d6e1
...
@@ -6,19 +6,23 @@ module API
...
@@ -6,19 +6,23 @@ module API
SUDO_PARAM
=
:sudo
SUDO_PARAM
=
:sudo
def
current_user
def
current_user
@current_user
||=
User
.
find_by_authentication_token
(
params
[
PRIVATE_TOKEN_PARAM
]
||
env
[
PRIVATE_TOKEN_HEADER
])
private_token
=
(
params
[
PRIVATE_TOKEN_PARAM
]
||
env
[
PRIVATE_TOKEN_HEADER
]).
to_s
@current_user
||=
User
.
find_by_authentication_token
(
private_token
)
identifier
=
sudo_identifier
()
identifier
=
sudo_identifier
()
# If the sudo is the current user do nothing
# If the sudo is the current user do nothing
if
(
identifier
&&
!
(
@current_user
.
id
==
identifier
||
@current_user
.
username
==
identifier
))
if
(
identifier
&&
!
(
@current_user
.
id
==
identifier
||
@current_user
.
username
==
identifier
))
render_api_error!
(
'403 Forbidden: Must be admin to use sudo'
,
403
)
unless
@current_user
.
is_admin?
render_api_error!
(
'403 Forbidden: Must be admin to use sudo'
,
403
)
unless
@current_user
.
is_admin?
@current_user
=
User
.
by_username_or_id
(
identifier
)
@current_user
=
User
.
by_username_or_id
(
identifier
)
not_found!
(
"No user id or username for:
#{
identifier
}
"
)
if
@current_user
.
nil?
not_found!
(
"No user id or username for:
#{
identifier
}
"
)
if
@current_user
.
nil?
end
end
@current_user
@current_user
end
end
def
sudo_identifier
()
def
sudo_identifier
()
identifier
||=
params
[
SUDO_PARAM
]
||=
env
[
SUDO_HEADER
]
identifier
||=
params
[
SUDO_PARAM
]
||=
env
[
SUDO_HEADER
]
# Regex for integers
# Regex for integers
if
(
!!
(
identifier
=~
/^[0-9]+$/
))
if
(
!!
(
identifier
=~
/^[0-9]+$/
))
identifier
.
to_i
identifier
.
to_i
...
@@ -29,6 +33,7 @@ module API
...
@@ -29,6 +33,7 @@ module API
def
set_current_user_for_thread
def
set_current_user_for_thread
Thread
.
current
[
:current_user
]
=
current_user
Thread
.
current
[
:current_user
]
=
current_user
begin
begin
yield
yield
ensure
ensure
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment