Commit 8ec42ff8 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge pull request #7090 from NARKOZ/api-files-access

fix permissions for files API
parents 67ba36eb dccfb374
...@@ -2,7 +2,6 @@ module API ...@@ -2,7 +2,6 @@ module API
# Projects API # Projects API
class Files < Grape::API class Files < Grape::API
before { authenticate! } before { authenticate! }
before { authorize! :push_code, user_project }
resource :projects do resource :projects do
# Get file from repository # Get file from repository
...@@ -28,6 +27,8 @@ module API ...@@ -28,6 +27,8 @@ module API
# } # }
# #
get ":id/repository/files" do get ":id/repository/files" do
authorize! :download_code, user_project
required_attributes! [:file_path, :ref] required_attributes! [:file_path, :ref]
attrs = attributes_for_keys [:file_path, :ref] attrs = attributes_for_keys [:file_path, :ref]
ref = attrs.delete(:ref) ref = attrs.delete(:ref)
...@@ -68,6 +69,8 @@ module API ...@@ -68,6 +69,8 @@ module API
# POST /projects/:id/repository/files # POST /projects/:id/repository/files
# #
post ":id/repository/files" do post ":id/repository/files" do
authorize! :push_code, user_project
required_attributes! [:file_path, :branch_name, :content, :commit_message] required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
branch_name = attrs.delete(:branch_name) branch_name = attrs.delete(:branch_name)
...@@ -98,6 +101,8 @@ module API ...@@ -98,6 +101,8 @@ module API
# PUT /projects/:id/repository/files # PUT /projects/:id/repository/files
# #
put ":id/repository/files" do put ":id/repository/files" do
authorize! :push_code, user_project
required_attributes! [:file_path, :branch_name, :content, :commit_message] required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding] attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
branch_name = attrs.delete(:branch_name) branch_name = attrs.delete(:branch_name)
...@@ -128,6 +133,8 @@ module API ...@@ -128,6 +133,8 @@ module API
# DELETE /projects/:id/repository/files # DELETE /projects/:id/repository/files
# #
delete ":id/repository/files" do delete ":id/repository/files" do
authorize! :push_code, user_project
required_attributes! [:file_path, :branch_name, :commit_message] required_attributes! [:file_path, :branch_name, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :commit_message] attrs = attributes_for_keys [:file_path, :branch_name, :commit_message]
branch_name = attrs.delete(:branch_name) branch_name = attrs.delete(:branch_name)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment