fix export project file permissions issue

958d9f11 · James Lopez · 08bab4bb · 958d9f11 · 958d9f11 · 958d9f11
Commit 958d9f11 authored Sep 29, 2016 by James Lopez
10 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,9 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 8.13.0 (unreleased)
  - Speed-up group milestones show page
+v 8.12.4 (unreleased)
+  - Set GitLab project exported file permissions to owner only
 v 8.12.2 (unreleased)
  - Fix Import/Export not recognising correctly the imported services.
  - Respect the fork_project permission when forking projects

--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
 module Gitlab
  module ImportExport
    module CommandLineUtil
+      DEFAULT_MODE = 0700
      def tar_czf(archive:, dir:)
        tar_with_options(archive: archive, dir: dir, options: 'czf')
      end
@@ -21,6 +23,11 @@ module Gitlab
        execute(%W(#{Gitlab.config.gitlab_shell.path}/bin/create-hooks) + repository_storage_paths_args)
      end
+      def mkdir_p(path)
+        FileUtils.mkdir_p(path, mode: DEFAULT_MODE)
+        FileUtils.chmod(DEFAULT_MODE, path)
+      end
      private
      def tar_with_options(archive:, dir:, options:)
@@ -45,7 +52,7 @@ module Gitlab
        # if we are copying files, create the destination folder
        destination_folder = File.file?(source) ? File.dirname(destination) : destination
-        FileUtils.mkdir_p(destination_folder)
+        mkdir_p(destination_folder)
        FileUtils.copy_entry(source, destination)
        true
      end

--- a/lib/gitlab/import_export/file_importer.rb
+++ b/lib/gitlab/import_export/file_importer.rb
@@ -15,7 +15,7 @@ module Gitlab
      end
      def import
-        FileUtils.mkdir_p(@shared.export_path)
+        mkdir_p(@shared.export_path)
        wait_for_archived_file do
          decompress_archive

--- a/lib/gitlab/import_export/project_tree_saver.rb
+++ b/lib/gitlab/import_export/project_tree_saver.rb
 module Gitlab
  module ImportExport
    class ProjectTreeSaver
+      include Gitlab::ImportExport::CommandLineUtil
      attr_reader :full_path
      def initialize(project:, shared:)
@@ -10,7 +12,7 @@ module Gitlab
      end
      def save
-        FileUtils.mkdir_p(@shared.export_path)
+        mkdir_p(@shared.export_path)
        File.write(full_path, project_json_tree)
        true

--- a/lib/gitlab/import_export/repo_restorer.rb
+++ b/lib/gitlab/import_export/repo_restorer.rb
@@ -12,7 +12,7 @@ module Gitlab
      def restore
        return true unless File.exist?(@path_to_bundle)
-        FileUtils.mkdir_p(path_to_repo)
+        mkdir_p(path_to_repo)
        git_unbundle(repo_path: path_to_repo, bundle_path: @path_to_bundle) && repo_restore_hooks
      rescue => e

--- a/lib/gitlab/import_export/repo_saver.rb
+++ b/lib/gitlab/import_export/repo_saver.rb
@@ -20,7 +20,7 @@ module Gitlab
      private
      def bundle_to_disk
-        FileUtils.mkdir_p(@shared.export_path)
+        mkdir_p(@shared.export_path)
        git_bundle(repo_path: path_to_repo, bundle_path: @full_path)
      rescue => e
        @shared.error(e)

--- a/lib/gitlab/import_export/version_saver.rb
+++ b/lib/gitlab/import_export/version_saver.rb
 module Gitlab
  module ImportExport
    class VersionSaver
+      include Gitlab::ImportExport::CommandLineUtil
      def initialize(shared:)
        @shared = shared
      end
      def save
-        FileUtils.mkdir_p(@shared.export_path)
+        mkdir_p(@shared.export_path)
        File.write(version_file, Gitlab::ImportExport.version, mode: 'w')
      rescue => e

--- a/lib/gitlab/import_export/wiki_repo_saver.rb
+++ b/lib/gitlab/import_export/wiki_repo_saver.rb
@@ -9,7 +9,7 @@ module Gitlab
      end
      def bundle_to_disk(full_path)
-        FileUtils.mkdir_p(@shared.export_path)
+        mkdir_p(@shared.export_path)
        git_bundle(repo_path: path_to_repo, bundle_path: full_path)
      rescue => e
        @shared.error(e)

--- a/spec/features/projects/import_export/export_file_spec.rb
+++ b/spec/features/projects/import_export/export_file_spec.rb
@@ -47,6 +47,8 @@ feature 'Import/Export - project export integration test', feature: true, js: tr
      expect(page).to have_content('Download export')
+      expect(file_permissions(project.export_path)).to eq(0700)
      in_directory_with_expanded_export(project) do |exit_status, tmpdir|
        expect(exit_status).to eq(0)

--- a/spec/support/import_export/export_file_helper.rb
+++ b/spec/support/import_export/export_file_helper.rb
@@ -130,4 +130,8 @@ module ExportFileHelper
    (parsed_model_attributes - parent.keys - excluded_attributes).empty?
  end
+  def file_permissions(file)
+    File.stat(file).mode & 0777
+  end
 end