Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
494c6dde
Commit
494c6dde
authored
Mar 11, 2022
by
Darby Frey
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactoring and test clean up
parent
a2eba097
Changes
4
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
70 additions
and
90 deletions
+70
-90
app/controllers/projects/ci/secure_files_controller.rb
app/controllers/projects/ci/secure_files_controller.rb
+1
-7
app/policies/project_policy.rb
app/policies/project_policy.rb
+0
-1
lib/api/ci/secure_files.rb
lib/api/ci/secure_files.rb
+6
-10
spec/requests/api/ci/secure_files_spec.rb
spec/requests/api/ci/secure_files_spec.rb
+63
-72
No files found.
app/controllers/projects/ci/secure_files_controller.rb
View file @
494c6dde
# frozen_string_literal: true
# frozen_string_literal: true
class
Projects::Ci::SecureFilesController
<
Projects
::
ApplicationController
class
Projects::Ci::SecureFilesController
<
Projects
::
ApplicationController
before_action
:
check_can_collaborate
!
before_action
:
authorize_read_secure_files
!
feature_category
:pipeline_authoring
feature_category
:pipeline_authoring
def
show
def
show
end
end
private
def
check_can_collaborate!
render_404
unless
can?
(
current_user
,
:read_secure_files
,
project
)
end
end
end
app/policies/project_policy.rb
View file @
494c6dde
...
@@ -463,7 +463,6 @@ class ProjectPolicy < BasePolicy
...
@@ -463,7 +463,6 @@ class ProjectPolicy < BasePolicy
enable
:register_project_runners
enable
:register_project_runners
enable
:update_runners_registration_token
enable
:update_runners_registration_token
enable
:admin_project_google_cloud
enable
:admin_project_google_cloud
enable
:read_secure_files
enable
:admin_secure_files
enable
:admin_secure_files
end
end
...
...
lib/api/ci/secure_files.rb
View file @
494c6dde
...
@@ -52,17 +52,18 @@ module API
...
@@ -52,17 +52,18 @@ module API
body
secure_file
.
file
.
read
body
secure_file
.
file
.
read
end
end
# Additional authorization check for admin endpoints
# All APIs defined below this block will require admin level permissions
before
do
authorize!
:admin_secure_files
,
user_project
end
desc
'Upload a Secure File'
desc
'Upload a Secure File'
params
do
params
do
requires
:name
,
type:
String
,
desc:
'The name of the file'
requires
:name
,
type:
String
,
desc:
'The name of the file'
requires
:file
,
types:
[
Rack
::
Multipart
::
UploadedFile
,
::
API
::
Validations
::
Types
::
WorkhorseFile
],
desc:
'The secure file to be uploaded'
requires
:file
,
types:
[
Rack
::
Multipart
::
UploadedFile
,
::
API
::
Validations
::
Types
::
WorkhorseFile
],
desc:
'The secure file to be uploaded'
optional
:permissions
,
type:
String
,
desc:
'The file permissions'
,
default:
'read_only'
,
values:
%w[read_only read_write execute]
optional
:permissions
,
type:
String
,
desc:
'The file permissions'
,
default:
'read_only'
,
values:
%w[read_only read_write execute]
end
end
before
do
authorize!
:admin_secure_files
,
user_project
end
route_setting
:authentication
,
basic_auth_personal_access_token:
true
,
job_token_allowed:
true
route_setting
:authentication
,
basic_auth_personal_access_token:
true
,
job_token_allowed:
true
post
':id/secure_files'
do
post
':id/secure_files'
do
secure_file
=
user_project
.
secure_files
.
new
(
secure_file
=
user_project
.
secure_files
.
new
(
...
@@ -82,11 +83,6 @@ module API
...
@@ -82,11 +83,6 @@ module API
end
end
desc
'Delete an individual Secure File'
desc
'Delete an individual Secure File'
before
do
authorize!
:admin_secure_files
,
user_project
end
route_setting
:authentication
,
basic_auth_personal_access_token:
true
,
job_token_allowed:
true
route_setting
:authentication
,
basic_auth_personal_access_token:
true
,
job_token_allowed:
true
delete
':id/secure_files/:secure_file_id'
do
delete
':id/secure_files/:secure_file_id'
do
secure_file
=
user_project
.
secure_files
.
find
(
params
[
:secure_file_id
])
secure_file
=
user_project
.
secure_files
.
find
(
params
[
:secure_file_id
])
...
...
spec/requests/api/ci/secure_files_spec.rb
View file @
494c6dde
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment