lfs_helper.rb 1.86 KB
Newer Older
Jacob Vosmaer's avatar
Jacob Vosmaer committed
1
module LfsHelper
2
  def require_lfs_enabled!
Jacob Vosmaer's avatar
Jacob Vosmaer committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
    return if Gitlab.config.lfs.enabled

    render(
      json: {
        message: 'Git LFS is not enabled on this GitLab server, contact your admin.',
        documentation_url: "#{Gitlab.config.gitlab.url}/help",
      },
      status: 501
    )
  end

  def lfs_check_access!
    return if download_request? && lfs_download_access?
    return if upload_request? && lfs_upload_access?

    if project.public? || (user && user.can?(:read_project, project))
      render_lfs_forbidden
    else
      render_lfs_not_found
    end
  end

  def lfs_download_access?
26 27
    return false unless project.lfs_enabled?

28
    project.public? || ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code?
29 30
  end

31
  def user_can_download_code?
32
    has_authentication_ability?(:download_code) && can?(user, :download_code, project)
33 34
  end

35
  def build_can_download_code?
36
    has_authentication_ability?(:build_download_code) && can?(user, :build_download_code, project)
Jacob Vosmaer's avatar
Jacob Vosmaer committed
37 38 39
  end

  def lfs_upload_access?
40 41
    return false unless project.lfs_enabled?

42
    has_authentication_ability?(:push_code) && can?(user, :push_code, project)
Jacob Vosmaer's avatar
Jacob Vosmaer committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
  end

  def render_lfs_forbidden
    render(
      json: {
        message: 'Access forbidden. Check your access level.',
        documentation_url: "#{Gitlab.config.gitlab.url}/help",
      },
      content_type: "application/vnd.git-lfs+json",
      status: 403
    )
  end

  def render_lfs_not_found
    render(
      json: {
        message: 'Not found.',
        documentation_url: "#{Gitlab.config.gitlab.url}/help",
      },
      content_type: "application/vnd.git-lfs+json",
      status: 404
    )
  end

  def storage_project
    @storage_project ||= begin
      result = project

Jacob Vosmaer's avatar
Jacob Vosmaer committed
71 72
      loop do
        break unless result.forked?
Jacob Vosmaer's avatar
Jacob Vosmaer committed
73 74 75 76 77 78 79
        result = result.forked_from_project
      end

      result
    end
  end
end