diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 14:22:45 -0500 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 14:27:56 -0500 |
| commit | 715a8cfa2f4639bf36b604f6e3eb2814187367c0 (patch) | |
| tree | 7135a01f8555035c566d04fc5cf52a533d8c2fc4 | |
| parent | 46cc04ce7a374127dd617c8fd2671efed2819cda (diff) | |
| download | gitlab-ce-715a8cfa2f4639bf36b604f6e3eb2814187367c0.tar.gz | |
Fix authentication service
| -rw-r--r-- | app/models/ability.rb | 1 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 8 | ||||
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 1 |
3 files changed, 9 insertions, 1 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 59d5195f5b9..74321240468 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -61,6 +61,7 @@ class Ability :read_merge_request, :read_note, :read_commit_status, + :read_container_registry, :download_code ] diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 0323a42b697..a63e7046fcc 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -1,6 +1,10 @@ module Auth class ContainerRegistryAuthenticationService < BaseService + AUDIENCE = 'container_registry' + def execute + return error('not found', 404) unless registry.enabled + if params[:offline_token] return error('forbidden', 403) unless current_user end @@ -52,9 +56,11 @@ module Auth end def can_access?(requested_project, requested_action) + return false unless requested_project.container_registry_enabled? + case requested_action when 'pull' - requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project) + requested_project == project || can?(current_user, :read_container_registry, requested_project) when 'push' requested_project == project || can?(current_user, :create_container_registry, requested_project) else diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 8dc47a24ee2..6e86a3dcf56 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -7,6 +7,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) } let(:registry_settings) do { + enabled: true, issuer: 'rspec', key: nil } |