diff options
| author | Vratislav Kalenda <v.kalenda@gmail.com> | 2017-10-10 21:15:38 +0200 |
|---|---|---|
| committer | Vratislav Kalenda <v.kalenda@gmail.com> | 2017-10-10 21:15:38 +0200 |
| commit | b2acb3c775b73e7514f5055c4d5dc67043d6c637 (patch) | |
| tree | 63993c271b4110e24c00ed917b9571195f3fb3e4 | |
| parent | 3b95f5881f24bf5fa9e9c2f2ffd37c2c82c4dce7 (diff) | |
| download | gitlab-ce-b2acb3c775b73e7514f5055c4d5dc67043d6c637.tar.gz | |
refactor access handling
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 2410443ebb6..f40cd2b06c8 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -56,15 +56,22 @@ module Auth def process_scope(scope) type, name, actions = scope.split(':', 3) actions = actions.split(',') - path = ContainerRegistry::Path.new(name) - if type == 'registry' && name == 'catalog' && current_user && current_user.admin? - return { type: type, name: name, actions: ['*'] } + case type + when 'registry' + process_registry_access(type, name, actions) + when 'repository' + path = ContainerRegistry::Path.new(name) + process_repository_access(type, path, actions) end + end - return unless type == 'repository' + def process_registry_access(type, name, actions) + return unless current_user&.admin? + return unless name == 'catalog' + return unless actions == ['*'] - process_repository_access(type, path, actions) + { type: type, name: name, actions: ['*'] } end def process_repository_access(type, path, actions) |