Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell expects and make the `protocol` param in `GitAccess` mandatory.

author: Patricio Cano <suprnova32@gmail.com> 2016-06-22 13:03:24 -0500
committer: Patricio Cano <suprnova32@gmail.com> 2016-07-05 16:54:22 -0500
commit: 8b14d1d2c20a5b8c7ef985007f90fd3aa12c3277 (patch)
tree: 8feea6564958e689d056ba5e483a1369c06f51cb
parent: 7735ef86f0714a5b2a4cb4db8ec0471654563885 (diff)
download: gitlab-ce-8b14d1d2c20a5b8c7ef985007f90fd3aa12c3277.tar.gz
9 files changed, 12 insertions, 18 deletions
diff --git a/app/helpers/branches_helper.rb b/app/helpers/branches_helper.rb
index c533659b600..601df5c18df 100644
--- a/app/helpers/branches_helper.rb
+++ b/app/helpers/branches_helper.rb
@@ -12,7 +12,7 @@ module BranchesHelper
   def can_push_branch?(project, branch_name)
     return false unless project.repository.branch_exists?(branch_name)
 
-    ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(branch_name)
+    ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(branch_name)
   end
 
   def project_branches
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index cb0f871897a..4f7e1d2f302 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -481,7 +481,7 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def can_be_merged_by?(user)
-    ::Gitlab::GitAccess.new(user, project).can_push_to_branch?(target_branch)
+    ::Gitlab::GitAccess.new(user, project, 'web').can_push_to_branch?(target_branch)
   end
 
   def mergeable_ci_state?
diff --git a/app/services/commits/change_service.rb b/app/services/commits/change_service.rb
index 6b69cb53b2c..c578097376a 100644
--- a/app/services/commits/change_service.rb
+++ b/app/services/commits/change_service.rb
@@ -23,7 +23,7 @@ module Commits
     private
 
     def check_push_permissions
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
 
       unless allowed
         raise ValidationError.new('You are not allowed to push into this branch')
diff --git a/app/services/files/base_service.rb b/app/services/files/base_service.rb
index 0326a8823e9..4bdb68a3698 100644
--- a/app/services/files/base_service.rb
+++ b/app/services/files/base_service.rb
@@ -43,7 +43,7 @@ module Files
     end
 
     def validate
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
 
       unless allowed
         raise_error("You are not allowed to push into this branch")
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 5647ac90a16..99bf2701f64 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -46,7 +46,7 @@
     .form-group
       %label.control-label.col-sm-2 Enabled Git access protocols
       .col-sm-10
-        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
+        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
         %span.help-block#clone-protocol-help
           Allow only the selected protocols to be used for Git access.
     .form-group
diff --git a/lib/gitlab/git/hook.rb b/lib/gitlab/git/hook.rb
index 0b61c8bf332..125240c8a8b 100644
--- a/lib/gitlab/git/hook.rb
+++ b/lib/gitlab/git/hook.rb
@@ -35,7 +35,7 @@ module Gitlab
         vars = {
           'GL_ID' => gl_id,
           'PWD' => repo_path,
-          'PROTOCOL' => 'web'
+          'GL_PROTOCOL' => 'web'
         }
 
         options = {
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 7aec650d1a1..d5f2713e935 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,7 +5,7 @@ module Gitlab
 
     attr_reader :actor, :project, :protocol
 
-    def initialize(actor, project, protocol = nil)
+    def initialize(actor, project, protocol)
       @actor    = actor
       @project  = project
       @protocol = protocol
@@ -50,6 +50,8 @@ module Gitlab
     end
 
     def check(cmd, changes = nil)
+      return build_status_object(false, 'Access denied due to unspecified Git access protocol') unless protocol
+
       return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
 
       unless actor
@@ -75,8 +77,6 @@ module Gitlab
     end
 
     def download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if user
         user_download_access_check
       elsif deploy_key
@@ -87,8 +87,6 @@ module Gitlab
     end
 
     def push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if user
         user_push_access_check(changes)
       elsif deploy_key
@@ -99,8 +97,6 @@ module Gitlab
     end
 
     def user_download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       unless user.can?(:download_code, project)
         return build_status_object(false, "You are not allowed to download code from this project.")
       end
@@ -109,8 +105,6 @@ module Gitlab
     end
 
     def user_push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if changes.blank?
         return build_status_object(true)
       end
@@ -200,7 +194,7 @@ module Gitlab
     end
 
     def protocol_allowed?
-      protocol ? Gitlab::ProtocolAccess.allowed?(protocol) : true
+      Gitlab::ProtocolAccess.allowed?(protocol)
     end
 
     def branch_name(ref)
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 9b7986fa12d..7e1922260ea 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GitAccess, lib: true do
-  let(:access) { Gitlab::GitAccess.new(actor, project) }
+  let(:access) { Gitlab::GitAccess.new(actor, project, 'web') }
   let(:project) { create(:project) }
   let(:user) { create(:user) }
   let(:actor) { user }
diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb
index 77ecfce6f17..4244b807d41 100644
--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GitAccessWiki, lib: true do
-  let(:access) { Gitlab::GitAccessWiki.new(user, project) }
+  let(:access) { Gitlab::GitAccessWiki.new(user, project, 'web') }
   let(:project) { create(:project) }
   let(:user) { create(:user) }
author	Patricio Cano <suprnova32@gmail.com>	2016-06-22 13:03:24 -0500
committer	Patricio Cano <suprnova32@gmail.com>	2016-07-05 16:54:22 -0500
commit	8b14d1d2c20a5b8c7ef985007f90fd3aa12c3277 (patch)
tree	8feea6564958e689d056ba5e483a1369c06f51cb
parent	7735ef86f0714a5b2a4cb4db8ec0471654563885 (diff)
download	gitlab-ce-8b14d1d2c20a5b8c7ef985007f90fd3aa12c3277.tar.gz