lfs: do not require auth for public repositories

LFS has the `authenticated` field in the response for downloads of objects to indicate that the object does not need authentication to access it. Spec: https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md#successful-responses Fixes #23360.
author: Ben Boeckel <ben.boeckel@kitware.com> 2017-01-26 13:58:05 -0500
committer: Ben Boeckel <ben.boeckel@kitware.com> 2017-02-07 09:44:24 -0500
commit: 5c20e50f46c6cf7634a20027c5ae257a6c25d995 (patch)
tree: c5fd309f173fbb5b42ea430285e268285a302d36 /app/controllers/projects/lfs_api_controller.rb
parent: d391f743841132375ccf9f9aaddb649ded83f584 (diff)
download: gitlab-ce-5c20e50f46c6cf7634a20027c5ae257a6c25d995.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb
index 440259b643c..8a5a645ed0e 100644
--- a/app/controllers/projects/lfs_api_controller.rb
+++ b/app/controllers/projects/lfs_api_controller.rb
@@ -48,6 +48,10 @@ class Projects::LfsApiController < Projects::GitHttpClientController
     objects.each do |object|
       if existing_oids.include?(object[:oid])
         object[:actions] = download_actions(object)
+
+        if Guest.can?(:download_code, project)
+          object[:authenticated] = true
+        end
       else
         object[:error] = {
           code: 404,
author	Ben Boeckel <ben.boeckel@kitware.com>	2017-01-26 13:58:05 -0500
committer	Ben Boeckel <ben.boeckel@kitware.com>	2017-02-07 09:44:24 -0500
commit	5c20e50f46c6cf7634a20027c5ae257a6c25d995 (patch)
tree	c5fd309f173fbb5b42ea430285e268285a302d36 /app/controllers/projects/lfs_api_controller.rb
parent	d391f743841132375ccf9f9aaddb649ded83f584 (diff)
download	gitlab-ce-5c20e50f46c6cf7634a20027c5ae257a6c25d995.tar.gz