diff options
author | Ben Boeckel <ben.boeckel@kitware.com> | 2017-01-26 13:58:05 -0500 |
---|---|---|
committer | Ben Boeckel <ben.boeckel@kitware.com> | 2017-02-07 09:44:24 -0500 |
commit | 5c20e50f46c6cf7634a20027c5ae257a6c25d995 (patch) | |
tree | c5fd309f173fbb5b42ea430285e268285a302d36 /app/controllers/projects/lfs_api_controller.rb | |
parent | d391f743841132375ccf9f9aaddb649ded83f584 (diff) | |
download | gitlab-ce-5c20e50f46c6cf7634a20027c5ae257a6c25d995.tar.gz |
lfs: do not require auth for public repositories
LFS has the `authenticated` field in the response for downloads of
objects to indicate that the object does not need authentication to
access it.
Spec: https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md#successful-responses
Fixes #23360.
Diffstat (limited to 'app/controllers/projects/lfs_api_controller.rb')
-rw-r--r-- | app/controllers/projects/lfs_api_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb index 440259b643c..8a5a645ed0e 100644 --- a/app/controllers/projects/lfs_api_controller.rb +++ b/app/controllers/projects/lfs_api_controller.rb @@ -48,6 +48,10 @@ class Projects::LfsApiController < Projects::GitHttpClientController objects.each do |object| if existing_oids.include?(object[:oid]) object[:actions] = download_actions(object) + + if Guest.can?(:download_code, project) + object[:authenticated] = true + end else object[:error] = { code: 404, |