diff options
author | Patricio Cano <suprnova32@gmail.com> | 2016-06-27 11:14:44 -0500 |
---|---|---|
committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 16:54:22 -0500 |
commit | 9397ce9137a8784bff4b63acfce3d4bc1e123cdf (patch) | |
tree | 27b7f9be7af134597f54fe70f5d1da52cca0a2f2 /app/controllers | |
parent | da15471bb1c862111300a9202fe06c6a531fb283 (diff) | |
download | gitlab-ce-9397ce9137a8784bff4b63acfce3d4bc1e123cdf.tar.gz |
Correct access control flow for Git HTTP requests.
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/git_http_controller.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index 3d0055c9be3..40a8b7940d9 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -174,14 +174,20 @@ class Projects::GitHttpController < Projects::ApplicationController end end + def access + return @access if defined?(@access) + + @access = Gitlab::GitAccess.new(user, project, 'http') + end + def download_access return @download_access if defined?(@download_access) - @download_access = Gitlab::GitAccess.new(user, project, 'http').check('git-upload-pack') + @download_access = access.check('git-upload-pack') end def http_blocked? - download_access.protocol_allowed? + !access.protocol_allowed? end def receive_pack_allowed? |