diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-07-25 05:12:24 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-07-25 05:12:24 -0700 |
| commit | 537f87a169576544b26347b5b3a6ab22d2cbfc00 (patch) | |
| tree | 58cb66cf9639ef46acc4927fef0b4e0a84269568 /app/controllers | |
| parent | f94b52256d1bedfe6b01ef31f0bed0615b10d918 (diff) | |
| parent | d22db4f492d5ae676bea6bc699203d2fc120fe96 (diff) | |
| download | gitlab-ce-537f87a169576544b26347b5b3a6ab22d2cbfc00.tar.gz | |
Merge branch 'master' into sh-support-bitbucket-server-import
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/concerns/lfs_request.rb | 19 | ||||
| -rw-r--r-- | app/controllers/import/gitlab_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/profiles_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/projects/wikis_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 6 |
6 files changed, 36 insertions, 5 deletions
diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb index 79ee5b2f91e..4584ff782a3 100644 --- a/app/controllers/concerns/lfs_request.rb +++ b/app/controllers/concerns/lfs_request.rb @@ -71,7 +71,22 @@ module LfsRequest def lfs_download_access? return false unless project.lfs_enabled? - ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code? + ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code? || deploy_token_can_download_code? + end + + def deploy_token_can_download_code? + deploy_token_present? && + deploy_token.project == project && + deploy_token.active? && + deploy_token.read_repository? + end + + def deploy_token_present? + user && user.is_a?(DeployToken) + end + + def deploy_token + user end def lfs_upload_access? @@ -86,7 +101,7 @@ module LfsRequest end def user_can_download_code? - has_authentication_ability?(:download_code) && can?(user, :download_code, project) + has_authentication_ability?(:download_code) && can?(user, :download_code, project) && !deploy_token_present? end def build_can_download_code? diff --git a/app/controllers/import/gitlab_controller.rb b/app/controllers/import/gitlab_controller.rb index fccbdbca0f6..53f70446d95 100644 --- a/app/controllers/import/gitlab_controller.rb +++ b/app/controllers/import/gitlab_controller.rb @@ -1,4 +1,7 @@ class Import::GitlabController < Import::BaseController + MAX_PROJECT_PAGES = 15 + PER_PAGE_PROJECTS = 100 + before_action :verify_gitlab_import_enabled before_action :gitlab_auth, except: :callback @@ -10,7 +13,7 @@ class Import::GitlabController < Import::BaseController end def status - @repos = client.projects + @repos = client.projects(starting_page: 1, page_limit: MAX_PROJECT_PAGES, per_page: PER_PAGE_PROJECTS) @already_added_projects = find_already_added_projects('gitlab') already_added_projects_names = @already_added_projects.pluck(:import_source) diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index 074db361949..56a7b766b77 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -99,7 +99,8 @@ class ProfilesController < Profiles::ApplicationController :username, :website_url, :organization, - :preferred_language + :preferred_language, + :private_profile ) end end diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index 9dc0c31be49..b7c656246ef 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -112,7 +112,7 @@ class Projects::WikisController < Projects::ApplicationController private def load_project_wiki - @project_wiki = ProjectWiki.new(@project, current_user) + @project_wiki = load_wiki # Call #wiki to make sure the Wiki Repo is initialized @project_wiki.wiki @@ -128,6 +128,10 @@ class Projects::WikisController < Projects::ApplicationController false end + def load_wiki + ProjectWiki.new(@project, current_user) + end + def wiki_params params.require(:wiki).permit(:title, :content, :format, :message, :last_commit_sha) end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9dd652206fe..4ca42e2d4a2 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -157,6 +157,8 @@ class SessionsController < Devise::SessionsController end def auto_sign_in_with_provider + return unless Gitlab::Auth.omniauth_enabled? + provider = Gitlab.config.omniauth.auto_sign_in_with_provider return unless provider.present? diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 31f47a7aa7c..2f65f4a7403 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -13,6 +13,8 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! before_action :user, except: [:exists] + before_action :authorize_read_user_profile!, + only: [:calendar, :calendar_activities, :groups, :projects, :contributed_projects, :snippets] def show respond_to do |format| @@ -148,4 +150,8 @@ class UsersController < ApplicationController def build_canonical_path(user) url_for(safe_params.merge(username: user.to_param)) end + + def authorize_read_user_profile! + access_denied! unless can?(current_user, :read_user_profile, user) + end end |