Merge branch 'docker-registry' into docker-registry-view

author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-14 18:23:55 -0500
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-14 18:23:55 -0500
commit: f63b6fc297b876e26b93c12ca510148d18d58ec2 (patch)
tree: 1d1fecab4031baf1fb65cb8176c47c40af8b5c62 /app/services/auth
parent: 5c19476286eb63325cbae7b1a21966e55712f367 (diff)
parent: f4f9184a01bc7442411bbcffd9b6a86784fa5f53 (diff)
download: gitlab-ce-f63b6fc297b876e26b93c12ca510148d18d58ec2.tar.gz
1 files changed, 11 insertions, 16 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 45b163d213e..69ad634c368 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -9,9 +9,9 @@ module Auth
         return error('forbidden', 403) unless current_user
       end
 
-      return error('forbidden', 401) if scopes.blank?
+      return error('forbidden', 401) unless scope
 
-      { token: authorized_token(scopes).encoded }
+      { token: authorized_token(scope).encoded }
     end
 
     def self.full_access_token(*names)
@@ -27,32 +27,27 @@ module Auth
 
     private
 
-    def authorized_token(access)
-      token = ::JWT::RSAToken.new(registry.key)
+    def authorized_token(*accesses)
+      token = JSONWebToken::RSAToken.new(registry.key)
       token.issuer = registry.issuer
       token.audience = params[:service]
       token.subject = current_user.try(:username)
-      token[:access] = access
+      token[:access] = accesses
       token
     end
 
-    def scopes
+    def scope
       return unless params[:scope]
 
-      @scopes ||= begin
-        scope = process_scope(params[:scope])
-        [scope].compact
-      end
+      @scope ||= process_scope(params[:scope])
     end
 
     def process_scope(scope)
       type, name, actions = scope.split(':', 3)
       actions = actions.split(',')
+      return unless type == 'repository'
 
-      case type
-      when 'repository'
-        process_repository_access(type, name, actions)
-      end
+      process_repository_access(type, name, actions)
     end
 
     def process_repository_access(type, name, actions)
@@ -71,9 +66,9 @@ module Auth
 
       case requested_action
       when 'pull'
-        requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        requested_project == project || can?(current_user, :read_container_image, requested_project)
       when 'push'
-        requested_project == project || can?(current_user, :create_container_registry, requested_project)
+        requested_project == project || can?(current_user, :create_container_image, requested_project)
       else
         false
       end
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-14 18:23:55 -0500
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-14 18:23:55 -0500
commit	f63b6fc297b876e26b93c12ca510148d18d58ec2 (patch)
tree	1d1fecab4031baf1fb65cb8176c47c40af8b5c62 /app/services/auth
parent	5c19476286eb63325cbae7b1a21966e55712f367 (diff)
parent	f4f9184a01bc7442411bbcffd9b6a86784fa5f53 (diff)
download	gitlab-ce-f63b6fc297b876e26b93c12ca510148d18d58ec2.tar.gz