diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2018-06-12 17:54:37 +0200 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-06-18 09:11:02 +0200 |
commit | 656d4ebf67b597e012f97edd04432e402d26fbc2 (patch) | |
tree | 47f64eb022598a158cece229d18b0450f0121573 /app | |
parent | 937c1b5be91be4b500fa7cc1faf5d1aabbd16d41 (diff) | |
download | gitlab-ce-656d4ebf67b597e012f97edd04432e402d26fbc2.tar.gz |
Add workhorse authorize method for project/group uploads
This method can be used by workhorse to get presigned
URLs used for direct upload of files.
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/uploads_actions.rb | 10 | ||||
-rw-r--r-- | app/controllers/groups/uploads_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/uploads_controller.rb | 4 |
3 files changed, 16 insertions, 2 deletions
diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 170bca8b56f..e83fe27f899 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -39,6 +39,16 @@ module UploadsActions send_upload(uploader, attachment: uploader.filename, disposition: disposition) end + def authorize + set_workhorse_internal_api_content_type + + authorized = uploader_class.workhorse_authorize( + has_length: false, + maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i) + + render json: authorized + end + private def uploader_class diff --git a/app/controllers/groups/uploads_controller.rb b/app/controllers/groups/uploads_controller.rb index f1578f75e88..74760194a1f 100644 --- a/app/controllers/groups/uploads_controller.rb +++ b/app/controllers/groups/uploads_controller.rb @@ -1,9 +1,11 @@ class Groups::UploadsController < Groups::ApplicationController include UploadsActions + include WorkhorseRequest skip_before_action :group, if: -> { action_name == 'show' && image_or_video? } - before_action :authorize_upload_file!, only: [:create] + before_action :authorize_upload_file!, only: [:create, :authorize] + before_action :verify_workhorse_api!, only: [:authorize] private diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index f5cf089ad98..7a85046164c 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -1,11 +1,13 @@ class Projects::UploadsController < Projects::ApplicationController include UploadsActions + include WorkhorseRequest # These will kick you out if you don't have access. skip_before_action :project, :repository, if: -> { action_name == 'show' && image_or_video? } - before_action :authorize_upload_file!, only: [:create] + before_action :authorize_upload_file!, only: [:create, :authorize] + before_action :verify_workhorse_api!, only: [:authorize] private |