diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-06-12 22:11:35 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-06-12 22:11:35 +0300 |
commit | 995e656addd588377fbf8ae6f9e04dee37ebc604 (patch) | |
tree | d1de79b5bf8384cdd35f3f2f982069ff7adf6612 /app | |
parent | 8f52501eb579923a86f94efac8286f8897faec93 (diff) | |
download | gitlab-ce-995e656addd588377fbf8ae6f9e04dee37ebc604.tar.gz |
Add path blacklist
Diffstat (limited to 'app')
-rw-r--r-- | app/models/namespace.rb | 1 | ||||
-rw-r--r-- | app/models/project.rb | 11 | ||||
-rw-r--r-- | app/models/user.rb | 1 |
3 files changed, 4 insertions, 9 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb index cb7164eab13..c74e0cf5a1d 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base message: "only letters, digits, spaces & '_' '-' '.' allowed." } validates :description, length: { within: 0..255 } validates :path, uniqueness: true, presence: true, length: { within: 1..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } diff --git a/app/models/project.rb b/app/models/project.rb index f5c2b4fe9af..22a9c1ffd63 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -79,6 +79,7 @@ class Project < ActiveRecord::Base format: { with: Gitlab::Regex.project_name_regex, message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" } validates :path, presence: true, length: { within: 0..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } validates :issues_enabled, :wall_enabled, :merge_requests_enabled, @@ -92,7 +93,7 @@ class Project < ActiveRecord::Base format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }, if: :import? - validate :check_limit, :repo_name + validate :check_limit # Scopes scope :without_user, ->(user) { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) } @@ -166,14 +167,6 @@ class Project < ActiveRecord::Base errors[:base] << ("Can't check your ability to create project") end - def repo_name - denied_paths = %w(admin dashboard groups help profile projects search) - - if denied_paths.include?(path) - errors.add(:path, "like #{path} is not allowed") - end - end - def to_param if namespace namespace.path + "/" + path diff --git a/app/models/user.rb b/app/models/user.rb index 3f51d7a9938..0a3a40b994c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -104,6 +104,7 @@ class User < ActiveRecord::Base validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider} validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0} validates :username, presence: true, uniqueness: true, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.username_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } |