diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 14:22:45 -0500 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-14 14:27:56 -0500 |
commit | 715a8cfa2f4639bf36b604f6e3eb2814187367c0 (patch) | |
tree | 7135a01f8555035c566d04fc5cf52a533d8c2fc4 /app | |
parent | 46cc04ce7a374127dd617c8fd2671efed2819cda (diff) | |
download | gitlab-ce-715a8cfa2f4639bf36b604f6e3eb2814187367c0.tar.gz |
Fix authentication service
Diffstat (limited to 'app')
-rw-r--r-- | app/models/ability.rb | 1 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 8 |
2 files changed, 8 insertions, 1 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 59d5195f5b9..74321240468 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -61,6 +61,7 @@ class Ability :read_merge_request, :read_note, :read_commit_status, + :read_container_registry, :download_code ] diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 0323a42b697..a63e7046fcc 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -1,6 +1,10 @@ module Auth class ContainerRegistryAuthenticationService < BaseService + AUDIENCE = 'container_registry' + def execute + return error('not found', 404) unless registry.enabled + if params[:offline_token] return error('forbidden', 403) unless current_user end @@ -52,9 +56,11 @@ module Auth end def can_access?(requested_project, requested_action) + return false unless requested_project.container_registry_enabled? + case requested_action when 'pull' - requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project) + requested_project == project || can?(current_user, :read_container_registry, requested_project) when 'push' requested_project == project || can?(current_user, :create_container_registry, requested_project) else |