diff options
| author | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-11-21 12:59:37 +0000 |
|---|---|---|
| committer | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-12-07 14:42:51 +0000 |
| commit | 3ed96afc47c481db4f8c0a6581602abaee920808 (patch) | |
| tree | 9f840b076417839018586c99d0555fefd4b714cd /lib/api/helpers.rb | |
| parent | 8b379465a5be48c8062379a3dea8e58110c52d87 (diff) | |
| download | gitlab-ce-3ed96afc47c481db4f8c0a6581602abaee920808.tar.gz | |
adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudo
Diffstat (limited to 'lib/api/helpers.rb')
| -rw-r--r-- | lib/api/helpers.rb | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 7f94ede7940..6a47efc74f0 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -44,11 +44,14 @@ module API return nil end - identifier = sudo_identifier() + identifier = sudo_identifier - # If the sudo is the current user do nothing - if identifier && !(@current_user.id == identifier || @current_user.username == identifier) + if identifier + # We check for private_token because we cannot allow PAT to be used forbidden!('Must be admin to use sudo') unless @current_user.is_admin? + forbidden!('Private token must be specified in order to use sudo') unless private_token_used? + + @impersonator = @current_user @current_user = User.by_username_or_id(identifier) not_found!("No user id or username for: #{identifier}") if @current_user.nil? end @@ -399,6 +402,10 @@ module API links.join(', ') end + def private_token_used? + private_token == @current_user.private_token + end + def secret_token Gitlab::Shell.secret_token end |