Implement 'read_repo' for DeployTokens

This will allow to download a repo using the token from the DeployToken
author: Mayra Cabrera <mcabrera@gitlab.com> 2018-03-29 16:56:35 -0600
committer: Mayra Cabrera <mcabrera@gitlab.com> 2018-04-06 21:20:16 -0500
commit: 370fc05da7f95bf6621867a71d51493cf3899e25 (patch)
tree: 040f676c8c6ccf04d5ebfdbbe064a844affd63f5 /lib/gitlab/git_access.rb
parent: db18993f652425b72c4b854e18a002e0ec44b196 (diff)
download: gitlab-ce-370fc05da7f95bf6621867a71d51493cf3899e25.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 01f8b22b2b6..e3c723ab274 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -208,6 +208,7 @@ module Gitlab
 
     def check_download_access!
       passed = deploy_key? ||
+        deploy_token? ||
         user_can_download_code? ||
         build_can_download_code? ||
         guest_can_download_code?
@@ -274,6 +275,14 @@ module Gitlab
       actor.is_a?(DeployKey)
     end
 
+    def deploy_token
+      actor if deploy_token?
+    end
+
+    def deploy_token?
+      actor.is_a?(DeployToken)
+    end
+
     def ci?
       actor == :ci
     end
@@ -283,6 +292,8 @@ module Gitlab
         deploy_key.has_access_to?(project)
       elsif user
         user.can?(:read_project, project)
+      elsif deploy_token?
+        deploy_token.active? && deploy_token.project == project
       elsif ci?
         true # allow CI (build without a user) for backwards compatibility
       end || Guest.can?(:read_project, project)
author	Mayra Cabrera <mcabrera@gitlab.com>	2018-03-29 16:56:35 -0600
committer	Mayra Cabrera <mcabrera@gitlab.com>	2018-04-06 21:20:16 -0500
commit	370fc05da7f95bf6621867a71d51493cf3899e25 (patch)
tree	040f676c8c6ccf04d5ebfdbbe064a844affd63f5 /lib/gitlab/git_access.rb
parent	db18993f652425b72c4b854e18a002e0ec44b196 (diff)
download	gitlab-ce-370fc05da7f95bf6621867a71d51493cf3899e25.tar.gz