diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2016-11-18 17:28:05 +0800 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2016-11-18 17:28:05 +0800 |
| commit | 8dbea582497bbc45735cf145a3da4c88c9e0e78d (patch) | |
| tree | 7ce4f3556ea78133ae909ebd9ff899ef19ca0204 /lib | |
| parent | e72e2f9ba0a160960f68035fbbdbe3f0f86b0dba (diff) | |
| download | gitlab-ce-8dbea582497bbc45735cf145a3da4c88c9e0e78d.tar.gz | |
Check download privilege more specifically and
add another error message for the new error.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/git_access.rb | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 3f674532488..b87ca316240 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -7,7 +7,10 @@ module Gitlab ERROR_MESSAGES = { upload: 'You are not allowed to upload code for this project.', download: 'You are not allowed to download code from this project.', - deploy_key: 'This deploy key does not have write access to this project.', + deploy_key_upload: + 'This deploy key does not have write access to this project.', + deploy_key: + 'This deploy key does not have access to this project.', no_repo: 'A repository for this project does not exist yet.' } @@ -44,29 +47,36 @@ module Gitlab end def download_access_check - if deploy_key - deploy_key.has_access_to?(project) - elsif user - user_download_access_check - end || - Guest.can?(:download_code, project) || - raise(UnauthorizedError, ERROR_MESSAGES[:download]) + passed = if deploy_key + deploy_key.has_access_to?(project) + elsif user + user_can_download_code? || build_can_download_code? + end || Guest.can?(:download_code, project) + + unless passed + message = if deploy_key + ERROR_MESSAGES[:deploy_key] + else + ERROR_MESSAGES[:download] + end + + raise UnauthorizedError, message + end end def push_access_check(changes) if deploy_key - deploy_key_push_access_check(changes) + deploy_key_push_access_check elsif user - user_push_access_check(changes) + user_push_access_check else raise UnauthorizedError, ERROR_MESSAGES[:upload] end - end - def user_download_access_check - unless user_can_download_code? || build_can_download_code? - raise UnauthorizedError, ERROR_MESSAGES[:download] - end + return if changes.blank? # Allow access. + + check_repository_existence! + check_change_access!(changes) end def user_can_download_code? @@ -77,25 +87,15 @@ module Gitlab authentication_abilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code) end - def user_push_access_check(changes) + def user_push_access_check unless authentication_abilities.include?(:push_code) raise UnauthorizedError, ERROR_MESSAGES[:upload] end - - if changes.blank? - return # Allow access. - end - - check_repository_existence! - check_change_access!(changes) end - def deploy_key_push_access_check(changes) - if deploy_key.can_push_to?(project) - check_repository_existence! - check_change_access!(changes) - else - raise UnauthorizedError, ERROR_MESSAGES[:deploy_key] + def deploy_key_push_access_check + unless deploy_key.can_push_to?(project) + raise UnauthorizedError, ERROR_MESSAGES[:deploy_key_upload] end end |