diff options
author | Michael Kozono <mkozono@gmail.com> | 2017-05-16 12:58:46 -0700 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2017-06-05 05:32:26 -0700 |
commit | bad08fbea2a32655a6d87f2140840c317cea6c80 (patch) | |
tree | dc690059a2ce53d055c1eb2738a832c36f1ee89c /lib | |
parent | b387429458f77a3608e077dfe2d50b0a313f8832 (diff) | |
download | gitlab-ce-bad08fbea2a32655a6d87f2140840c317cea6c80.tar.gz |
Move CI access logic into GitAccess
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/git_access.rb | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 1d052ac9b33..1ffac5385c2 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -63,6 +63,11 @@ module Gitlab authentication_abilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code) end + # Allow generic CI (build without a user) for backwards compatibility + def ci_can_download_code? + authentication_abilities.include?(:build_download_code) && ci? + end + def protocol_allowed? Gitlab::ProtocolAccess.allowed?(protocol) end @@ -115,6 +120,7 @@ module Gitlab return if deploy_key? passed = user_can_download_code? || + ci_can_download_code? || build_can_download_code? || guest_can_download_code? @@ -184,11 +190,17 @@ module Gitlab actor.is_a?(DeployKey) end + def ci? + actor == :ci + end + def can_read_project? - if deploy_key + if deploy_key? deploy_key.has_access_to?(project) elsif user user.can?(:read_project, project) + elsif ci? + true # allow CI (build without a user) for backwards compatibility end || Guest.can?(:read_project, project) end @@ -213,10 +225,12 @@ module Gitlab case actor when User actor - when DeployKey - nil when Key actor.user + when DeployKey + nil + when :ci + nil end end |