diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-15 10:34:53 +0200 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-15 10:34:53 +0200 |
commit | 6b381f3fdf00c7eeb971f365bde2a41f0cecf944 (patch) | |
tree | b3e661a6dc8a75149889b4a8aa7b4d7fbdb7369b /lib | |
parent | 79e4bb8d0b3b74ddd185677e4828d737788c3b1a (diff) | |
download | gitlab-ce-6b381f3fdf00c7eeb971f365bde2a41f0cecf944.tar.gz |
Use `build_read_container_image` and use `build_download_code`
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/auth.rb | 16 | ||||
-rw-r--r-- | lib/gitlab/git_access.rb | 8 |
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index a792db027ff..6a55c50c3f3 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -78,7 +78,7 @@ module Gitlab service = project.public_send("#{underscored_service}_service") if service && service.activated? && service.valid_token?(password) - Result.new(nil, project, :ci, restricted_capabilities) + Result.new(nil, project, :ci, build_capabilities) end end end @@ -124,25 +124,27 @@ module Gitlab if build.user # If user is assigned to build, use restricted credentials of user - Result.new(build.user, build.project, :build, restricted_capabilities) + Result.new(build.user, build.project, :build, build_capabilities) else # Otherwise use generic CI credentials (backward compatibility) - Result.new(nil, build.project, :ci, restricted_capabilities) + Result.new(nil, build.project, :ci, build_capabilities) end end private - def restricted_capabilities + def build_capabilities [ :read_project, - :restricted_download_code, - :restricted_read_container_image + :build_download_code, + :build_read_container_image, + :build_create_container_image ] end def read_capabilities - restricted_capabilities + [ + [ + :read_project, :download_code, :read_container_image ] diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 10ef4a1e3cf..63b707db814 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -61,19 +61,19 @@ module Gitlab end def user_download_access_check - unless privileged_user_can_download_code? || restricted_user_can_download_code? + unless user_can_download_code? || build_can_download_code? return build_status_object(false, "You are not allowed to download code from this project.") end build_status_object(true) end - def privileged_user_can_download_code? + def user_can_download_code? capabilities.include?(:download_code) && user_access.can_do_action?(:download_code) end - def restricted_user_can_download_code? - capabilities.include?(:restricted_download_code) && user_access.can_do_action?(:restricted_download_code) + def build_can_download_code? + capabilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code) end def user_push_access_check(changes) |