diff options
-rw-r--r-- | app/models/namespace.rb | 1 | ||||
-rw-r--r-- | app/models/project.rb | 11 | ||||
-rw-r--r-- | app/models/user.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/blacklist.rb | 9 |
4 files changed, 13 insertions, 9 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb index cb7164eab13..c74e0cf5a1d 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base message: "only letters, digits, spaces & '_' '-' '.' allowed." } validates :description, length: { within: 0..255 } validates :path, uniqueness: true, presence: true, length: { within: 1..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } diff --git a/app/models/project.rb b/app/models/project.rb index f5c2b4fe9af..22a9c1ffd63 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -79,6 +79,7 @@ class Project < ActiveRecord::Base format: { with: Gitlab::Regex.project_name_regex, message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" } validates :path, presence: true, length: { within: 0..255 }, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.path_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } validates :issues_enabled, :wall_enabled, :merge_requests_enabled, @@ -92,7 +93,7 @@ class Project < ActiveRecord::Base format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }, if: :import? - validate :check_limit, :repo_name + validate :check_limit # Scopes scope :without_user, ->(user) { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) } @@ -166,14 +167,6 @@ class Project < ActiveRecord::Base errors[:base] << ("Can't check your ability to create project") end - def repo_name - denied_paths = %w(admin dashboard groups help profile projects search) - - if denied_paths.include?(path) - errors.add(:path, "like #{path} is not allowed") - end - end - def to_param if namespace namespace.path + "/" + path diff --git a/app/models/user.rb b/app/models/user.rb index 3f51d7a9938..0a3a40b994c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -104,6 +104,7 @@ class User < ActiveRecord::Base validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider} validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0} validates :username, presence: true, uniqueness: true, + exclusion: { in: Gitlab::Blacklist.path }, format: { with: Gitlab::Regex.username_regex, message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } diff --git a/lib/gitlab/blacklist.rb b/lib/gitlab/blacklist.rb new file mode 100644 index 00000000000..b678a83fabf --- /dev/null +++ b/lib/gitlab/blacklist.rb @@ -0,0 +1,9 @@ +module Gitlab + module Blacklist + extend self + + def path + %w(admin dashboard groups help profile projects search public assets u s teams merge_requests issues users snippets ) + end + end +end |