From 232b401429ea8269e5e187b304fd4c2ccd61e428 Mon Sep 17 00:00:00 2001 From: Douglas Barbosa Alexandre Date: Tue, 24 Jan 2017 18:04:45 -0200 Subject: Fix access to the wiki code via HTTP when repository feature disabled --- .../projects/git_http_client_controller.rb | 12 +++++++----- app/controllers/projects/git_http_controller.rb | 6 +++++- spec/requests/git_http_spec.rb | 22 ++++++++++++++++++++++ 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 8714349e27f..70845617d3c 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -109,12 +109,14 @@ class Projects::GitHttpClientController < Projects::ApplicationController end def repository + wiki? ? project.wiki.repository : project.repository + end + + def wiki? + return @wiki if defined?(@wiki) + _, suffix = project_id_with_suffix - if suffix == '.wiki.git' - project.wiki.repository - else - project.repository - end + @wiki = suffix == '.wiki.git' end def render_not_found diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index 9184dcccac5..278098fcc58 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -84,7 +84,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController end def access - @access ||= Gitlab::GitAccess.new(user, project, 'http', authentication_abilities: authentication_abilities) + @access ||= access_klass.new(user, project, 'http', authentication_abilities: authentication_abilities) end def access_check @@ -102,4 +102,8 @@ class Projects::GitHttpController < Projects::GitHttpClientController access_check.allowed? end + + def access_klass + @access_klass ||= wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess + end end diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb index 5abda28e26f..6a5ad6deb74 100644 --- a/spec/requests/git_http_spec.rb +++ b/spec/requests/git_http_spec.rb @@ -55,6 +55,28 @@ describe 'Git HTTP requests', lib: true do expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) end end + + context 'but the repo is disabled' do + let(:project) { create(:project, repository_access_level: ProjectFeature::DISABLED, wiki_access_level: ProjectFeature::ENABLED) } + let(:wiki) { ProjectWiki.new(project) } + let(:path) { "/#{wiki.repository.path_with_namespace}.git" } + + before do + project.team << [user, :developer] + end + + it 'allows clones' do + download(path, user: user.username, password: user.password) do |response| + expect(response).to have_http_status(200) + end + end + + it 'allows pushes' do + upload(path, user: user.username, password: user.password) do |response| + expect(response).to have_http_status(200) + end + end + end end context "when the project exists" do -- cgit v1.2.1