Send api.allowed? request for both http and ssh push

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

2 files changed, 22 insertions, 21 deletions

diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index 99d0044..44c56bd 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -6,14 +6,26 @@ require_relative 'gitlab_config'
 require_relative 'gitlab_logger'
 
 class GitlabNet
-  def allowed?(cmd, repo, key, ref)
+  def allowed?(cmd, repo, actor, ref, oldrev = nil, newrev = nil)
     project_name = repo.gsub("'", "")
     project_name = project_name.gsub(/\.git\Z/, "")
     project_name = project_name.gsub(/\A\//, "")
 
-    key_id = key.gsub("key-", "")
+    params = {
+      action: cmd,
+      ref: ref,
+      project: project_name,
+      oldrev: oldrev,
+      newrev: newrev
+    }
+
+    if actor =~ /\Akey\-\d+\Z/
+      params.merge!(key_id: actor.gsub("key-", ""))
+    elsif actor =~ /\Auser\-\d+\Z/
+      params.merge!(user_id: actor.gsub("user-", ""))
+    end
 
-    url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}"
+    url = "#{host}/allowed?" + URI.encode_www_form(params)
     resp = get(url)
 
     !!(resp.code == '200' && resp.body == 'true')
diff --git a/lib/gitlab_update.rb b/lib/gitlab_update.rb
index 6b3271c..6ce6952 100644
--- a/lib/gitlab_update.rb
+++ b/lib/gitlab_update.rb
@@ -5,7 +5,7 @@ require 'json'
 class GitlabUpdate
   attr_reader :config
 
-  def initialize(repo_path, key_id, refname)
+  def initialize(repo_path, actor, refname)
     @config = GitlabConfig.new
 
     @repo_path = repo_path.strip
@@ -14,7 +14,7 @@ class GitlabUpdate
     @repo_name.gsub!(/\.git$/, "")
     @repo_name.gsub!(/^\//, "")
 
-    @key_id = key_id
+    @actor = actor
     @refname = refname
     @branch_name = /refs\/heads\/([\/\w\.-]+)/.match(refname).to_a.last
 
@@ -27,19 +27,12 @@ class GitlabUpdate
     # get value from it
     ENV['GL_ID'] = nil
 
-    # If its push over ssh
-    # we need to check user permission per branch first
-    if ssh?
-      if api.allowed?('git-receive-pack', @repo_name, @key_id, @branch_name)
-        update_redis
-        exit 0
-      else
-        puts "GitLab: You are not allowed to access #{@branch_name}!"
-        exit 1
-      end
-    else
+    if api.allowed?('git-receive-pack', @repo_name, @actor, @branch_name, @oldrev, @newrev)
       update_redis
       exit 0
+    else
+      puts "GitLab: You are not allowed to access #{@branch_name}!"
+      exit 1
     end
   end
 
@@ -49,13 +42,9 @@ class GitlabUpdate
     GitlabNet.new
   end
 
-  def ssh?
-    @key_id =~ /\Akey\-\d+\Z/
-  end
-
   def update_redis
     queue = "#{config.redis_namespace}:queue:post_receive"
-    msg = JSON.dump({'class' => 'PostReceive', 'args' => [@repo_path, @oldrev, @newrev, @refname, @key_id]})
+    msg = JSON.dump({'class' => 'PostReceive', 'args' => [@repo_path, @oldrev, @newrev, @refname, @actor]})
     unless system(*config.redis_command, 'rpush', queue, msg, err: '/dev/null', out: '/dev/null')
       puts "GitLab: An unexpected error occurred (redis-cli returned #{$?.exitstatus})."
       exit 1