validate access via api

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-04 17:53:32 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-04 17:53:32 +0200
commit: d27a22a2ae198a2c573b6af4790b203a36ef7e80 (patch)
tree: 6cfa0fba3fd00d642b9caaf5fc1fa3b8e1179e11 /lib/gitlab_shell.rb
parent: d554bd90bdd5b74b46f0e6893ce415d2530672a1 (diff)
download: gitlab-shell-d27a22a2ae198a2c573b6af4790b203a36ef7e80.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index a83d16a..dd56e3d 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -1,4 +1,6 @@
 require 'open3'
+require 'net/http'
+
 require_relative 'gitlab_config'
 
 class GitlabShell
@@ -17,7 +19,9 @@ class GitlabShell
       if git_cmds.include?(@git_cmd)
         ENV['GL_USER'] = @username
 
-        process_cmd
+        if validate_access
+          process_cmd
+        end
       else
         puts 'Not allowed command'
       end
@@ -42,4 +46,13 @@ class GitlabShell
     repo_full_path = File.join(repos_path, repo_name)
     system("#{@git_cmd} #{repo_full_path}")
   end
+
+  def validate_access
+    @ref_name = 'master' # just hardcode it cause we dont know ref
+    project_name = @repo_name.gsub("'", "")
+    project_name = project_name.gsub(/\.git$/, "")
+    url = "http://127.0.0.1:3000/api/v3/allowed?project=#{project_name}&username=#{@username}&action=#{@git_cmd}&ref=#{@ref_name}"
+    resp = Net::HTTP.get_response(URI.parse(url))
+    resp.code == '200' && resp.body == 'true'
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-04 17:53:32 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-04 17:53:32 +0200
commit	d27a22a2ae198a2c573b6af4790b203a36ef7e80 (patch)
tree	6cfa0fba3fd00d642b9caaf5fc1fa3b8e1179e11 /lib/gitlab_shell.rb
parent	d554bd90bdd5b74b46f0e6893ce415d2530672a1 (diff)
download	gitlab-shell-d27a22a2ae198a2c573b6af4790b203a36ef7e80.tar.gz