diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-06-20 21:13:53 -0500 |
|---|---|---|
| committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 18:01:12 -0500 |
| commit | 44e7804ddb408d85f091c7a5cd36e0fdbec63d13 (patch) | |
| tree | 16956fba9120d6e0fb91fd8b38c55f3c2290c6de /lib | |
| parent | 5afdd3f1cc3f12d4e919edb554c755b227675d06 (diff) | |
| download | gitlab-shell-44e7804ddb408d85f091c7a5cd36e0fdbec63d13.tar.gz | |
Allow GitLab Shell to check for allowed access based on the used Git protocol.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab_access.rb | 7 | ||||
| -rw-r--r-- | lib/gitlab_net.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab_shell.rb | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb index 10afeef..bab2c4c 100644 --- a/lib/gitlab_access.rb +++ b/lib/gitlab_access.rb @@ -9,18 +9,19 @@ class GitlabAccess include NamesHelper - attr_reader :config, :repo_path, :repo_name, :changes + attr_reader :config, :repo_path, :repo_name, :changes, :protocol - def initialize(repo_path, actor, changes) + def initialize(repo_path, actor, changes, protocol = nil) @config = GitlabConfig.new @repo_path = repo_path.strip @actor = actor @repo_name = extract_repo_name(@repo_path.dup) @changes = changes.lines + @protocol = protocol end def exec - status = api.check_access('git-receive-pack', @repo_name, @actor, @changes) + status = api.check_access('git-receive-pack', @repo_name, @actor, @changes, @protocol) raise AccessDeniedError, status.message unless status.allowed? diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index dd9a4b0..24e97be 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -14,7 +14,7 @@ class GitlabNet CHECK_TIMEOUT = 5 READ_TIMEOUT = 300 - def check_access(cmd, repo, actor, changes) + def check_access(cmd, repo, actor, changes, protocol = nil) project_name = repo.gsub("'", "") project_name = project_name.gsub(/\.git\Z/, "") project_name = project_name.gsub(/\A\//, "") @@ -24,6 +24,7 @@ class GitlabNet action: cmd, changes: changes, project: project_name, + protocol: protocol } if actor =~ /\Akey\-\d+\Z/ diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index c5d5c02..2bb8a4d 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -85,7 +85,7 @@ class GitlabShell end def verify_access - status = api.check_access(@git_access, @repo_name, @key_id, '_any') + status = api.check_access(@git_access, @repo_name, @key_id, '_any', 'ssh') raise AccessDeniedError, status.message unless status.allowed? |