application_controller.rb 4.17 KB
Newer Older
gitlabhq's avatar
gitlabhq committed
1 2
class ApplicationController < ActionController::Base
  before_filter :authenticate_user!
3
  before_filter :reject_blocked!
4
  before_filter :set_current_user_for_observers
5
  before_filter :add_abilities
randx's avatar
randx committed
6
  before_filter :dev_tools if Rails.env == 'development'
7
  before_filter :default_headers
8
  before_filter :add_gon_variables
9

gitlabhq's avatar
gitlabhq committed
10
  protect_from_forgery
11

gitlabhq's avatar
gitlabhq committed
12 13
  helper_method :abilities, :can?

14
  rescue_from Encoding::CompatibilityError do |exception|
Riyad Preukschas's avatar
Riyad Preukschas committed
15
    log_exception(exception)
Cyril's avatar
Cyril committed
16
    render "errors/encoding", layout: "errors", status: 500
17 18
  end

19
  rescue_from ActiveRecord::RecordNotFound do |exception|
Riyad Preukschas's avatar
Riyad Preukschas committed
20
    log_exception(exception)
Cyril's avatar
Cyril committed
21
    render "errors/not_found", layout: "errors", status: 404
gitlabhq's avatar
gitlabhq committed
22 23
  end

Nihad Abbasov's avatar
Nihad Abbasov committed
24
  protected
gitlabhq's avatar
gitlabhq committed
25

Riyad Preukschas's avatar
Riyad Preukschas committed
26 27 28 29 30 31
  def log_exception(exception)
    application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
    application_trace.map!{ |t| "  #{t}\n" }
    logger.error "\n#{exception.class.name} (#{exception.message}):\n#{application_trace.join}"
  end

32
  def reject_blocked!
33
    if current_user && current_user.blocked?
34
      sign_out current_user
35
      flash[:alert] = "Your account is blocked. Retry when an admin unblock it."
36 37 38 39
      redirect_to new_user_session_path
    end
  end

randx's avatar
randx committed
40
  def after_sign_in_path_for resource
41
    if resource.is_a?(User) && resource.respond_to?(:blocked?) && resource.blocked?
randx's avatar
randx committed
42
      sign_out resource
43
      flash[:alert] = "Your account is blocked. Retry when an admin unblock it."
randx's avatar
randx committed
44 45 46 47 48 49
      new_user_session_path
    else
      super
    end
  end

50
  def set_current_user_for_observers
51
    MergeRequestObserver.current_user = current_user
52 53 54
    IssueObserver.current_user = current_user
  end

gitlabhq's avatar
gitlabhq committed
55 56 57 58 59 60 61 62
  def abilities
    @abilities ||= Six.new
  end

  def can?(object, action, subject)
    abilities.allowed?(object, action, subject)
  end

Nihad Abbasov's avatar
Nihad Abbasov committed
63
  def project
64 65
    id = params[:project_id] || params[:id]

66 67 68 69 70 71 72 73
    @project = Project.find_with_namespace(id)

    if @project and can?(current_user, :read_project, @project)
      @project
    else
      @project = nil
      render_404
    end
gitlabhq's avatar
gitlabhq committed
74 75
  end

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
76 77 78 79 80 81
  def repository
    @repository ||= project.repository
  rescue Grit::NoSuchPathError
    nil
  end

82
  def add_abilities
gitlabhq's avatar
gitlabhq committed
83 84 85 86
    abilities << Ability
  end

  def authorize_project!(action)
87
    return access_denied! unless can?(current_user, action, project)
gitlabhq's avatar
gitlabhq committed
88 89
  end

90
  def authorize_code_access!
91
    return access_denied! unless can?(current_user, :download_code, project)
92 93
  end

94 95 96 97
  def authorize_create_team!
    return access_denied! unless can?(current_user, :create_team, nil)
  end

98 99 100 101 102 103 104 105
  def authorize_manage_user_team!
    return access_denied! unless user_team.present? && can?(current_user, :manage_user_team, user_team)
  end

  def authorize_admin_user_team!
    return access_denied! unless user_team.present? && can?(current_user, :admin_user_team, user_team)
  end

gitlabhq's avatar
gitlabhq committed
106
  def access_denied!
Cyril's avatar
Cyril committed
107
    render "errors/access_denied", layout: "errors", status: 404
108 109 110
  end

  def not_found!
Cyril's avatar
Cyril committed
111
    render "errors/not_found", layout: "errors", status: 404
112 113 114
  end

  def git_not_found!
Cyril's avatar
Cyril committed
115
    render "errors/git_not_found", layout: "errors", status: 404
gitlabhq's avatar
gitlabhq committed
116 117 118 119 120 121 122 123 124
  end

  def method_missing(method_sym, *arguments, &block)
    if method_sym.to_s =~ /^authorize_(.*)!$/
      authorize_project!($1.to_sym)
    else
      super
    end
  end
gitlabhq's avatar
gitlabhq committed
125

126
  def render_404
127
    render file: Rails.root.join("public", "404"), layout: false, status: "404"
gitlabhq's avatar
gitlabhq committed
128
  end
gitlabhq's avatar
gitlabhq committed
129

130 131 132 133
  def render_403
    render file: Rails.root.join("public", "403"), layout: false, status: "403"
  end

gitlabhq's avatar
gitlabhq committed
134
  def require_non_empty_project
135
    redirect_to @project if @project.empty_repo?
gitlabhq's avatar
gitlabhq committed
136
  end
137

138 139 140 141 142
  def no_cache_headers
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
  end
143

randx's avatar
randx committed
144 145 146
  def dev_tools
    Rack::MiniProfiler.authorize_request
  end
147

148 149 150 151
  def default_headers
    headers['X-Frame-Options'] = 'DENY'
    headers['X-XSS-Protection'] = '1; mode=block'
  end
152 153 154

  def add_gon_variables
    gon.default_issues_tracker = Project.issues_tracker.default_value
155 156 157
    gon.api_version = Gitlab::API.version
    gon.api_token = current_user.private_token if current_user
    gon.gravatar_url = request.ssl? ? Gitlab.config.gravatar.ssl_url : Gitlab.config.gravatar.plain_url
158
  end
gitlabhq's avatar
gitlabhq committed
159
end