Commit 359caf2b authored by Sean McGivern's avatar Sean McGivern

Merge branch '29662-allow-unauthenticated-branches-api' into 'master'

Allow unauthenticated access to some Branch API GET endpoints

Closes #29662

See merge request !10077
parents 691402fb aaaee8ae
---
title: Allow unauthenticated access to some Branch API GET endpoints
merge_request:
author:
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
## List repository branches ## List repository branches
Get a list of repository branches from a project, sorted by name alphabetically. Get a list of repository branches from a project, sorted by name alphabetically.
This endpoint can be accessed without authentication if the repository is
publicly accessible.
``` ```
GET /projects/:id/repository/branches GET /projects/:id/repository/branches
...@@ -48,7 +50,8 @@ Example response: ...@@ -48,7 +50,8 @@ Example response:
## Get single repository branch ## Get single repository branch
Get a single project repository branch. Get a single project repository branch. This endpoint can be accessed without
authentication if the repository is publicly accessible.
``` ```
GET /projects/:id/repository/branches/:branch GET /projects/:id/repository/branches/:branch
......
...@@ -4,7 +4,6 @@ module API ...@@ -4,7 +4,6 @@ module API
class Branches < Grape::API class Branches < Grape::API
include PaginationParams include PaginationParams
before { authenticate! }
before { authorize! :download_code, user_project } before { authorize! :download_code, user_project }
params do params do
...@@ -102,6 +101,7 @@ module API ...@@ -102,6 +101,7 @@ module API
end end
post ":id/repository/branches" do post ":id/repository/branches" do
authorize_push_project authorize_push_project
result = CreateBranchService.new(user_project, current_user). result = CreateBranchService.new(user_project, current_user).
execute(params[:branch], params[:ref]) execute(params[:branch], params[:ref])
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment