Commit 8b14d1d2 authored by Patricio Cano's avatar Patricio Cano

Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell...

Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] to conform to what GitLab Shell expects and make the `protocol` param in `GitAccess` mandatory.
parent 7735ef86
...@@ -12,7 +12,7 @@ module BranchesHelper ...@@ -12,7 +12,7 @@ module BranchesHelper
def can_push_branch?(project, branch_name) def can_push_branch?(project, branch_name)
return false unless project.repository.branch_exists?(branch_name) return false unless project.repository.branch_exists?(branch_name)
::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(branch_name) ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(branch_name)
end end
def project_branches def project_branches
......
...@@ -481,7 +481,7 @@ class MergeRequest < ActiveRecord::Base ...@@ -481,7 +481,7 @@ class MergeRequest < ActiveRecord::Base
end end
def can_be_merged_by?(user) def can_be_merged_by?(user)
::Gitlab::GitAccess.new(user, project).can_push_to_branch?(target_branch) ::Gitlab::GitAccess.new(user, project, 'web').can_push_to_branch?(target_branch)
end end
def mergeable_ci_state? def mergeable_ci_state?
......
...@@ -23,7 +23,7 @@ module Commits ...@@ -23,7 +23,7 @@ module Commits
private private
def check_push_permissions def check_push_permissions
allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch) allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
unless allowed unless allowed
raise ValidationError.new('You are not allowed to push into this branch') raise ValidationError.new('You are not allowed to push into this branch')
......
...@@ -43,7 +43,7 @@ module Files ...@@ -43,7 +43,7 @@ module Files
end end
def validate def validate
allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch) allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
unless allowed unless allowed
raise_error("You are not allowed to push into this branch") raise_error("You are not allowed to push into this branch")
......
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
.form-group .form-group
%label.control-label.col-sm-2 Enabled Git access protocols %label.control-label.col-sm-2 Enabled Git access protocols
.col-sm-10 .col-sm-10
= select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control') = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
%span.help-block#clone-protocol-help %span.help-block#clone-protocol-help
Allow only the selected protocols to be used for Git access. Allow only the selected protocols to be used for Git access.
.form-group .form-group
......
...@@ -35,7 +35,7 @@ module Gitlab ...@@ -35,7 +35,7 @@ module Gitlab
vars = { vars = {
'GL_ID' => gl_id, 'GL_ID' => gl_id,
'PWD' => repo_path, 'PWD' => repo_path,
'PROTOCOL' => 'web' 'GL_PROTOCOL' => 'web'
} }
options = { options = {
......
...@@ -5,7 +5,7 @@ module Gitlab ...@@ -5,7 +5,7 @@ module Gitlab
attr_reader :actor, :project, :protocol attr_reader :actor, :project, :protocol
def initialize(actor, project, protocol = nil) def initialize(actor, project, protocol)
@actor = actor @actor = actor
@project = project @project = project
@protocol = protocol @protocol = protocol
...@@ -50,6 +50,8 @@ module Gitlab ...@@ -50,6 +50,8 @@ module Gitlab
end end
def check(cmd, changes = nil) def check(cmd, changes = nil)
return build_status_object(false, 'Access denied due to unspecified Git access protocol') unless protocol
return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed? return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
unless actor unless actor
...@@ -75,8 +77,6 @@ module Gitlab ...@@ -75,8 +77,6 @@ module Gitlab
end end
def download_access_check def download_access_check
return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
if user if user
user_download_access_check user_download_access_check
elsif deploy_key elsif deploy_key
...@@ -87,8 +87,6 @@ module Gitlab ...@@ -87,8 +87,6 @@ module Gitlab
end end
def push_access_check(changes) def push_access_check(changes)
return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
if user if user
user_push_access_check(changes) user_push_access_check(changes)
elsif deploy_key elsif deploy_key
...@@ -99,8 +97,6 @@ module Gitlab ...@@ -99,8 +97,6 @@ module Gitlab
end end
def user_download_access_check def user_download_access_check
return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
unless user.can?(:download_code, project) unless user.can?(:download_code, project)
return build_status_object(false, "You are not allowed to download code from this project.") return build_status_object(false, "You are not allowed to download code from this project.")
end end
...@@ -109,8 +105,6 @@ module Gitlab ...@@ -109,8 +105,6 @@ module Gitlab
end end
def user_push_access_check(changes) def user_push_access_check(changes)
return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
if changes.blank? if changes.blank?
return build_status_object(true) return build_status_object(true)
end end
...@@ -200,7 +194,7 @@ module Gitlab ...@@ -200,7 +194,7 @@ module Gitlab
end end
def protocol_allowed? def protocol_allowed?
protocol ? Gitlab::ProtocolAccess.allowed?(protocol) : true Gitlab::ProtocolAccess.allowed?(protocol)
end end
def branch_name(ref) def branch_name(ref)
......
require 'spec_helper' require 'spec_helper'
describe Gitlab::GitAccess, lib: true do describe Gitlab::GitAccess, lib: true do
let(:access) { Gitlab::GitAccess.new(actor, project) } let(:access) { Gitlab::GitAccess.new(actor, project, 'web') }
let(:project) { create(:project) } let(:project) { create(:project) }
let(:user) { create(:user) } let(:user) { create(:user) }
let(:actor) { user } let(:actor) { user }
......
require 'spec_helper' require 'spec_helper'
describe Gitlab::GitAccessWiki, lib: true do describe Gitlab::GitAccessWiki, lib: true do
let(:access) { Gitlab::GitAccessWiki.new(user, project) } let(:access) { Gitlab::GitAccessWiki.new(user, project, 'web') }
let(:project) { create(:project) } let(:project) { create(:project) }
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment