Commit b29a61eb authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Send api.allowed? request for both http and ssh push

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent e294b344
......@@ -6,14 +6,26 @@ require_relative 'gitlab_config'
require_relative 'gitlab_logger'
class GitlabNet
def allowed?(cmd, repo, key, ref)
def allowed?(cmd, repo, actor, ref, oldrev = nil, newrev = nil)
project_name = repo.gsub("'", "")
project_name = project_name.gsub(/\.git\Z/, "")
project_name = project_name.gsub(/\A\//, "")
key_id = key.gsub("key-", "")
params = {
action: cmd,
ref: ref,
project: project_name,
oldrev: oldrev,
newrev: newrev
}
if actor =~ /\Akey\-\d+\Z/
params.merge!(key_id: actor.gsub("key-", ""))
elsif actor =~ /\Auser\-\d+\Z/
params.merge!(user_id: actor.gsub("user-", ""))
end
url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}"
url = "#{host}/allowed?" + URI.encode_www_form(params)
resp = get(url)
!!(resp.code == '200' && resp.body == 'true')
......
......@@ -5,7 +5,7 @@ require 'json'
class GitlabUpdate
attr_reader :config
def initialize(repo_path, key_id, refname)
def initialize(repo_path, actor, refname)
@config = GitlabConfig.new
@repo_path = repo_path.strip
......@@ -14,7 +14,7 @@ class GitlabUpdate
@repo_name.gsub!(/\.git$/, "")
@repo_name.gsub!(/^\//, "")
@key_id = key_id
@actor = actor
@refname = refname
@branch_name = /refs\/heads\/([\/\w\.-]+)/.match(refname).to_a.last
......@@ -27,20 +27,13 @@ class GitlabUpdate
# get value from it
ENV['GL_ID'] = nil
# If its push over ssh
# we need to check user permission per branch first
if ssh?
if api.allowed?('git-receive-pack', @repo_name, @key_id, @branch_name)
if api.allowed?('git-receive-pack', @repo_name, @actor, @branch_name, @oldrev, @newrev)
update_redis
exit 0
else
puts "GitLab: You are not allowed to access #{@branch_name}!"
exit 1
end
else
update_redis
exit 0
end
end
protected
......@@ -49,13 +42,9 @@ class GitlabUpdate
GitlabNet.new
end
def ssh?
@key_id =~ /\Akey\-\d+\Z/
end
def update_redis
queue = "#{config.redis_namespace}:queue:post_receive"
msg = JSON.dump({'class' => 'PostReceive', 'args' => [@repo_path, @oldrev, @newrev, @refname, @key_id]})
msg = JSON.dump({'class' => 'PostReceive', 'args' => [@repo_path, @oldrev, @newrev, @refname, @actor]})
unless system(*config.redis_command, 'rpush', queue, msg, err: '/dev/null', out: '/dev/null')
puts "GitLab: An unexpected error occurred (redis-cli returned #{$?.exitstatus})."
exit 1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment