Commit 3457695b authored by Sam Battalio's avatar Sam Battalio Committed by Nick Thomas

Change HTTP Status Code when repository disabled

parent 9e6c3f56
---
title: "Changed HTTP Status Code for disabled repository on /branches and /commits to 404"
merge_request: 29585
author: Sam Battalio
type: changed
...@@ -8,7 +8,10 @@ module API ...@@ -8,7 +8,10 @@ module API
BRANCH_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX) BRANCH_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX)
before { authorize! :download_code, user_project } before do
require_repository_enabled!
authorize! :download_code, user_project
end
helpers do helpers do
params :filter_params do params :filter_params do
......
...@@ -6,7 +6,10 @@ module API ...@@ -6,7 +6,10 @@ module API
class Commits < Grape::API class Commits < Grape::API
include PaginationParams include PaginationParams
before { authorize! :download_code, user_project } before do
require_repository_enabled!
authorize! :download_code, user_project
end
helpers do helpers do
def user_access def user_access
......
...@@ -250,6 +250,10 @@ module API ...@@ -250,6 +250,10 @@ module API
authorize! :update_build, user_project authorize! :update_build, user_project
end end
def require_repository_enabled!(subject = :global)
not_found!("Repository") unless user_project.feature_available?(:repository, current_user)
end
def require_gitlab_workhorse! def require_gitlab_workhorse!
unless env['HTTP_GITLAB_WORKHORSE'].present? unless env['HTTP_GITLAB_WORKHORSE'].present?
forbidden!('Request should be executed via GitLab Workhorse') forbidden!('Request should be executed via GitLab Workhorse')
......
...@@ -65,7 +65,7 @@ describe API::Branches do ...@@ -65,7 +65,7 @@ describe API::Branches do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -175,7 +175,7 @@ describe API::Branches do ...@@ -175,7 +175,7 @@ describe API::Branches do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -337,7 +337,7 @@ describe API::Branches do ...@@ -337,7 +337,7 @@ describe API::Branches do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { put api(route, current_user) } let(:request) { put api(route, current_user) }
end end
end end
...@@ -471,7 +471,7 @@ describe API::Branches do ...@@ -471,7 +471,7 @@ describe API::Branches do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { put api(route, current_user) } let(:request) { put api(route, current_user) }
end end
end end
...@@ -547,7 +547,7 @@ describe API::Branches do ...@@ -547,7 +547,7 @@ describe API::Branches do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { post api(route, current_user) } let(:request) { post api(route, current_user) }
end end
end end
......
...@@ -736,7 +736,7 @@ describe API::Commits do ...@@ -736,7 +736,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -825,7 +825,7 @@ describe API::Commits do ...@@ -825,7 +825,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -968,7 +968,7 @@ describe API::Commits do ...@@ -968,7 +968,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -1067,7 +1067,7 @@ describe API::Commits do ...@@ -1067,7 +1067,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
end end
end end
...@@ -1169,7 +1169,7 @@ describe API::Commits do ...@@ -1169,7 +1169,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { branch: 'master' } } let(:request) { post api(route, current_user), params: { branch: 'master' } }
end end
end end
...@@ -1324,7 +1324,7 @@ describe API::Commits do ...@@ -1324,7 +1324,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { branch: branch } } let(:request) { post api(route, current_user), params: { branch: branch } }
end end
end end
...@@ -1435,7 +1435,7 @@ describe API::Commits do ...@@ -1435,7 +1435,7 @@ describe API::Commits do
context 'when repository is disabled' do context 'when repository is disabled' do
include_context 'disabled repository' include_context 'disabled repository'
it_behaves_like '403 response' do it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { note: 'My comment' } } let(:request) { post api(route, current_user), params: { note: 'My comment' } }
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment