Allow download package files from UI

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Allow download package files from UI
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
5a085e6e · Dmitriy Zaporozhets · 0488ad0a · 5a085e6e · 5a085e6e · 5a085e6e
Commit 5a085e6e authored Dec 17, 2018 by Dmitriy Zaporozhets
12 changed files
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -313,10 +313,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
      scope '-' do
        get 'archive/*id', constraints: { format: Gitlab::PathRegex.archive_formats_regex, id: /.+?/ }, to: 'repositories#archive', as: 'archive'
-        ## EE-specific
-        resources :packages, only: [:index, :show, :destroy], module: :packages
-        ## EE-specific
        resources :jobs, only: [:index, :show], constraints: { id: /\d+/ } do
          collection do
            post :cancel_all

--- a/ee/app/controllers/concerns/packages_access.rb
+++ b/ee/app/controllers/concerns/packages_access.rb
+# frozen_string_literal: true
+module PackagesAccess
+  extend ActiveSupport::Concern
+  included do
+    before_action :verify_packages_enabled!
+    before_action :authorize_read_package!
+  end
+  private
+  def verify_packages_enabled!
+    render_404 unless Gitlab.config.packages.enabled
+  end
+end
--- a/ee/app/controllers/projects/packages/package_files_controller.rb
+++ b/ee/app/controllers/projects/packages/package_files_controller.rb
+# frozen_string_literal: true
+module Projects
+  module Packages
+    class PackageFilesController < ApplicationController
+      include PackagesAccess
+      include SendFileUpload
+      def download
+        package_file = project.package_files.find(params[:id])
+        send_upload(package_file.file, attachment: package_file.file_name)
+      end
+    end
+  end
+end
--- a/ee/app/controllers/projects/packages/packages_controller.rb
+++ b/ee/app/controllers/projects/packages/packages_controller.rb
@@ -3,8 +3,8 @@
 module Projects
  module Packages
    class PackagesController < ApplicationController
-      before_action :verify_packages_enabled!
+      include PackagesAccess
-      before_action :authorize_read_package!
      before_action :authorize_destroy_package!, only: [:destroy]
      def index
@@ -23,12 +23,6 @@ module Projects
        redirect_to project_packages_path(@project), status: 302, notice: _('Package was removed')
      end
-      private
-      def verify_packages_enabled!
-        render_404 unless Gitlab.config.packages.enabled
-      end
    end
  end
 end
--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -54,6 +54,7 @@ module EE
      has_many :software_license_policies, inverse_of: :project, class_name: 'SoftwareLicensePolicy'
      accepts_nested_attributes_for :software_license_policies, allow_destroy: true
      has_many :packages, class_name: 'Packages::Package'
+      has_many :package_files, through: :packages, class_name: 'Packages::PackageFile'
      has_many :sourced_pipelines, class_name: 'Ci::Sources::Pipeline', foreign_key: :source_project_id

--- a/ee/app/views/projects/packages/packages/show.html.haml
+++ b/ee/app/views/projects/packages/packages/show.html.haml
@@ -67,7 +67,7 @@
      %tr
        %td
          = icon('file-o fw')
-          = package_file.file.identifier
+          = link_to package_file.file.identifier, download_project_package_file_path(@project, package_file)
        %td
          = number_to_human_size(package_file.size, precision: 2)
        %td

--- a/ee/changelogs/unreleased/8794-download-package-files-from-ui.yml
+++ b/ee/changelogs/unreleased/8794-download-package-files-from-ui.yml
+---
+title: Allow downloading package files from UI
+merge_request: 8888
+author:
+type: changed
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -31,6 +31,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          post :check_config
        end
      end
+      scope '-' do
+        resources :packages, only: [:index, :show, :destroy], module: :packages
+        resources :package_files, only: [], module: :packages do
+          member do
+            get :download
+          end
+        end
+      end
    end
  end
 end
--- a/ee/spec/features/projects/package_files_spec.rb
+++ b/ee/spec/features/projects/package_files_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'PackageFiles' do
+  let(:user) { create(:user) }
+  let(:project) { create(:project) }
+  let!(:package) { create(:maven_package, project: project) }
+  let!(:package_file) { package.package_files.first }
+  before do
+    sign_in(user)
+  end
+  context 'user with master role' do
+    before do
+      project.add_master(user)
+    end
+    it 'allows file download from package page' do
+      visit project_package_path(project, package)
+      click_link package_file.file_name
+      expect(status_code).to eq(200)
+      expect(page.response_headers['Content-Type']).to eq 'application/xml'
+      expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
+    end
+    it 'allows direct download by url' do
+      visit download_project_package_file_path(project, package_file)
+      expect(status_code).to eq(200)
+    end
+    it 'does not allow download of package belonging to different project' do
+      another_package = create(:maven_package)
+      another_file = another_package.package_files.first
+      visit download_project_package_file_path(project, another_file)
+      expect(status_code).to eq(404)
+    end
+  end
+  it 'does not allow direct download when no access to the project' do
+    visit download_project_package_file_path(project, package_file)
+    expect(status_code).to eq(404)
+  end
+  it 'gives 404 when no package file exist' do
+    visit download_project_package_file_path(project, '9999')
+    expect(status_code).to eq(404)
+  end
+end
--- a/ee/spec/features/projects/packages_spec.rb
+++ b/ee/spec/features/projects/packages_spec.rb
+# frozen_string_literal: true
 require 'spec_helper'
 describe 'Packages' do
@@ -21,8 +23,6 @@ describe 'Packages' do
    let!(:package) { create(:maven_package, project: project) }
    before do
-      package
      visit_project_packages
    end

--- a/ee/spec/lib/gitlab/import_export/all_models.yml
+++ b/ee/spec/lib/gitlab/import_export/all_models.yml
@@ -68,6 +68,7 @@ project:
 - software_license_policies
 - project_registry
 - packages
+- package_files
 - tracing_setting
 - webide_pipelines
 - reviews

--- a/ee/spec/models/project_spec.rb
+++ b/ee/spec/models/project_spec.rb
@@ -25,6 +25,8 @@ describe Project do
    it { is_expected.to have_many(:audit_events).dependent(false) }
    it { is_expected.to have_many(:protected_environments) }
    it { is_expected.to have_many(:approver_groups).dependent(:destroy) }
+    it { is_expected.to have_many(:packages).class_name('Packages::Package') }
+    it { is_expected.to have_many(:package_files).class_name('Packages::PackageFile') }
  end
  describe 'validations' do