Reorder snippet before action in controller

We need to check first if the feature flag
is enabled before calling the access checker.
parent 70fce78e
...@@ -4,6 +4,7 @@ module Repositories ...@@ -4,6 +4,7 @@ module Repositories
class GitHttpController < Repositories::GitHttpClientController class GitHttpController < Repositories::GitHttpClientController
include WorkhorseRequest include WorkhorseRequest
before_action :snippet_request_allowed?
before_action :access_check before_action :access_check
prepend_before_action :deny_head_requests, only: [:info_refs] prepend_before_action :deny_head_requests, only: [:info_refs]
...@@ -12,8 +13,6 @@ module Repositories ...@@ -12,8 +13,6 @@ module Repositories
rescue_from Gitlab::GitAccess::ProjectCreationError, with: :render_422_with_exception rescue_from Gitlab::GitAccess::ProjectCreationError, with: :render_422_with_exception
rescue_from Gitlab::GitAccess::TimeoutError, with: :render_503_with_exception rescue_from Gitlab::GitAccess::TimeoutError, with: :render_503_with_exception
before_action :snippet_request_allowed?
# GET /foo/bar.git/info/refs?service=git-upload-pack (git pull) # GET /foo/bar.git/info/refs?service=git-upload-pack (git pull)
# GET /foo/bar.git/info/refs?service=git-receive-pack (git push) # GET /foo/bar.git/info/refs?service=git-receive-pack (git push)
def info_refs def info_refs
...@@ -121,6 +120,7 @@ module Repositories ...@@ -121,6 +120,7 @@ module Repositories
def snippet_request_allowed? def snippet_request_allowed?
if repo_type.snippet? && Feature.disabled?(:version_snippets, user) if repo_type.snippet? && Feature.disabled?(:version_snippets, user)
Gitlab::AppLogger.info('Snippet access attempt with feature disabled')
render plain: 'The project you were looking for could not be found.', status: :not_found render plain: 'The project you were looking for could not be found.', status: :not_found
end end
end end
......
---
title: Check first if feature flag version_snippet is enabled
merge_request: 28352
author:
type: fixed
...@@ -146,9 +146,12 @@ describe Repositories::GitHttpController do ...@@ -146,9 +146,12 @@ describe Repositories::GitHttpController do
let(:params) { container_params.merge(service: 'git-upload-pack') } let(:params) { container_params.merge(service: 'git-upload-pack') }
it 'returns 404' do it 'returns 404' do
expect(controller).not_to receive(:access_check)
get :info_refs, params: params get :info_refs, params: params
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(response.body).to eq "The project you were looking for could not be found."
end end
end end
...@@ -160,9 +163,12 @@ describe Repositories::GitHttpController do ...@@ -160,9 +163,12 @@ describe Repositories::GitHttpController do
end end
it 'returns 404' do it 'returns 404' do
expect(controller).not_to receive(:access_check)
post :git_upload_pack, params: params post :git_upload_pack, params: params
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(response.body).to eq "The project you were looking for could not be found."
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment