Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b4e8bca6
Commit
b4e8bca6
authored
Aug 03, 2018
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add frozen literals and permission checks
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
540dface
Changes
17
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
55 additions
and
3 deletions
+55
-3
ee/app/models/license.rb
ee/app/models/license.rb
+1
-0
ee/app/models/packages.rb
ee/app/models/packages.rb
+1
-0
ee/app/models/packages/maven_metadatum.rb
ee/app/models/packages/maven_metadatum.rb
+1
-0
ee/app/models/packages/package.rb
ee/app/models/packages/package.rb
+1
-0
ee/app/models/packages/package_file.rb
ee/app/models/packages/package_file.rb
+1
-0
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+5
-0
ee/app/services/packages/create_maven_package_service.rb
ee/app/services/packages/create_maven_package_service.rb
+1
-0
ee/app/uploaders/packages/package_file_uploader.rb
ee/app/uploaders/packages/package_file_uploader.rb
+1
-0
ee/db/migrate/20180720120716_create_packages_packages.rb
ee/db/migrate/20180720120716_create_packages_packages.rb
+1
-0
ee/db/migrate/20180720120726_create_packages_package_files.rb
...b/migrate/20180720120726_create_packages_package_files.rb
+1
-0
ee/db/migrate/20180720121404_create_packages_maven_metadata.rb
.../migrate/20180720121404_create_packages_maven_metadata.rb
+1
-0
ee/lib/api/maven_packages.rb
ee/lib/api/maven_packages.rb
+7
-0
ee/spec/factories/packages.rb
ee/spec/factories/packages.rb
+1
-0
ee/spec/models/packages/maven_metadatum_spec.rb
ee/spec/models/packages/maven_metadatum_spec.rb
+1
-0
ee/spec/models/packages/package_file_spec.rb
ee/spec/models/packages/package_file_spec.rb
+1
-0
ee/spec/models/packages/package_spec.rb
ee/spec/models/packages/package_spec.rb
+1
-0
ee/spec/requests/api/maven_packages_spec.rb
ee/spec/requests/api/maven_packages_spec.rb
+29
-3
No files found.
ee/app/models/license.rb
View file @
b4e8bca6
...
@@ -64,6 +64,7 @@ class License < ActiveRecord::Base
...
@@ -64,6 +64,7 @@ class License < ActiveRecord::Base
protected_environments
protected_environments
system_header_footer
system_header_footer
custom_project_templates
custom_project_templates
packages
]
.
freeze
]
.
freeze
EEU_FEATURES
=
EEP_FEATURES
+
%i[
EEU_FEATURES
=
EEP_FEATURES
+
%i[
...
...
ee/app/models/packages.rb
View file @
b4e8bca6
# frozen_string_literal: true
module
Packages
module
Packages
def
self
.
table_name_prefix
def
self
.
table_name_prefix
'packages_'
'packages_'
...
...
ee/app/models/packages/maven_metadatum.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
Packages::MavenMetadatum
<
ActiveRecord
::
Base
class
Packages::MavenMetadatum
<
ActiveRecord
::
Base
belongs_to
:package
belongs_to
:package
...
...
ee/app/models/packages/package.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
Packages::Package
<
ActiveRecord
::
Base
class
Packages::Package
<
ActiveRecord
::
Base
belongs_to
:project
belongs_to
:project
has_many
:package_files
has_many
:package_files
...
...
ee/app/models/packages/package_file.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
Packages::PackageFile
<
ActiveRecord
::
Base
class
Packages::PackageFile
<
ActiveRecord
::
Base
belongs_to
:package
belongs_to
:package
...
...
ee/app/policies/ee/project_policy.rb
View file @
b4e8bca6
...
@@ -84,6 +84,10 @@ module EE
...
@@ -84,6 +84,10 @@ module EE
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:read_issue
)
}.
enable
:read_issue_link
rule
{
can?
(
:public_access
)
}.
policy
do
enable
:read_packages
end
rule
{
can?
(
:reporter_access
)
}.
policy
do
rule
{
can?
(
:reporter_access
)
}.
policy
do
enable
:admin_board
enable
:admin_board
enable
:read_deploy_board
enable
:read_deploy_board
...
@@ -95,6 +99,7 @@ module EE
...
@@ -95,6 +99,7 @@ module EE
rule
{
can?
(
:developer_access
)
}.
policy
do
rule
{
can?
(
:developer_access
)
}.
policy
do
enable
:admin_board
enable
:admin_board
enable
:admin_vulnerability_feedback
enable
:admin_vulnerability_feedback
enable
:write_packages
end
end
rule
{
can?
(
:developer_access
)
&
security_reports_feature_available
}.
enable
:read_project_security_dashboard
rule
{
can?
(
:developer_access
)
&
security_reports_feature_available
}.
enable
:read_project_security_dashboard
...
...
ee/app/services/packages/create_maven_package_service.rb
View file @
b4e8bca6
# frozen_string_literal: true
module
Packages
module
Packages
class
CreateMavenPackageService
<
BaseService
class
CreateMavenPackageService
<
BaseService
def
execute
def
execute
...
...
ee/app/uploaders/packages/package_file_uploader.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
Packages::PackageFileUploader
<
GitlabUploader
class
Packages::PackageFileUploader
<
GitlabUploader
extend
Workhorse
::
UploadPath
extend
Workhorse
::
UploadPath
include
ObjectStorage
::
Concern
include
ObjectStorage
::
Concern
...
...
ee/db/migrate/20180720120716_create_packages_packages.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
CreatePackagesPackages
<
ActiveRecord
::
Migration
class
CreatePackagesPackages
<
ActiveRecord
::
Migration
DOWNTIME
=
false
DOWNTIME
=
false
...
...
ee/db/migrate/20180720120726_create_packages_package_files.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
CreatePackagesPackageFiles
<
ActiveRecord
::
Migration
class
CreatePackagesPackageFiles
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
include
Gitlab
::
Database
::
MigrationHelpers
...
...
ee/db/migrate/20180720121404_create_packages_maven_metadata.rb
View file @
b4e8bca6
# frozen_string_literal: true
class
CreatePackagesMavenMetadata
<
ActiveRecord
::
Migration
class
CreatePackagesMavenMetadata
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
include
Gitlab
::
Database
::
MigrationHelpers
...
...
ee/lib/api/maven_packages.rb
View file @
b4e8bca6
# frozen_string_literal: true
module
API
module
API
class
MavenPackages
<
Grape
::
API
class
MavenPackages
<
Grape
::
API
MAVEN_ENDPOINT_REQUIREMENTS
=
{
MAVEN_ENDPOINT_REQUIREMENTS
=
{
...
@@ -48,6 +49,8 @@ module API
...
@@ -48,6 +49,8 @@ module API
requires
:file_name
,
type:
String
,
desc:
'Package file name'
requires
:file_name
,
type:
String
,
desc:
'Package file name'
end
end
get
':id/packages/maven/*app_group/:app_name/:app_version/:file_name'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
get
':id/packages/maven/*app_group/:app_name/:app_version/:file_name'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
unauthorized!
unless
can?
(
current_user
,
:read_package
,
user_project
)
file_name
,
format
=
extract_format
(
params
[
:file_name
])
file_name
,
format
=
extract_format
(
params
[
:file_name
])
metadata
=
::
Packages
::
MavenMetadatum
.
find_by!
(
app_group:
params
[
:app_group
],
metadata
=
::
Packages
::
MavenMetadatum
.
find_by!
(
app_group:
params
[
:app_group
],
...
@@ -77,6 +80,8 @@ module API
...
@@ -77,6 +80,8 @@ module API
end
end
put
':id/packages/maven/*app_group/:app_name/:app_version/:file_name/authorize'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
put
':id/packages/maven/*app_group/:app_name/:app_version/:file_name/authorize'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
not_allowed!
unless
Gitlab
.
config
.
packages
.
enabled
not_allowed!
unless
Gitlab
.
config
.
packages
.
enabled
unauthorized!
unless
can?
(
current_user
,
:write_package
,
user_project
)
require_gitlab_workhorse!
require_gitlab_workhorse!
Gitlab
::
Workhorse
.
verify_api_request!
(
headers
)
Gitlab
::
Workhorse
.
verify_api_request!
(
headers
)
...
@@ -101,6 +106,8 @@ module API
...
@@ -101,6 +106,8 @@ module API
end
end
put
':id/packages/maven/*app_group/:app_name/:app_version/:file_name'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
put
':id/packages/maven/*app_group/:app_name/:app_version/:file_name'
,
requirements:
MAVEN_ENDPOINT_REQUIREMENTS
do
not_allowed!
unless
Gitlab
.
config
.
packages
.
enabled
not_allowed!
unless
Gitlab
.
config
.
packages
.
enabled
unauthorized!
unless
can?
(
current_user
,
:write_package
,
user_project
)
require_gitlab_workhorse!
require_gitlab_workhorse!
file_name
,
format
=
extract_format
(
params
[
:file_name
])
file_name
,
format
=
extract_format
(
params
[
:file_name
])
...
...
ee/spec/factories/packages.rb
View file @
b4e8bca6
# frozen_string_literal: true
FactoryBot
.
define
do
FactoryBot
.
define
do
factory
:package
,
class:
Packages
::
Package
do
factory
:package
,
class:
Packages
::
Package
do
project
project
...
...
ee/spec/models/packages/maven_metadatum_spec.rb
View file @
b4e8bca6
# frozen_string_literal: true
require
'rails_helper'
require
'rails_helper'
RSpec
.
describe
Packages
::
MavenMetadatum
,
type: :model
do
RSpec
.
describe
Packages
::
MavenMetadatum
,
type: :model
do
...
...
ee/spec/models/packages/package_file_spec.rb
View file @
b4e8bca6
# frozen_string_literal: true
require
'rails_helper'
require
'rails_helper'
RSpec
.
describe
Packages
::
PackageFile
,
type: :model
do
RSpec
.
describe
Packages
::
PackageFile
,
type: :model
do
...
...
ee/spec/models/packages/package_spec.rb
View file @
b4e8bca6
# frozen_string_literal: true
require
'rails_helper'
require
'rails_helper'
RSpec
.
describe
Packages
::
Package
,
type: :model
do
RSpec
.
describe
Packages
::
Package
,
type: :model
do
...
...
ee/spec/requests/api/maven_packages_spec.rb
View file @
b4e8bca6
# frozen_string_literal: true
require
'spec_helper'
require
'spec_helper'
describe
API
::
MavenPackages
do
describe
API
::
MavenPackages
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
let
(
:jwt_token
)
{
JWT
.
encode
({
'iss'
=>
'gitlab-workhorse'
},
Gitlab
::
Workhorse
.
secret
,
'HS256'
)
}
let
(
:jwt_token
)
{
JWT
.
encode
({
'iss'
=>
'gitlab-workhorse'
},
Gitlab
::
Workhorse
.
secret
,
'HS256'
)
}
let
(
:headers
)
{
{
'GitLab-Workhorse'
=>
'1.0'
,
Gitlab
::
Workhorse
::
INTERNAL_API_REQUEST_HEADER
=>
jwt_token
}
}
let
(
:headers
)
{
{
'GitLab-Workhorse'
=>
'1.0'
,
Gitlab
::
Workhorse
::
INTERNAL_API_REQUEST_HEADER
=>
jwt_token
}
}
...
@@ -35,7 +36,32 @@ describe API::MavenPackages do
...
@@ -35,7 +36,32 @@ describe API::MavenPackages do
end
end
context
'private project'
do
context
'private project'
do
# Auth required, read permissions required
before
do
project
.
update!
(
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
)
end
it
'returns the file'
do
download_file_with_token
(
package_file_xml
.
file_name
)
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
response
.
content_type
.
to_s
).
to
eq
(
'application/octet-stream'
)
end
it
'denies download when not enough permissions'
do
project
.
add_guest
(
user
)
download_file_with_token
(
package_file_xml
.
file_name
)
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
it
'denies download when no private token'
do
project
.
add_guest
(
user
)
download_file
(
package_file_xml
.
file_name
)
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
end
end
def
download_file
(
file_name
,
params
=
{},
request_headers
=
headers
)
def
download_file
(
file_name
,
params
=
{},
request_headers
=
headers
)
...
@@ -92,7 +118,7 @@ describe API::MavenPackages do
...
@@ -92,7 +118,7 @@ describe API::MavenPackages do
end
end
describe
'PUT /api/v4/projects/:id/packages/maven/*app_group/:app_name/:app_version/:file_name'
do
describe
'PUT /api/v4/projects/:id/packages/maven/*app_group/:app_name/:app_version/:file_name'
do
let
(
:file_upload
)
{
fixture_file_upload
(
'spec/fixtures/maven/maven-metadata.xml'
)
}
let
(
:file_upload
)
{
fixture_file_upload
(
'
ee/
spec/fixtures/maven/maven-metadata.xml'
)
}
before
do
before
do
# by configuring this path we allow to pass temp file from any path
# by configuring this path we allow to pass temp file from any path
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment