Commit c386ab4a authored by Bob Van Landuyt's avatar Bob Van Landuyt

Access @project through user_project in the API

This makes sure we're always working with the project that we've
validated access for.
parent 41537027
...@@ -13,7 +13,7 @@ module EE ...@@ -13,7 +13,7 @@ module EE
end end
def check_cross_project_pipelines_feature! def check_cross_project_pipelines_feature!
if job_token_authentication? && !@project.feature_available?(:cross_project_pipelines) if job_token_authentication? && !user_project.feature_available?(:cross_project_pipelines)
not_found!('Project') not_found!('Project')
end end
end end
......
...@@ -71,27 +71,27 @@ module API ...@@ -71,27 +71,27 @@ module API
ref = params[:ref] ref = params[:ref]
ref ||= pipeline&.ref ref ||= pipeline&.ref
ref ||= @project.repository.branch_names_contains(commit.sha).first ref ||= user_project.repository.branch_names_contains(commit.sha).first
not_found! 'References for commit' unless ref not_found! 'References for commit' unless ref
name = params[:name] || params[:context] || 'default' name = params[:name] || params[:context] || 'default'
unless pipeline unless pipeline
pipeline = @project.ci_pipelines.create!( pipeline = user_project.ci_pipelines.create!(
source: :external, source: :external,
sha: commit.sha, sha: commit.sha,
ref: ref, ref: ref,
user: current_user, user: current_user,
protected: @project.protected_for?(ref)) protected: user_project.protected_for?(ref))
end end
status = GenericCommitStatus.running_or_pending.find_or_initialize_by( status = GenericCommitStatus.running_or_pending.find_or_initialize_by(
project: @project, project: user_project,
pipeline: pipeline, pipeline: pipeline,
name: name, name: name,
ref: ref, ref: ref,
user: current_user, user: current_user,
protected: @project.protected_for?(ref) protected: user_project.protected_for?(ref)
) )
optional_attributes = optional_attributes =
...@@ -117,7 +117,7 @@ module API ...@@ -117,7 +117,7 @@ module API
render_api_error!('invalid state', 400) render_api_error!('invalid state', 400)
end end
MergeRequest.where(source_project: @project, source_branch: ref) MergeRequest.where(source_project: user_project, source_branch: ref)
.update_all(head_pipeline_id: pipeline.id) if pipeline.latest? .update_all(head_pipeline_id: pipeline.id) if pipeline.latest?
present status, with: Entities::CommitStatus present status, with: Entities::CommitStatus
......
...@@ -355,7 +355,7 @@ module API ...@@ -355,7 +355,7 @@ module API
post ':id/unarchive' do post ':id/unarchive' do
authorize!(:archive_project, user_project) authorize!(:archive_project, user_project)
::Projects::UpdateService.new(@project, current_user, archived: false).execute ::Projects::UpdateService.new(user_project, current_user, archived: false).execute
present user_project, with: Entities::Project, current_user: current_user present user_project, with: Entities::Project, current_user: current_user
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment