validate access via api

d27a22a2 · Dmitriy Zaporozhets · d554bd90 · d27a22a2
Commit d27a22a2 authored Feb 04, 2013 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletion

lib/gitlab_shell.rb lib/gitlab_shell.rb +14 -1

No files found.
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
 require 'open3'
+require 'net/http'
+
 require_relative 'gitlab_config'

 class GitlabShell
@@ -17,7 +19,9 @@ class GitlabShell
      if git_cmds.include?(@git_cmd)
        ENV['GL_USER'] = @username

-        process_cmd
+        if validate_access
+          process_cmd
+        end
      else
        puts 'Not allowed command'
      end
@@ -42,4 +46,13 @@ class GitlabShell
    repo_full_path = File.join(repos_path, repo_name)
    system("#{@git_cmd} #{repo_full_path}")
  end
+
+  def validate_access
+    @ref_name = 'master' # just hardcode it cause we dont know ref
+    project_name = @repo_name.gsub("'", "")
+    project_name = project_name.gsub(/\.git$/, "")
+    url = "http://127.0.0.1:3000/api/v3/allowed?project=#{project_name}&username=#{@username}&action=#{@git_cmd}&ref=#{@ref_name}"
+    resp = Net::HTTP.get_response(URI.parse(url))
+    resp.code == '200' && resp.body == 'true'
+  end
 end