BigW Consortium Gitlab

application_controller.rb 1.53 KB
Newer Older
1
module Ci
2
  class ApplicationController < ::ApplicationController
3 4 5 6
    def self.railtie_helpers_paths
      "app/helpers/ci"
    end

7
    helper_method :gl_project
8 9 10 11 12

    private

    def authenticate_public_page!
      unless project.public
13
        authenticate_user!
14

15
        return access_denied! unless can?(current_user, :read_project, gl_project)
16 17 18 19 20 21 22 23 24 25
      end
    end

    def authenticate_token!
      unless project.valid_token?(params[:token])
        return head(403)
      end
    end

    def authorize_access_project!
26
      unless can?(current_user, :read_project, gl_project)
27 28 29 30
        return page_404
      end
    end

31
    def authorize_manage_builds!
32
      unless can?(current_user, :manage_builds, gl_project)
33 34 35 36
        return page_404
      end
    end

37 38 39 40
    def authenticate_admin!
      return render_404 unless current_user.is_admin?
    end

41
    def authorize_manage_project!
42
      unless can?(current_user, :admin_project, gl_project)
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
        return page_404
      end
    end

    def page_404
      render file: "#{Rails.root}/public/404.html", status: 404, layout: false
    end

    def default_headers
      headers['X-Frame-Options'] = 'DENY'
      headers['X-XSS-Protection'] = '1; mode=block'
    end

    # JSON for infinite scroll via Pager object
    def pager_json(partial, count)
      html = render_to_string(
        partial,
        layout: false,
        formats: [:html]
      )

      render json: {
        html: html,
        count: count
      }
    end

70 71 72
    def gl_project
      ::Project.find(@project.gitlab_id)
    end
73 74
  end
end