BigW Consortium Gitlab

Commit 8c08fb9b by Dmitriy Zaporozhets

Merge pull request #4662 from jzi/allow_archive_for_deploy_key

allow all git-upload-* commands for deploy keys
parents 4f07a6a9 e03d01d0
module API
# Internal access API
class Internal < Grape::API
DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }
PUSH_COMMANDS = %w{ git-receive-pack }
namespace 'internal' do
#
# Check if ssh key has access to project code
......@@ -26,16 +30,16 @@ module API
if key.is_a? DeployKey
key.projects.include?(project) && git_cmd == 'git-upload-pack'
key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd)
else
user = key.user
return false if user.blocked?
action = case git_cmd
when 'git-upload-pack', 'git-upload-archive'
when *DOWNLOAD_COMMANDS
then :download_code
when 'git-receive-pack'
when *PUSH_COMMANDS
then
if project.protected_branch?(params[:ref])
:push_code_to_protected_branches
......
......@@ -100,6 +100,32 @@ describe API::API do
end
end
end
context "deploy key" do
let(:key) { create(:deploy_key) }
context "added to project" do
before do
key.projects << project
end
it do
archive(key, project)
response.status.should == 200
response.body.should == 'true'
end
end
context "not added to project" do
it do
archive(key, project)
response.status.should == 200
response.body.should == 'false'
end
end
end
end
def pull(key, project)
......@@ -121,4 +147,14 @@ describe API::API do
action: 'git-receive-pack'
)
end
def archive(key, project)
get(
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-archive'
)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment