BigW Consortium Gitlab

Skip to content

G
gitlab-ce
Commit 8c508037 by James Lopez
Options

updated controllers with permissions check

parent 5355589c
Showing with 19 additions and 69 deletions
app/controllers/import/gitlab_project_controller.rb deleted 100644 → 0
class Import::GitlabProjectController < Import::BaseController
before_action :verify_gitlab_project_import_enabled
before_action :gitlab_project_auth, except: :callback
rescue_from OAuth::Error, with: :gitlab_project_unauthorized
#TODO permissions stuff
def callback
redirect_to status_import_gitlab_project_url
end
def status
@repos = client.projects
@incompatible_repos = client.incompatible_projects
@already_added_projects = current_user.created_projects.where(import_type: "gitlab_project")
already_added_projects_names = @already_added_projects.pluck(:import_source)
@repos.to_a.reject!{ |repo| already_added_projects_names.include? "#{repo["owner"]}/#{repo["slug"]}" }
end
def jobs
jobs = current_user.created_projects.where(import_type: "gitlab_project").to_json(only: [:id, :import_status])
render json: jobs
end
def create
@file = params[:file]
repo_owner = current_user.username
@target_namespace = params[:new_namespace].presence || repo_owner
# namespace = get_or_create_namespace || (render and return)
@project = Gitlab::ImportExport::ImportService.execute(archive_file: file, owner: repo_owner)
end
private
def verify_gitlab_project_import_enabled
render_404 unless gitlab_project_import_enabled?
end
end
app/controllers/import/gitlab_projects_controller.rb
class Import::GitlabProjectsController < Import::BaseController
before_action :verify_gitlab_project_import_enabled
#before_action :gitlab_project_auth, except: :callback
before_action :verify_project_and_namespace_access
rescue_from OAuth::Error, with: :gitlab_project_unauthorized
#TODO permissions stuff
def new
@namespace_id = project_params[:namespace_id]
@path = project_params[:path]
end
def status
end
def create
@project = Project.create_from_import_job(current_user_id: current_user.id,
tmp_file: File.expand_path(params[:file].path),
namespace_id: project_params[:namespace_id],
project_path: project_params[:path])
def jobs
jobs = current_user.created_projects.where(import_type: "gitlab_project").to_json(only: [:id, :import_status])
render json: jobs
redirect_to dashboard_projects_path
end
def create
# TODO verify access to namespace and path
file = params[:file]
namespace_id = project_params[:namespace_id]
path = project_params[:path]
repo_owner = current_user.username
@target_namespace = params[:new_namespace].presence || repo_owner
private
@project = Project.create_from_import_job(current_user_id: current_user.id,
tmp_file: File.expand_path(file.path),
namespace_id: namespace_id,
project_path: path)
def verify_project_and_namespace_access
unless namespace_access? && project_access?
render_403
end
end
redirect_to status_import_gitlab_project_path
def project_access?
can?(current_user, :admin_project, @project)
end
private
def namespace_access?
current_user.can?(:create_projects, Namespace.find(project_params[:namespace_id]))
end
def verify_gitlab_project_import_enabled
render_404 unless gitlab_project_import_enabled?
......
app/controllers/projects_controller.rb
......@@ -7,7 +7,7 @@ class ProjectsController < Projects::ApplicationController
before_action :assign_ref_vars, :tree, only: [:show], if: :repo_exists?
# Authorize
before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping]
before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export]
before_action :event_filter, only: [:show, :activity]
layout :determine_layout
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment