BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
d95b709a
Unverified
Commit
d95b709a
authored
Dec 13, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Be smarter when finding a sudoed user in API::Helpers
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
2f45d3bc
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
15 additions
and
32 deletions
+15
-32
user.rb
app/models/user.rb
+0
-4
25482-fix-api-sudo.yml
changelogs/unreleased/25482-fix-api-sudo.yml
+2
-2
helpers.rb
lib/api/helpers.rb
+11
-13
user_spec.rb
spec/models/user_spec.rb
+0
-11
helpers_spec.rb
spec/requests/api/helpers_spec.rb
+2
-2
No files found.
app/models/user.rb
View file @
d95b709a
...
...
@@ -304,10 +304,6 @@ class User < ActiveRecord::Base
personal_access_token
.
user
if
personal_access_token
end
def
by_username_or_id
(
name_or_id
)
find_by
(
'users.username = ? OR users.id = ?'
,
name_or_id
.
to_s
,
name_or_id
.
to_i
)
end
# Returns a user for the given SSH key.
def
find_by_ssh_key_id
(
key_id
)
find_by
(
id:
Key
.
unscoped
.
select
(
:user_id
).
where
(
id:
key_id
))
...
...
changelogs/unreleased/25482-fix-api-sudo.yml
View file @
d95b709a
---
title
:
'
API:
Memoize
the
current_user
so
that
the
sudo
can
work
properly'
title
:
'
API:
Memoize
the
current_user
so
that
sudo
can
work
properly'
merge_request
:
8017
author
:
author
:
lib/api/helpers.rb
View file @
d95b709a
...
...
@@ -34,6 +34,14 @@ module API
@available_labels
||=
LabelsFinder
.
new
(
current_user
,
project_id:
user_project
.
id
).
execute
end
def
find_user
(
id
)
if
id
=~
/^\d+$/
User
.
find_by
(
id:
id
)
else
User
.
find_by
(
username:
id
)
end
end
def
find_project
(
id
)
if
id
=~
/^\d+$/
Project
.
find_by
(
id:
id
)
...
...
@@ -349,7 +357,7 @@ module API
def
sudo!
return
unless
sudo_identifier
return
unless
initial_current_user
.
is_a?
(
User
)
return
unless
initial_current_user
unless
initial_current_user
.
is_admin?
forbidden!
(
'Must be admin to use sudo'
)
...
...
@@ -360,7 +368,7 @@ module API
forbidden!
(
'Private token must be specified in order to use sudo'
)
end
sudoed_user
=
User
.
by_username_or_id
(
sudo_identifier
)
sudoed_user
=
find_user
(
sudo_identifier
)
if
sudoed_user
@current_user
=
sudoed_user
...
...
@@ -370,17 +378,7 @@ module API
end
def
sudo_identifier
return
@sudo_identifier
if
defined?
(
@sudo_identifier
)
identifier
||=
params
[
SUDO_PARAM
]
||
env
[
SUDO_HEADER
]
# Regex for integers
@sudo_identifier
=
if
!!
(
identifier
=~
/\A[0-9]+\z/
)
identifier
.
to_i
else
identifier
end
@sudo_identifier
||=
params
[
SUDO_PARAM
]
||
env
[
SUDO_HEADER
]
end
def
add_pagination_headers
(
paginated_data
)
...
...
spec/models/user_spec.rb
View file @
d95b709a
...
...
@@ -727,17 +727,6 @@ describe User, models: true do
end
end
describe
'by_username_or_id'
do
let
(
:user1
)
{
create
(
:user
,
username:
'foo'
)
}
it
"gets the correct user"
do
expect
(
User
.
by_username_or_id
(
user1
.
id
)).
to
eq
(
user1
)
expect
(
User
.
by_username_or_id
(
'foo'
)).
to
eq
(
user1
)
expect
(
User
.
by_username_or_id
(
-
1
)).
to
be_nil
expect
(
User
.
by_username_or_id
(
'bar'
)).
to
be_nil
end
end
describe
'.find_by_ssh_key_id'
do
context
'using an existing SSH key ID'
do
let
(
:user
)
{
create
(
:user
)
}
...
...
spec/requests/api/helpers_spec.rb
View file @
d95b709a
...
...
@@ -16,14 +16,14 @@ describe API::Helpers, api: true do
clear_env
clear_param
env
[
API
::
Helpers
::
PRIVATE_TOKEN_HEADER
]
=
user_or_token
.
respond_to?
(
:private_token
)
?
user_or_token
.
private_token
:
user_or_token
env
[
API
::
Helpers
::
SUDO_HEADER
]
=
identifier
env
[
API
::
Helpers
::
SUDO_HEADER
]
=
identifier
.
to_s
end
def
set_param
(
user_or_token
,
identifier
)
clear_env
clear_param
params
[
API
::
Helpers
::
PRIVATE_TOKEN_PARAM
]
=
user_or_token
.
respond_to?
(
:private_token
)
?
user_or_token
.
private_token
:
user_or_token
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
identifier
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
identifier
.
to_s
end
def
clear_env
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment