BigW Consortium Gitlab

Commit ed519c16 by Rémy Coutable

Merge branch 'ci-lfs-fetch' into 'master'

Allow to fetch LFS from CI ## What does this MR do? This adds support for fetching LFS object from CI jobs (mostly it's made for supporting GitLab CI). ## What is left? - [x] Write tests covering a new authorization mechanism cc @grzesiek @marin See merge request !4465
parents 1ddbbf35 6bc22d95
...@@ -79,6 +79,7 @@ v 8.9.0 (unreleased) ...@@ -79,6 +79,7 @@ v 8.9.0 (unreleased)
- Pipelines can be canceled only when there are running builds - Pipelines can be canceled only when there are running builds
- Allow authentication using personal access tokens - Allow authentication using personal access tokens
- Use downcased path to container repository as this is expected path by Docker - Use downcased path to container repository as this is expected path by Docker
- Allow to use CI token to fetch LFS objects
- Custom notification settings - Custom notification settings
- Projects pending deletion will render a 404 page - Projects pending deletion will render a 404 page
- Measure queue duration between gitlab-workhorse and Rails - Measure queue duration between gitlab-workhorse and Rails
......
...@@ -31,7 +31,7 @@ module Grack ...@@ -31,7 +31,7 @@ module Grack
auth! auth!
lfs_response = Gitlab::Lfs::Router.new(project, @user, @request).try_call lfs_response = Gitlab::Lfs::Router.new(project, @user, @ci, @request).try_call
return lfs_response unless lfs_response.nil? return lfs_response unless lfs_response.nil?
if @user.nil? && !@ci if @user.nil? && !@ci
......
...@@ -2,10 +2,11 @@ module Gitlab ...@@ -2,10 +2,11 @@ module Gitlab
module Lfs module Lfs
class Response class Response
def initialize(project, user, request) def initialize(project, user, ci, request)
@origin_project = project @origin_project = project
@project = storage_project(project) @project = storage_project(project)
@user = user @user = user
@ci = ci
@env = request.env @env = request.env
@request = request @request = request
end end
...@@ -189,7 +190,7 @@ module Gitlab ...@@ -189,7 +190,7 @@ module Gitlab
return render_not_enabled unless Gitlab.config.lfs.enabled return render_not_enabled unless Gitlab.config.lfs.enabled
unless @project.public? unless @project.public?
return render_unauthorized unless @user return render_unauthorized unless @user || @ci
return render_forbidden unless user_can_fetch? return render_forbidden unless user_can_fetch?
end end
...@@ -210,7 +211,7 @@ module Gitlab ...@@ -210,7 +211,7 @@ module Gitlab
def user_can_fetch? def user_can_fetch?
# Check user access against the project they used to initiate the pull # Check user access against the project they used to initiate the pull
@user.can?(:download_code, @origin_project) @ci || @user.can?(:download_code, @origin_project)
end end
def user_can_push? def user_can_push?
......
module Gitlab module Gitlab
module Lfs module Lfs
class Router class Router
def initialize(project, user, request) attr_reader :project, :user, :ci, :request
def initialize(project, user, ci, request)
@project = project @project = project
@user = user @user = user
@ci = ci
@env = request.env @env = request.env
@request = request @request = request
end end
...@@ -80,7 +83,7 @@ module Gitlab ...@@ -80,7 +83,7 @@ module Gitlab
def lfs def lfs
return unless @project return unless @project
Gitlab::Lfs::Response.new(@project, @user, @request) Gitlab::Lfs::Response.new(@project, @user, @ci, @request)
end end
def sanitize_tmp_filename(name) def sanitize_tmp_filename(name)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment