diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-03-07 14:18:30 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-03-07 14:18:30 +0200 |
| commit | d2cec12632079e07ff40876e7c6ecd4c21418dc3 (patch) | |
| tree | b86d4166e98d4564cdd6c435eeca41b0686cf84f | |
| parent | 9c2a6e201388e7e30987a8679ddfa65b9422a38c (diff) | |
| download | gitlab-ce-d2cec12632079e07ff40876e7c6ecd4c21418dc3.tar.gz | |
block user should not be able to push
| -rw-r--r-- | lib/api/internal.rb | 3 | ||||
| -rw-r--r-- | spec/requests/api/internal_spec.rb | 77 |
2 files changed, 52 insertions, 28 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb index d4f72d70d92..c85c01f87bb 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -20,6 +20,9 @@ module Gitlab project == key.project && git_cmd == 'git-upload-pack' else user = key.user + + return false if user.blocked? + action = case git_cmd when 'git-upload-pack' then :download_code diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index d63429df1b0..033c3d35aed 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -34,13 +34,7 @@ describe Gitlab::API do context "git pull" do it do - get( - api("/internal/allowed"), - ref: 'master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-upload-pack' - ) + pull(key, project) response.status.should == 200 response.body.should == 'true' @@ -49,13 +43,7 @@ describe Gitlab::API do context "git push" do it do - get( - api("/internal/allowed"), - ref: 'master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-receive-pack' - ) + push(key, project) response.status.should == 200 response.body.should == 'true' @@ -70,13 +58,7 @@ describe Gitlab::API do context "git pull" do it do - get( - api("/internal/allowed"), - ref: 'master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-upload-pack' - ) + pull(key, project) response.status.should == 200 response.body.should == 'false' @@ -85,13 +67,7 @@ describe Gitlab::API do context "git push" do it do - get( - api("/internal/allowed"), - ref: 'master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-receive-pack' - ) + push(key, project) response.status.should == 200 response.body.should == 'false' @@ -99,5 +75,50 @@ describe Gitlab::API do end end + context "blocked user" do + let(:personal_project) { create(:project, namespace: user.namespace) } + + before do + user.block + end + + context "git pull" do + it do + pull(key, personal_project) + + response.status.should == 200 + response.body.should == 'false' + end + end + + context "git push" do + it do + push(key, personal_project) + + response.status.should == 200 + response.body.should == 'false' + end + end + end + end + + def pull(key, project) + get( + api("/internal/allowed"), + ref: 'master', + key_id: key.id, + project: project.path_with_namespace, + action: 'git-upload-pack' + ) + end + + def push(key, project) + get( + api("/internal/allowed"), + ref: 'master', + key_id: key.id, + project: project.path_with_namespace, + action: 'git-receive-pack' + ) end end |