diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-16 09:59:10 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-16 11:12:21 +0200 |
| commit | e941365f3be88cebd57e9b08ba8702c1b688cb94 (patch) | |
| tree | 903b454248eb3ba230eabfb2c5427a11161e4c5c /app | |
| parent | ac6412d0766fbc090a3aa8272cfd4cc2d9a26c16 (diff) | |
| download | gitlab-ce-e941365f3be88cebd57e9b08ba8702c1b688cb94.tar.gz | |
Rename capabilities to authentication_abilities
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/projects/git_http_controller.rb | 2 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 12 |
4 files changed, 16 insertions, 14 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index a69534c2258..06d96774754 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -14,7 +14,7 @@ class JwtController < ApplicationController @authentication_result ||= Gitlab::Auth::Result.new result = service.new(@authentication_result.project, @authentication_result.actor, auth_params). - execute(capabilities: @authentication_result.capabilities) + execute(authentication_abilities: @authentication_result.authentication_abilities) render json: result, status: result[:http_status] end diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index d92d28b7e02..3cc915ecc2a 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -4,7 +4,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController include ActionController::HttpAuthentication::Basic include KerberosSpnegoHelper - attr_reader :actor, :capabilities + attr_reader :actor, :authentication_abilities # Git clients will not know what authenticity token to send along skip_before_action :verify_authenticity_token @@ -125,7 +125,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController when :oauth if download_request? @actor = auth_result.actor - @capabilities = auth_result.capabilities + @authentication_abilities = auth_result.authentication_abilities else return false end @@ -133,11 +133,13 @@ class Projects::GitHttpClientController < Projects::ApplicationController if download_request? @lfs_deploy_key = true @actor = auth_result.actor - @capabilities = auth_result.capabilities + @authentication_abilities = auth_result.authentication_abilities + else + return false end when :lfs_token, :personal_token, :gitlab_or_ldap, :build @actor = auth_result.actor - @capabilities = auth_result.capabilities + @authentication_abilities = auth_result.authentication_abilities else # Not allowed return false @@ -150,8 +152,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController @lfs_deploy_key && actor && actor.projects.include?(project) end - def has_capability?(capability) - @capabilities.include?(capability) + def has_authentication_ability?(capability) + @authentication_abilities.include?(capability) end def verify_workhorse_api! diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index 89afaaed510..662d38b10a5 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -86,7 +86,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController end def access - @access ||= Gitlab::GitAccess.new(user, project, 'http', capabilities: capabilities) + @access ||= Gitlab::GitAccess.new(user, project, 'http', authentication_abilities: authentication_abilities) end def access_check diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index df1c9b2851c..36120a5bc99 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -4,8 +4,8 @@ module Auth AUDIENCE = 'container_registry' - def execute(capabilities:) - @capabilities = capabilities || [] + def execute(authentication_abilities:) + @authentication_abilities = authentication_abilities || [] return error('not found', 404) unless registry.enabled @@ -92,23 +92,23 @@ module Auth # Build can: # 1. pull from it's own project (for ex. a build) # 2. read images from dependent projects if creator of build is a team member - @capabilities.include?(:build_read_container_image) && + @authentication_abilities.include?(:build_read_container_image) && (requested_project == project || can?(current_user, :build_read_container_image, requested_project)) end def user_can_pull?(requested_project) - @capabilities.include?(:read_container_image) && + @authentication_abilities.include?(:read_container_image) && can?(current_user, :read_container_image, requested_project) end def build_can_push?(requested_project) # Build can push only to project to from which he originates - @capabilities.include?(:build_create_container_image) && + @authentication_abilities.include?(:build_create_container_image) && requested_project == project end def user_can_push?(requested_project) - @capabilities.include?(:create_container_image) && + @authentication_abilities.include?(:create_container_image) && can?(current_user, :create_container_image, requested_project) end end |