diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-04 18:43:41 -0500 |
|---|---|---|
| committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-06 21:20:16 -0500 |
| commit | 171b2625b128e5954ce0a150a4fc923a22164e4e (patch) | |
| tree | 834586c27477a404e71fe2fac9d17ecf3e495e58 /app | |
| parent | 7deab3172257bef7818ce834c1e0709432ddd5e0 (diff) | |
| download | gitlab-ce-171b2625b128e5954ce0a150a4fc923a22164e4e.tar.gz | |
Addreses backend review suggestions
- Remove extra method for authorize_admin_project
- Ensure project presence
- Rename 'read_repo' to 'read_repository' to be more verbose
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/projects/deploy_tokens_controller.rb | 4 | ||||
| -rw-r--r-- | app/models/deploy_token.rb | 3 | ||||
| -rw-r--r-- | app/policies/deploy_token_policy.rb | 11 | ||||
| -rw-r--r-- | app/presenters/projects/settings/deploy_tokens_presenter.rb | 2 |
4 files changed, 14 insertions, 6 deletions
diff --git a/app/controllers/projects/deploy_tokens_controller.rb b/app/controllers/projects/deploy_tokens_controller.rb index 1b1bd461b27..a7d9590ba19 100644 --- a/app/controllers/projects/deploy_tokens_controller.rb +++ b/app/controllers/projects/deploy_tokens_controller.rb @@ -23,8 +23,4 @@ class Projects::DeployTokensController < Projects::ApplicationController def deploy_token_params params.require(:deploy_token).permit(:name, :expires_at, scopes: []) end - - def authorize_admin_project! - return render_404 unless can?(current_user, :admin_project, @project) - end end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 475ad06906a..b4df44d295a 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -3,11 +3,12 @@ class DeployToken < ActiveRecord::Base include TokenAuthenticatable add_authentication_token_field :token - AVAILABLE_SCOPES = %w(read_repo read_registry).freeze + AVAILABLE_SCOPES = %w(read_repository read_registry).freeze serialize :scopes, Array # rubocop:disable Cop/ActiveRecordSerialize validates :scopes, presence: true + validates :project, presence: true belongs_to :project diff --git a/app/policies/deploy_token_policy.rb b/app/policies/deploy_token_policy.rb new file mode 100644 index 00000000000..7aa9106e8b1 --- /dev/null +++ b/app/policies/deploy_token_policy.rb @@ -0,0 +1,11 @@ +class DeployTokenPolicy < BasePolicy + with_options scope: :subject, score: 0 + condition(:master) { @subject.project.team.master?(@user) } + + rule { anonymous }.prevent_all + + rule { master }.policy do + enable :create_deploy_token + enable :update_deploy_token + end +end diff --git a/app/presenters/projects/settings/deploy_tokens_presenter.rb b/app/presenters/projects/settings/deploy_tokens_presenter.rb index e2aca2d273a..26bb42e9e7e 100644 --- a/app/presenters/projects/settings/deploy_tokens_presenter.rb +++ b/app/presenters/projects/settings/deploy_tokens_presenter.rb @@ -44,7 +44,7 @@ module Projects def scope_descriptions { - 'read_repo' => s_('DeployTokens|Allows read-only access to the repository'), + 'read_repository' => s_('DeployTokens|Allows read-only access to the repository'), 'read_registry' => s_('DeployTokens|Allows read-only access to the registry images') } end |