Allow public access to some Project API endpoints4269-public-api

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-11-30 15:48:19 +0100
committer: Rémy Coutable <remy@rymai.me> 2016-12-01 16:39:42 +0100
commit: d757247247ea6015d560eacd29ec7be564e332bf (patch)
tree: 8d431827e763e73e6d9ca8702e01e83901b7dc37 /lib/api/helpers.rb
parent: e91afc0dc071f2cb2dde54b12c04bb90d2c65f7b (diff)
download: gitlab-ce-4269-public-api.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index cbafa952ef6..7f94ede7940 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -141,6 +141,10 @@ module API
       unauthorized! unless current_user
     end
 
+    def authenticate_non_get!
+      authenticate! unless %w[GET HEAD].include?(route.route_method)
+    end
+
     def authenticate_by_gitlab_shell_token!
       input = params['secret_token'].try(:chomp)
       unless Devise.secure_compare(secret_token, input)
@@ -149,6 +153,7 @@ module API
     end
 
     def authenticated_as_admin!
+      authenticate!
       forbidden! unless current_user.is_admin?
     end
author	Rémy Coutable <remy@rymai.me>	2016-11-30 15:48:19 +0100
committer	Rémy Coutable <remy@rymai.me>	2016-12-01 16:39:42 +0100
commit	d757247247ea6015d560eacd29ec7be564e332bf (patch)
tree	8d431827e763e73e6d9ca8702e01e83901b7dc37 /lib/api/helpers.rb
parent	e91afc0dc071f2cb2dde54b12c04bb90d2c65f7b (diff)
download	gitlab-ce-4269-public-api.tar.gz