Merge branch 'master' of https://github.com/gitlabhq/gitlabhq into patch-1

author: Franz-Robert van Vugt <f.vanvugt@zeno.nu> 2014-03-27 21:40:33 +0100
committer: Franz-Robert van Vugt <f.vanvugt@zeno.nu> 2014-03-27 21:40:33 +0100
commit: cfc4a2dbe3652180c1d08d5d9e154e28cbb340fb (patch)
tree: f9af595878a2789be45c612e26ced8c9f7c592ad /lib/api/internal.rb
parent: f03820ebf2f28ddb26e422322219a815d8cd3749 (diff)
parent: fc5ac1451dcfda7cf53d536db79b552b29849276 (diff)
download: gitlab-ce-cfc4a2dbe3652180c1d08d5d9e154e28cbb340fb.tar.gz
1 files changed, 19 insertions, 41 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 69aad3748b3..bcf97574673 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -1,16 +1,12 @@
 module API
   # Internal access API
   class Internal < Grape::API
-
-    DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }
-    PUSH_COMMANDS = %w{ git-receive-pack }
-
     namespace 'internal' do
-      #
-      # Check if ssh key has access to project code
+      # Check if git command is allowed to project
       #
       # Params:
-      #   key_id - SSH Key id
+      #   key_id - ssh key id for Git over SSH
+      #   user_id - user id for Git over HTTP
       #   project - project path with namespace
       #   action - git action (git-upload-pack or git-receive-pack)
       #   ref - branch name
@@ -22,43 +18,25 @@ module API
         # the wiki repository as well.
         project_path = params[:project]
         project_path.gsub!(/\.wiki/,'') if project_path =~ /\.wiki/
-
-        key = Key.find(params[:key_id])
         project = Project.find_with_namespace(project_path)
-        git_cmd = params[:action]
         return false unless project
 
-
-        if key.is_a? DeployKey
-          key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd)
-        else
-          user = key.user
-
-          return false if user.blocked?
-
-          if Gitlab.config.ldap.enabled
-            if user.ldap_user?
-              # Check if LDAP user exists and match LDAP user_filter
-              unless Gitlab::LDAP::Access.new.allowed?(user)
-                return false
-              end
-            end
-          end
-
-          action = case git_cmd
-                   when *DOWNLOAD_COMMANDS
-                     then :download_code
-                   when *PUSH_COMMANDS
-                     then
-                     if project.protected_branch?(params[:ref])
-                       :push_code_to_protected_branches
-                     else
-                       :push_code
-                     end
-                   end
-
-          user.can?(action, project)
-        end
+        actor = if params[:key_id]
+                  Key.find(params[:key_id])
+                elsif params[:user_id]
+                  User.find(params[:user_id])
+                end
+
+        return false unless actor
+
+        Gitlab::GitAccess.new.allowed?(
+          actor,
+          params[:action],
+          project,
+          params[:ref],
+          params[:oldrev],
+          params[:newrev]
+        )
       end
 
       #
author	Franz-Robert van Vugt <f.vanvugt@zeno.nu>	2014-03-27 21:40:33 +0100
committer	Franz-Robert van Vugt <f.vanvugt@zeno.nu>	2014-03-27 21:40:33 +0100
commit	cfc4a2dbe3652180c1d08d5d9e154e28cbb340fb (patch)
tree	f9af595878a2789be45c612e26ced8c9f7c592ad /lib/api/internal.rb
parent	f03820ebf2f28ddb26e422322219a815d8cd3749 (diff)
parent	fc5ac1451dcfda7cf53d536db79b552b29849276 (diff)
download	gitlab-ce-cfc4a2dbe3652180c1d08d5d9e154e28cbb340fb.tar.gz