diff options
| author | Filipa Lacerda <filipa@gitlab.com> | 2019-05-06 10:08:20 +0100 |
|---|---|---|
| committer | Filipa Lacerda <filipa@gitlab.com> | 2019-05-06 10:08:20 +0100 |
| commit | 678c5a0086646b1efaed4c02bc53a018f6b0a950 (patch) | |
| tree | 1d77242b1480020fe2170de19577500f79699c17 /lib/api | |
| parent | 8d1bdaf4396291c7a61bcc3da8b0d6cd2da3e0dc (diff) | |
| parent | 8b55b794cb48c726cde7cf0ad24180d8e6bb975f (diff) | |
| download | gitlab-ce-61278-next.tar.gz | |
Merge branch 'master' into 61278-next61278-next
* master: (64 commits)
Allow usage of quick actions for internal users
Added Omniauth OpenId Connect startegy
Changelog update for MR #27025, Issue #57528
Docs: Realigning scattered EE docs into CE
Add troubleshooting step for older docker clients
Edit regionendpoint text
Docs: Change geo redirects to relative to match EE
Docs: Second Attempt to realign administration/geo docs
Document Prometheus app can be uninstalled
Docs: Merge EE doc/administration/high_availability to CE
Docs: Merge EE doc/gitlab-geo to CE
Docs: Merge EE doc/user/application_security to CE
Docs: Merge EE doc/administration/geo to CE
Docs: Merge Various EE /doc dirs to CE
Docs: Merge EE doc/user/project/*.md to CE
Docs: Merge 4 EE doc/user/project dirs to CE
Docs: Merge misc EE doc/user/project/i* dirs to CE
Docs: Merge Misc EE doc/administration files and dirs to CE
Docs: Merge EE doc/ci to CE
Docs: Merge EE doc/user/project/issues to CE
...
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api.rb | 2 | ||||
| -rw-r--r-- | lib/api/entities.rb | 19 | ||||
| -rw-r--r-- | lib/api/releases.rb | 16 |
3 files changed, 26 insertions, 11 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index a572cca24e9..f4a96b9711b 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -6,7 +6,7 @@ module API LOG_FILENAME = Rails.root.join("log", "api_json.log") - NO_SLASH_URL_PART_REGEX = %r{[^/]+} + NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze COMMIT_ENDPOINT_REQUIREMENTS = NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(sha: NO_SLASH_URL_PART_REGEX).freeze USER_REQUIREMENTS = { user_id: NO_SLASH_URL_PART_REGEX }.freeze diff --git a/lib/api/entities.rb b/lib/api/entities.rb index ee8480122c4..a228614f684 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -1156,22 +1156,33 @@ module API end end - class Release < TagRelease + class Release < Grape::Entity expose :name + expose :tag, as: :tag_name, if: lambda { |_, _| can_download_code? } + expose :description expose :description_html do |entity| MarkupHelper.markdown_field(entity, :description) end expose :created_at expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? } - expose :commit, using: Entities::Commit + expose :commit, using: Entities::Commit, if: lambda { |_, _| can_download_code? } expose :assets do - expose :assets_count, as: :count - expose :sources, using: Entities::Releases::Source + expose :assets_count, as: :count do |release, _| + assets_to_exclude = can_download_code? ? [] : [:sources] + release.assets_count(except: assets_to_exclude) + end + expose :sources, using: Entities::Releases::Source, if: lambda { |_, _| can_download_code? } expose :links, using: Entities::Releases::Link do |release, options| release.links.sorted end end + + private + + def can_download_code? + Ability.allowed?(options[:current_user], :download_code, object.project) + end end class Tag < Grape::Entity diff --git a/lib/api/releases.rb b/lib/api/releases.rb index cb85028f22c..6b17f4317db 100644 --- a/lib/api/releases.rb +++ b/lib/api/releases.rb @@ -23,7 +23,7 @@ module API get ':id/releases' do releases = ::ReleasesFinder.new(user_project, current_user).execute - present paginate(releases), with: Entities::Release + present paginate(releases), with: Entities::Release, current_user: current_user end desc 'Get a single project release' do @@ -34,9 +34,9 @@ module API requires :tag_name, type: String, desc: 'The name of the tag', as: :tag end get ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMETS do - authorize_read_release! + authorize_download_code! - present release, with: Entities::Release + present release, with: Entities::Release, current_user: current_user end desc 'Create a new release' do @@ -63,7 +63,7 @@ module API .execute if result[:status] == :success - present result[:release], with: Entities::Release + present result[:release], with: Entities::Release, current_user: current_user else render_api_error!(result[:message], result[:http_status]) end @@ -86,7 +86,7 @@ module API .execute if result[:status] == :success - present result[:release], with: Entities::Release + present result[:release], with: Entities::Release, current_user: current_user else render_api_error!(result[:message], result[:http_status]) end @@ -107,7 +107,7 @@ module API .execute if result[:status] == :success - present result[:release], with: Entities::Release + present result[:release], with: Entities::Release, current_user: current_user else render_api_error!(result[:message], result[:http_status]) end @@ -135,6 +135,10 @@ module API authorize! :destroy_release, release end + def authorize_download_code! + authorize! :download_code, release + end + def release @release ||= user_project.releases.find_by_tag(params[:tag]) end |