Merge branch 'master' into mwessel/gitlab-ce-configure-protection

10 files changed, 39 insertions, 55 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index cb46f477ff9..60858a39407 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -6,7 +6,7 @@ module API
     version 'v3', using: :path
 
     rescue_from ActiveRecord::RecordNotFound do
-      rack_response({'message' => '404 Not found'}.to_json, 404)
+      rack_response({ 'message' => '404 Not found' }.to_json, 404)
     end
 
     rescue_from :all do |exception|
@@ -19,7 +19,7 @@ module API
       message << "  " << trace.join("\n  ")
 
       API.logger.add Logger::FATAL, message
-      rack_response({'message' => '500 Internal Server Error'}, 500)
+      rack_response({ 'message' => '500 Internal Server Error' }, 500)
     end
 
     format :json
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 23975518181..b9994fcefda 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -47,16 +47,12 @@ module APIGuard
         case validate_access_token(access_token, scopes)
         when Oauth2::AccessTokenValidationService::INSUFFICIENT_SCOPE
           raise InsufficientScopeError.new(scopes)
-
         when Oauth2::AccessTokenValidationService::EXPIRED
           raise ExpiredError
-
         when Oauth2::AccessTokenValidationService::REVOKED
           raise RevokedError
-
         when Oauth2::AccessTokenValidationService::VALID
           @current_user = User.find(access_token.resource_owner_id)
-
         end
       end
     end
@@ -120,8 +116,9 @@ module APIGuard
     end
 
     def oauth2_bearer_token_error_handler
-      Proc.new {|e|
-        response = case e
+      Proc.new do |e|
+        response =
+          case e
           when MissingTokenError
             Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
 
@@ -146,11 +143,11 @@ module APIGuard
             Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(
               :insufficient_scope,
               Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION[:insufficient_scope],
-              { :scope => e.scopes})
+              { scope: e.scopes })
           end
 
         response.finish
-      }
+      end
     end
   end
 
@@ -172,4 +169,4 @@ module APIGuard
       @scopes = scopes
     end
   end
-end
\ No newline at end of file
+end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index ac166ed4fba..58339908fd2 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -55,7 +55,7 @@ module API
       expose :path, :path_with_namespace
       expose :issues_enabled, :merge_requests_enabled, :wiki_enabled, :snippets_enabled, :created_at, :last_activity_at
       expose :namespace
-      expose :forked_from_project, using: Entities::ForkedFromProject, :if => lambda{ | project, options | project.forked? }
+      expose :forked_from_project, using: Entities::ForkedFromProject, if: lambda{ | project, options | project.forked? }
     end
 
     class ProjectMember < UserBasic
diff --git a/lib/api/group_members.rb b/lib/api/group_members.rb
index d596517c816..4373070083a 100644
--- a/lib/api/group_members.rb
+++ b/lib/api/group_members.rb
@@ -3,22 +3,6 @@ module API
     before { authenticate! }
 
     resource :groups do
-      helpers do
-        def find_group(id)
-          group = Group.find(id)
-
-          if can?(current_user, :read_group, group)
-            group
-          else
-            render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
-          end
-        end
-
-        def validate_access_level?(level)
-          Gitlab::Access.options_with_owner.values.include? level.to_i
-        end
-      end
-
       # Get a list of group members viewable by the authenticated user.
       #
       # Example Request:
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index 730dfad52c8..384a28e41f5 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -4,22 +4,6 @@ module API
     before { authenticate! }
 
     resource :groups do
-      helpers do
-        def find_group(id)
-          group = Group.find(id)
-
-          if can?(current_user, :read_group, group)
-            group
-          else
-            render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
-          end
-        end
-
-        def validate_access_level?(level)
-          Gitlab::Access.options_with_owner.values.include? level.to_i
-        end
-      end
-
       # Get a groups list
       #
       # Example Request:
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 62c26ef76ce..be9e4280d65 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -55,6 +55,21 @@ module API
       end
     end
 
+    def find_group(id)
+      begin
+        group = Group.find(id)
+      rescue ActiveRecord::RecordNotFound
+        group = Group.find_by!(path: id)
+      end
+
+      if can?(current_user, :read_group, group)
+        group
+      else
+        forbidden!("#{current_user.username} lacks sufficient "\
+        "access to #{group.name}")
+      end
+    end
+
     def paginate(relation)
       per_page  = params[:per_page].to_i
       paginated = relation.page(params[:page]).per(per_page)
@@ -135,10 +150,16 @@ module API
       errors
     end
 
+    def validate_access_level?(level)
+      Gitlab::Access.options_with_owner.values.include? level.to_i
+    end
+
     # error helpers
 
-    def forbidden!
-      render_api_error!('403 Forbidden', 403)
+    def forbidden!(reason = nil)
+      message = ['403 Forbidden']
+      message << " - #{reason}" if reason
+      render_api_error!(message.join(' '), 403)
     end
 
     def bad_request!(attribute)
@@ -173,7 +194,7 @@ module API
     end
 
     def render_api_error!(message, status)
-      error!({'message' => message}, status)
+      error!({ 'message' => message }, status)
     end
 
     private
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index a999cff09c0..7a89a26facc 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -1,9 +1,7 @@
 module API
   # Internal access API
   class Internal < Grape::API
-    before {
-      authenticate_by_gitlab_shell_token!
-    }
+    before { authenticate_by_gitlab_shell_token! }
 
     namespace 'internal' do
       # Check if git command is allowed to project
diff --git a/lib/api/namespaces.rb b/lib/api/namespaces.rb
index f9f2ed90ccc..b90ed6af5fb 100644
--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@@ -1,10 +1,10 @@
 module API
   # namespaces API
   class Namespaces < Grape::API
-    before {
+    before do
       authenticate!
       authenticated_as_admin!
-    }
+    end
 
     resource :namespaces do
       # Get a namespaces list
diff --git a/lib/api/project_members.rb b/lib/api/project_members.rb
index 8e32f124ea5..1e890f9e199 100644
--- a/lib/api/project_members.rb
+++ b/lib/api/project_members.rb
@@ -106,7 +106,7 @@ module API
         unless team_member.nil?
           team_member.destroy
         else
-          {message: "Access revoked", id: params[:user_id].to_i}
+          { message: "Access revoked", id: params[:user_id].to_i }
         end
       end
     end
diff --git a/lib/api/system_hooks.rb b/lib/api/system_hooks.rb
index 3e239c5afe7..518964db50d 100644
--- a/lib/api/system_hooks.rb
+++ b/lib/api/system_hooks.rb
@@ -1,10 +1,10 @@
 module API
   # Hooks API
   class SystemHooks < Grape::API
-    before {
+    before do
       authenticate!
       authenticated_as_admin!
-    }
+    end
 
     resource :hooks do
       # Get the list of system hooks