From aa84ef1e1af0bac40279e02e4ce889cb660ed9d0 Mon Sep 17 00:00:00 2001 From: Francisco Lopez Date: Thu, 16 Nov 2017 15:39:30 +0100 Subject: Moving exceptions to UserAuthFinders --- lib/api/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 3c8960cb1ab..09e9753b010 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -398,7 +398,7 @@ module API begin @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } - rescue APIGuard::UnauthorizedError + rescue Gitlab::Auth::UserAuthFinders::UnauthorizedError unauthorized! end end -- cgit v1.2.1 From 1436598e49792b78f5f753477a9d8c097d666b99 Mon Sep 17 00:00:00 2001 From: Francisco Lopez Date: Thu, 16 Nov 2017 17:03:19 +0100 Subject: Moved Exceptions to Gitlab::Auth --- lib/api/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 09e9753b010..b26c61ab8da 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -398,7 +398,7 @@ module API begin @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } - rescue Gitlab::Auth::UserAuthFinders::UnauthorizedError + rescue Gitlab::Auth::UnauthorizedError unauthorized! end end -- cgit v1.2.1 From dfbfd3c7d7d4677ac99a7f8147a673911e8d4e98 Mon Sep 17 00:00:00 2001 From: Tomasz Maczukin Date: Thu, 23 Nov 2017 14:32:16 +0100 Subject: Allow request namespace by ID or path --- lib/api/helpers.rb | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index b26c61ab8da..52ac416f9ad 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -50,6 +50,10 @@ module API initial_current_user != current_user end + def user_namespace + @user_namespace ||= find_namespace!(params[:id]) + end + def user_group @group ||= find_group!(params[:id]) end @@ -112,6 +116,24 @@ module API end end + def find_namespace(id) + if id.to_s =~ /^\d+$/ + Namespace.find_by(id: id) + else + Namespace.find_by_full_path(id) + end + end + + def find_namespace!(id) + namespace = find_namespace(id) + + if can?(current_user, :admin_namespace, namespace) + namespace + else + not_found!('Namespace') + end + end + def find_project_label(id) label = available_labels.find_by_id(id) || available_labels.find_by_title(id) label || not_found!('Label') -- cgit v1.2.1 From 97f966c445c0c2191a8017aa981a34737b9adf56 Mon Sep 17 00:00:00 2001 From: Tomasz Maczukin Date: Thu, 23 Nov 2017 15:47:15 +0100 Subject: Introduce :read_namespace access policy for namespace and group --- lib/api/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 52ac416f9ad..686bf7a3c2b 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -127,7 +127,7 @@ module API def find_namespace!(id) namespace = find_namespace(id) - if can?(current_user, :admin_namespace, namespace) + if can?(current_user, :read_namespace, namespace) namespace else not_found!('Namespace') -- cgit v1.2.1