7 files changed, 34 insertions, 42 deletions

diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb
index 5816969..10afeef 100644
--- a/lib/gitlab_access.rb
+++ b/lib/gitlab_access.rb
@@ -15,7 +15,7 @@ class GitlabAccess
     @config = GitlabConfig.new
     @repo_path = repo_path.strip
     @actor = actor
-    @repo_name = extract_repo_name(@repo_path.dup, config.repos_path.to_s)
+    @repo_name = extract_repo_name(@repo_path.dup)
     @changes = changes.lines
   end
 
diff --git a/lib/gitlab_access_status.rb b/lib/gitlab_access_status.rb
index 7a5f7d5..7fb88be 100644
--- a/lib/gitlab_access_status.rb
+++ b/lib/gitlab_access_status.rb
@@ -1,16 +1,17 @@
 require 'json'
 
 class GitAccessStatus
-  attr_reader :message
+  attr_reader :message, :repository_path
 
-  def initialize(status, message)
+  def initialize(status, message, repository_path)
     @status = status
     @message = message
+    @repository_path = repository_path
   end
 
   def self.create_from_json(json)
     values = JSON.parse(json)
-    self.new(values["status"], values["message"])
+    self.new(values["status"], values["message"], values["repository_path"])
   end
 
   def allowed?
diff --git a/lib/gitlab_config.rb b/lib/gitlab_config.rb
index ebf72d6..beaf173 100644
--- a/lib/gitlab_config.rb
+++ b/lib/gitlab_config.rb
@@ -11,10 +11,6 @@ class GitlabConfig
     ENV['HOME']
   end
 
-  def repos_path
-    @config['repos_path'] ||= File.join(home, "repositories")
-  end
-
   def auth_file
     @config['auth_file'] ||= File.join(home, ".ssh/authorized_keys")
   end
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index e2bc2da..dd9a4b0 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -38,7 +38,7 @@ class GitlabNet
     if resp.code == '200'
       GitAccessStatus.create_from_json(resp.body)
     else
-      GitAccessStatus.new(false, 'API is not accessible')
+      GitAccessStatus.new(false, 'API is not accessible', nil)
     end
   end
 
diff --git a/lib/gitlab_projects.rb b/lib/gitlab_projects.rb
index 767ab79..ad3d3b8 100644
--- a/lib/gitlab_projects.rb
+++ b/lib/gitlab_projects.rb
@@ -43,8 +43,8 @@ class GitlabProjects
 
   def initialize
     @command = ARGV.shift
+    @repos_path = ARGV.shift
     @project_name = ARGV.shift
-    @repos_path = GitlabConfig.new.repos_path
     @full_path = File.join(@repos_path, @project_name) unless @project_name.nil?
   end
 
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 365c543..c5d5c02 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -9,12 +9,12 @@ class GitlabShell
 
   GIT_COMMANDS = %w(git-upload-pack git-receive-pack git-upload-archive git-annex-shell git-lfs-authenticate).freeze
 
-  attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name
+  attr_accessor :key_id, :repo_name, :git_cmd
+  attr_reader :repo_path
 
   def initialize(key_id)
     @key_id = key_id
     @config = GitlabConfig.new
-    @repos_path = @config.repos_path
   end
 
   # The origin_cmd variable contains UNTRUSTED input. If the user ran
@@ -66,13 +66,10 @@ class GitlabShell
     when 'git-annex-shell'
       raise DisallowedCommandError unless @config.git_annex_enabled?
 
-      @repo_name = escape_path(args[2].sub(/\A\/~\//, ''))
-
-      # Make sure repository has git-annex enabled
-      init_git_annex(@repo_name) unless gcryptsetup?(args)
+      @repo_name = args[2].sub(/\A\/~\//, '')
     when 'git-lfs-authenticate'
       raise DisallowedCommandError unless args.count >= 2
-      @repo_name = escape_path(args[1])
+      @repo_name = args[1]
       case args[2]
       when 'download'
         @git_access = 'git-upload-pack'
@@ -83,7 +80,7 @@ class GitlabShell
       end
     else
       raise DisallowedCommandError unless args.count == 2
-      @repo_name = escape_path(args.last)
+      @repo_name = args.last
     end
   end
 
@@ -91,19 +88,22 @@ class GitlabShell
     status = api.check_access(@git_access, @repo_name, @key_id, '_any')
 
     raise AccessDeniedError, status.message unless status.allowed?
+
+    self.repo_path = status.repository_path
   end
 
   def process_cmd(args)
-    repo_full_path = File.join(repos_path, repo_name)
-
     if @git_cmd == 'git-annex-shell'
       raise DisallowedCommandError unless @config.git_annex_enabled?
 
+      # Make sure repository has git-annex enabled
+      init_git_annex unless gcryptsetup?(args)
+
       parsed_args =
         args.map do |arg|
           # use full repo path
           if arg =~ /\A\/.*\.git\Z/
-            repo_full_path
+            repo_path
           else
             arg
           end
@@ -112,8 +112,8 @@ class GitlabShell
       $logger.info "gitlab-shell: executing git-annex command <#{parsed_args.join(' ')}> for #{log_username}."
       exec_cmd(*parsed_args)
     else
-      $logger.info "gitlab-shell: executing git command <#{@git_cmd} #{repo_full_path}> for #{log_username}."
-      exec_cmd(@git_cmd, repo_full_path)
+      $logger.info "gitlab-shell: executing git command <#{@git_cmd} #{repo_path}> for #{log_username}."
+      exec_cmd(@git_cmd, repo_path)
     end
   end
 
@@ -164,23 +164,11 @@ class GitlabShell
     @config.audit_usernames ? username : "user with key #{@key_id}"
   end
 
-  def escape_path(path)
-    full_repo_path = File.join(repos_path, path)
-
-    if File.absolute_path(full_repo_path) == full_repo_path
-      path
-    else
-      raise InvalidRepositoryPathError
-    end
-  end
-
-  def init_git_annex(path)
-    full_repo_path = File.join(repos_path, path)
-
-    unless File.exists?(File.join(full_repo_path, 'annex'))
-      cmd = %W(git --git-dir=#{full_repo_path} annex init "GitLab")
+  def init_git_annex
+    unless File.exists?(File.join(repo_path, 'annex'))
+      cmd = %W(git --git-dir=#{repo_path} annex init "GitLab")
       system(*cmd, err: '/dev/null', out: '/dev/null')
-      $logger.info "Enable git-annex for repository: #{path}."
+      $logger.info "Enable git-annex for repository: #{repo_name}."
     end
   end
 
@@ -188,4 +176,12 @@ class GitlabShell
     non_dashed = args.reject { |a| a.start_with?('-') }
     non_dashed[0, 2] == %w{git-annex-shell gcryptsetup}
   end
+
+  private
+
+  def repo_path=(repo_path)
+    raise InvalidRepositoryPathError if File.absolute_path(repo_path) != repo_path
+
+    @repo_path = repo_path
+  end
 end
diff --git a/lib/names_helper.rb b/lib/names_helper.rb
index efad56f..ec41b79 100644
--- a/lib/names_helper.rb
+++ b/lib/names_helper.rb
@@ -1,10 +1,9 @@
 module NamesHelper
-  def extract_repo_name(path, base)
+  def extract_repo_name(path)
     repo_name = path.strip
-    repo_name.gsub!(base, "")
     repo_name.gsub!(/\.git$/, "")
     repo_name.gsub!(/^\//, "")
-    repo_name
+    repo_name.split(File::SEPARATOR).last(2).join(File::SEPARATOR)
   end
 
   def extract_ref_name(ref)