Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
1c34a2a0
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
1c34a2a0
编写于
12月 04, 2018
作者:
J
James Lopez
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use read_repository scope on read-only files API
上级
40343096
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
33 addition
and
0 deletion
+33
-0
lib/api/files.rb
lib/api/files.rb
+4
-0
spec/requests/api/files_spec.rb
spec/requests/api/files_spec.rb
+29
-0
未找到文件。
lib/api/files.rb
浏览文件 @
1c34a2a0
...
...
@@ -2,6 +2,8 @@
module
API
class
Files
<
Grape
::
API
include
APIGuard
FILE_ENDPOINT_REQUIREMENTS
=
API
::
NAMESPACE_OR_PROJECT_REQUIREMENTS
.
merge
(
file_path:
API
::
NO_SLASH_URL_PART_REGEX
)
# Prevents returning plain/text responses for files with .txt extension
...
...
@@ -79,6 +81,8 @@ module API
requires
:id
,
type:
String
,
desc:
'The project ID'
end
resource
:projects
,
requirements:
FILE_ENDPOINT_REQUIREMENTS
do
allow_access_with_scope
:read_repository
,
if:
->
(
request
)
{
request
.
get?
||
request
.
head?
}
desc
'Get raw file metadata from repository'
params
do
requires
:file_path
,
type:
String
,
desc:
'The url encoded path to the file. Ex. lib%2Fclass%2Erb'
...
...
spec/requests/api/files_spec.rb
浏览文件 @
1c34a2a0
...
...
@@ -121,6 +121,13 @@ describe API::Files do
end
end
context
'when PATs are used'
do
it_behaves_like
'repository files'
do
let
(
:token
)
{
create
(
:personal_access_token
,
scopes:
[
'read_repository'
],
user:
user
)
}
let
(
:current_user
)
{
{
personal_access_token:
token
}
}
end
end
context
'when authenticated'
,
'as a developer'
do
it_behaves_like
'repository files'
do
let
(
:current_user
)
{
user
}
...
...
@@ -217,6 +224,13 @@ describe API::Files do
end
end
context
'when PATs are used'
do
it_behaves_like
'repository files'
do
let
(
:token
)
{
create
(
:personal_access_token
,
scopes:
[
'read_repository'
],
user:
user
)
}
let
(
:current_user
)
{
{
personal_access_token:
token
}
}
end
end
context
'when unauthenticated'
,
'and project is private'
do
it_behaves_like
'404 response'
do
let
(
:request
)
{
get
api
(
route
(
file_path
)),
params
}
...
...
@@ -317,6 +331,21 @@ describe API::Files do
let
(
:request
)
{
get
api
(
route
(
file_path
),
guest
),
params
}
end
end
context
'when PATs are used'
do
it
'returns file by commit sha'
do
token
=
create
(
:personal_access_token
,
scopes:
[
'read_repository'
],
user:
user
)
# This file is deleted on HEAD
file_path
=
"files%2Fjs%2Fcommit%2Ejs%2Ecoffee"
params
[
:ref
]
=
"6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9"
expect
(
Gitlab
::
Workhorse
).
to
receive
(
:send_git_blob
)
get
api
(
route
(
file_path
)
+
"/raw"
,
personal_access_token:
token
),
params
expect
(
response
).
to
have_gitlab_http_status
(
200
)
end
end
end
describe
"POST /projects/:id/repository/files/:file_path"
do
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录