Merge pull request #4662 from jzi/allow_archive_for_deploy_key

allow all git-upload-* commands for deploy keys

Merge pull request #4662 from jzi/allow_archive_for_deploy_key
allow all git-upload-* commands for deploy keys
8c08fb9b · Dmitriy Zaporozhets · 4f07a6a9 · e03d01d0 · 8c08fb9b · 8c08fb9b
隐藏空白更改
内联并排

Showing with 43 addition and 3 deletion

lib/api/internal.rb lib/api/internal.rb +7 -3

spec/requests/api/internal_spec.rb spec/requests/api/internal_spec.rb +36 -0

未找到文件。
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
 module API
  # Internal access API
  class Internal < Grape::API
+    DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }
+    PUSH_COMMANDS = %w{ git-receive-pack }
    namespace 'internal' do
      #
      # Check if ssh key has access to project code
@@ -26,16 +30,16 @@ module API
        if key.is_a? DeployKey
-          key.projects.include?(project) && git_cmd == 'git-upload-pack'
+          key.projects.include?(project) && DOWNLOAD_COMMANDS.include?(git_cmd)
        else
          user = key.user
          return false if user.blocked?
          action = case git_cmd
-                   when 'git-upload-pack', 'git-upload-archive'
+                   when *DOWNLOAD_COMMANDS
                     then :download_code
-                   when 'git-receive-pack'
+                   when *PUSH_COMMANDS
                     then
                     if project.protected_branch?(params[:ref])
                       :push_code_to_protected_branches

--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -100,6 +100,32 @@ describe API::API do
        end
      end
    end
+    context "deploy key" do
+      let(:key) { create(:deploy_key) }
+      context "added to project" do
+        before do
+          key.projects << project
+        end
+        it do
+          archive(key, project)
+          response.status.should == 200
+          response.body.should == 'true'
+        end
+      end
+      context "not added to project" do
+        it do
+          archive(key, project)
+          response.status.should == 200
+          response.body.should == 'false'
+        end
+      end
+    end
  end
  def pull(key, project)
@@ -121,4 +147,14 @@ describe API::API do
      action: 'git-receive-pack'
    )
  end
+  def archive(key, project)
+    get(
+      api("/internal/allowed"),
+      ref: 'master',
+      key_id: key.id,
+      project: project.path_with_namespace,
+      action: 'git-upload-archive'
+    )
+  end
 end