block user should not be able to push

2013-03-07 14:18:30 +02:00 · 2013-03-07 14:18:30 +02:00 · d2cec12632
parent 9c2a6e2013
commit d2cec12632
2 changed files with 52 additions and 28 deletions
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@ -20,6 +20,9 @@ module Gitlab
          project == key.project && git_cmd == 'git-upload-pack'
        else
          user = key.user
+
+          return false if user.blocked?
+
          action = case git_cmd
                   when 'git-upload-pack'
                     then :download_code
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@ -34,13 +34,7 @@ describe Gitlab::API do

      context "git pull" do
        it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-upload-pack'
-          )
+          pull(key, project)

          response.status.should == 200
          response.body.should == 'true'
@ -49,13 +43,7 @@ describe Gitlab::API do

      context "git push" do
        it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-receive-pack'
-          )
+          push(key, project)

          response.status.should == 200
          response.body.should == 'true'
@ -70,13 +58,7 @@ describe Gitlab::API do

      context "git pull" do
        it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-upload-pack'
-          )
+          pull(key, project)

          response.status.should == 200
          response.body.should == 'false'
@ -85,13 +67,7 @@ describe Gitlab::API do

      context "git push" do
        it do
-          get(
-            api("/internal/allowed"),
-            ref: 'master',
-            key_id: key.id,
-            project: project.path_with_namespace,
-            action: 'git-receive-pack'
-          )
+          push(key, project)

          response.status.should == 200
          response.body.should == 'false'
@ -99,5 +75,50 @@ describe Gitlab::API do
      end
    end

+    context "blocked user" do
+      let(:personal_project) { create(:project, namespace: user.namespace) }
+
+      before do
+        user.block
+      end
+
+      context "git pull" do
+        it do
+          pull(key, personal_project)
+
+          response.status.should == 200
+          response.body.should == 'false'
+        end
+      end
+
+      context "git push" do
+        it do
+          push(key, personal_project)
+
+          response.status.should == 200
+          response.body.should == 'false'
+        end
+      end
+    end
+  end
+
+  def pull(key, project)
+    get(
+      api("/internal/allowed"),
+      ref: 'master',
+      key_id: key.id,
+      project: project.path_with_namespace,
+      action: 'git-upload-pack'
+    )
+  end
+
+  def push(key, project)
+    get(
+      api("/internal/allowed"),
+      ref: 'master',
+      key_id: key.id,
+      project: project.path_with_namespace,
+      action: 'git-receive-pack'
+    )
  end
 end