block user should not be able to push

This commit is contained in:
Dmitriy Zaporozhets 2013-03-07 14:18:30 +02:00
parent 9c2a6e2013
commit d2cec12632
2 changed files with 52 additions and 28 deletions

View file

@ -20,6 +20,9 @@ module Gitlab
project == key.project && git_cmd == 'git-upload-pack' project == key.project && git_cmd == 'git-upload-pack'
else else
user = key.user user = key.user
return false if user.blocked?
action = case git_cmd action = case git_cmd
when 'git-upload-pack' when 'git-upload-pack'
then :download_code then :download_code

View file

@ -34,13 +34,7 @@ describe Gitlab::API do
context "git pull" do context "git pull" do
it do it do
get( pull(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'true' response.body.should == 'true'
@ -49,13 +43,7 @@ describe Gitlab::API do
context "git push" do context "git push" do
it do it do
get( push(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'true' response.body.should == 'true'
@ -70,13 +58,7 @@ describe Gitlab::API do
context "git pull" do context "git pull" do
it do it do
get( pull(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'false' response.body.should == 'false'
@ -85,13 +67,7 @@ describe Gitlab::API do
context "git push" do context "git push" do
it do it do
get( push(key, project)
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack'
)
response.status.should == 200 response.status.should == 200
response.body.should == 'false' response.body.should == 'false'
@ -99,5 +75,50 @@ describe Gitlab::API do
end end
end end
context "blocked user" do
let(:personal_project) { create(:project, namespace: user.namespace) }
before do
user.block
end
context "git pull" do
it do
pull(key, personal_project)
response.status.should == 200
response.body.should == 'false'
end
end
context "git push" do
it do
push(key, personal_project)
response.status.should == 200
response.body.should == 'false'
end
end
end
end
def pull(key, project)
get(
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-pack'
)
end
def push(key, project)
get(
api("/internal/allowed"),
ref: 'master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack'
)
end end
end end