Skip to content

Instantly share code, notes, and snippets.

@mjdetullio

mjdetullio/gist:5145576

Last active Dec 14, 2015
Embed
What would you like to do?
GitLab 4.2: Convert public (no auth) HTTP clone projects into internally public projects (auth required) with Reporter access. I am not liable for any effects this may have on your GitLab instance(s)
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 400e44e..7c74dcb 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -10,7 +10,7 @@ class Admin::UsersController < Admin::ApplicationController
def show
@projects = Project.scoped
- @projects = @projects.without_user(admin_user) if admin_user.authorized_projects.present?
+ @projects = @projects.without_user(admin_user) if admin_user.joined_projects.present?
end
def team_update
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 97fa1db..4281d30 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -30,6 +30,8 @@ class DashboardController < ApplicationController
@projects.personal(current_user)
when 'joined' then
@projects.joined(current_user)
+ when 'public' then
+ @projects.public
else
@projects
end
diff --git a/app/controllers/public/projects_controller.rb b/app/controllers/public/projects_controller.rb
index 4108fe5..620827f 100644
--- a/app/controllers/public/projects_controller.rb
+++ b/app/controllers/public/projects_controller.rb
@@ -1,6 +1,5 @@
class Public::ProjectsController < ApplicationController
- skip_before_filter :authenticate_user!,
- :reject_blocked, :set_current_user_for_observers,
+ skip_before_filter :set_current_user_for_observers,
:add_abilities
layout 'public'
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6d087a9..097c264 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -34,10 +34,10 @@ class Ability
elsif team.developers.include?(user)
rules << project_dev_rules
- elsif team.reporters.include?(user)
+ elsif team.reporters.include?(user) || project.public?
rules << project_report_rules
- elsif team.guests.include?(user)
+ elsif team.guests.include?(user) || project.public?
rules << project_guest_rules
end
@@ -106,6 +106,10 @@ class Ability
]
end
+ def project_public_rules
+ project_report_rules
+ end
+
def group_abilities user, group
rules = []
diff --git a/app/models/project.rb b/app/models/project.rb
index 6a3d7ab..7e20aa9 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -78,14 +78,14 @@ class Project < ActiveRecord::Base
validate :check_limit, :repo_name
# Scopes
- scope :without_user, ->(user) { where("id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) }
+ scope :without_user, ->(user) { where("id NOT IN (:ids)", ids: user.joined_projects.map(&:id) ) }
scope :not_in_group, ->(group) { where("id NOT IN (:ids)", ids: group.project_ids ) }
scope :without_team, ->(team) { team.projects.present? ? where("id NOT IN (:ids)", ids: team.projects.map(&:id)) : scoped }
scope :in_team, ->(team) { where("id IN (:ids)", ids: team.projects.map(&:id)) }
scope :in_namespace, ->(namespace) { where(namespace_id: namespace.id) }
scope :sorted_by_activity, ->() { order("(SELECT max(events.created_at) FROM events WHERE events.project_id = projects.id) DESC") }
scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
- scope :joined, ->(user) { where("namespace_id != ?", user.namespace_id) }
+ scope :joined, ->(user) { where("namespace_id != :nid AND id IN (SELECT users_projects.project_id FROM users_projects WHERE users_projects.user_id = :uid)", nid: user.namespace_id, uid: user.id) }
scope :public, where(public: true)
class << self
diff --git a/app/models/project_team.rb b/app/models/project_team.rb
index 2cc7697..9592784 100644
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -67,6 +67,7 @@ class ProjectTeam
end
def repository_readers
+ return ['@all'] if @project.public?
repository_members[UsersProject::REPORTER]
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 5b0df09..cb9f972 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -193,11 +193,17 @@ class User < ActiveRecord::Base
# Projects user has access to
def authorized_projects
- project_ids = users_projects.pluck(:project_id)
+ project_ids = Project.public.pluck(:id)
+ project_ids = project_ids | users_projects.pluck(:project_id)
project_ids = project_ids | owned_projects.pluck(:id)
Project.where(id: project_ids)
end
+ def joined_projects
+ project_ids = users_projects.pluck(:project_id)
+ Project.where(id: project_ids)
+ end
+
# Projects in user namespace
def personal_projects
Project.personal(self)
diff --git a/app/views/admin/projects/_form.html.haml b/app/views/admin/projects/_form.html.haml
index ebf6992..fb48fc8 100644
--- a/app/views/admin/projects/_form.html.haml
+++ b/app/views/admin/projects/_form.html.haml
@@ -47,7 +47,7 @@
%legend Public mode:
.clearfix
= f.label :public do
- %span Allow public http clone
+ %span Allow public read access
.input= f.check_box :public
%fieldset.features
diff --git a/app/views/dashboard/projects.html.haml b/app/views/dashboard/projects.html.haml
index 8e21b0c..8eb3125 100644
--- a/app/views/dashboard/projects.html.haml
+++ b/app/views/dashboard/projects.html.haml
@@ -19,6 +19,8 @@
= link_to "Personal", projects_dashboard_path(scope: 'personal')
= nav_tab :scope, 'joined' do
= link_to "Joined", projects_dashboard_path(scope: 'joined')
+ = nav_tab :scope, 'public' do
+ = link_to "Public", projects_dashboard_path(scope: 'public')
.span9
= form_tag projects_dashboard_path, method: 'get' do
diff --git a/app/views/layouts/project_resource.html.haml b/app/views/layouts/project_resource.html.haml
index 09ccb1d..d9b6ca4 100644
--- a/app/views/layouts/project_resource.html.haml
+++ b/app/views/layouts/project_resource.html.haml
@@ -7,7 +7,7 @@
- if can?(current_user, :download_code, @project)
= render 'shared/no_ssh'
- - unless @project.users.include?(current_user)
+ - unless @project.users.include?(current_user) || @project.public?
= render 'shared/not_in_team'
.container
%ul.main_menu
diff --git a/app/views/projects/_form.html.haml b/app/views/projects/_form.html.haml
index 0336654..24b97db 100644
--- a/app/views/projects/_form.html.haml
+++ b/app/views/projects/_form.html.haml
@@ -53,9 +53,9 @@
.controls
= f.check_box :public
%span.descr
- If checked, this project can be cloned
- %em without any
- authentification.
+ If checked, this project will be visible to all users
+ %em with
+ authentication.
It will also be listed on the #{link_to "public access directory", public_root_path}.
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index a2d15d5..2de60f6 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -15,7 +15,7 @@ module Grack
@env['SCRIPT_NAME'] = ""
return render_not_found unless project
- return unauthorized unless project.public || @auth.provided?
+ return unauthorized unless @auth.provided?
return bad_request if @auth.provided? && !@auth.basic?
if valid?
@@ -50,12 +50,12 @@ module Grack
end
def validate_get_request
- project.public || can?(user, :download_code, project)
+ can?(user, :download_code, project)
end
def validate_post_request
if @request.path_info.end_with?('git-upload-pack')
- project.public || can?(user, :download_code, project)
+ can?(user, :download_code, project)
elsif @request.path_info.end_with?('git-receive-pack')
action = if project.protected_branch?(current_ref)
:push_code_to_protected_branches
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.