1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
require_relative 'gitlab_init'
require_relative 'gitlab_net'
require_relative 'gitlab_access_status'
require_relative 'names_helper'
require 'json'
class GitlabAccess
class AccessDeniedError < StandardError; end
include NamesHelper
attr_reader :config, :repo_path, :repo_name, :changes, :protocol
def initialize(repo_path, actor, changes, protocol)
@config = GitlabConfig.new
@repo_path = repo_path.strip
@actor = actor
@repo_name = extract_repo_name(@repo_path.dup)
@changes = changes.lines
@protocol = protocol
end
def exec
env = {
"GIT_ALTERNATE_OBJECT_DIRECTORIES" => ENV["GIT_ALTERNATE_OBJECT_DIRECTORIES"],
"GIT_OBJECT_DIRECTORY" => ENV["GIT_OBJECT_DIRECTORY"]
}
status = api.check_access('git-receive-pack', @repo_name, @actor, @changes, @protocol, env: env.to_json)
raise AccessDeniedError, status.message unless status.allowed?
true
rescue GitlabNet::ApiUnreachableError
$stderr.puts "GitLab: Failed to authorize your Git request: internal API unreachable"
false
rescue AccessDeniedError => ex
$stderr.puts "GitLab: #{ex.message}"
false
end
protected
def api
GitlabNet.new
end
end
|
