Module: API::Helpers::Packages::BasicAuthHelpers

Extended by:
Gitlab::Utils::Override
Includes:
Constants, Gitlab::Utils::StrongMemoize
Included in:
Maven::BasicAuthHelpers
Defined in:
lib/api/helpers/packages/basic_auth_helpers.rb

Defined Under Namespace

Modules: Constants

Constant Summary

Constants included from Constants

Constants::AUTHENTICATE_REALM_HEADER, Constants::AUTHENTICATE_REALM_NAME

Instance Method Summary collapse

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#authorize!(action, subject = :global, reason = nil) ⇒ Object 



54
55
56
57
58
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 54

def authorize!(action, subject = :global, reason = nil)
  return if can?(current_user, action, subject)

  unauthorized_or! { forbidden!(reason) }
end

#authorized_project_find!(action: :read_project) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 23

def authorized_project_find!(action: :read_project)
  project = find_project(params[:id])

  return unauthorized_or! { not_found! } unless project

  case action
  when :read_package
    unless can?(current_user, :read_package, project&.packages_policy_subject)
      # guest users can have :read_project but not :read_package
      return forbidden! if can?(current_user, :read_project, project)

      return unauthorized_or! { not_found! }
    end
  else
    return unauthorized_or! { not_found! } unless can?(current_user, action, project)
  end

  project
end

#authorized_user_project(action: :read_project) ⇒ Object 



17
18
19
20
21
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 17

def authorized_user_project(action: :read_project)
  strong_memoize("authorized_user_project_#{action}") do
    authorized_project_find!(action: action)
  end
end

#find_authorized_group!Object 



43
44
45
46
47
48
49
50
51
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 43

def find_authorized_group!
  group = find_group(params[:id])

  unless group && can?(current_user, :read_group, group)
    return unauthorized_or! { not_found! }
  end

  group
end

#unauthorized!Object 



65
66
67
68
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 65

def unauthorized!
  header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
  super
end

#unauthorized_or!Object 



60
61
62
 
# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 60

def unauthorized_or!
  current_user ? yield : unauthorized!
end