Module: API::Helpers::PackagesHelpers

Extended by:

Gitlab::Utils::Override

Includes:

Gitlab::Utils::StrongMemoize

Included in:

API::Helpers::Packages::Npm, PackagesManagerClientsHelpers

Defined in:

lib/api/helpers/packages_helpers.rb

Constant Summary

MAX_PACKAGE_FILE_SIZE =

50.megabytes.freeze

Instance Method Summary

• #authorize_admin_package!(subject = user_project) ⇒ Object
• #authorize_create_package!(subject = user_project) ⇒ Object
• #authorize_destroy_package!(subject = user_project) ⇒ Object
• #authorize_packages_access!(subject = user_project, required_permission = :read_package) ⇒ Object
• #authorize_read_package!(subject = user_project) ⇒ Object
• #authorize_upload!(subject = user_project) ⇒ Object
• #authorize_workhorse!(subject: user_project, has_length: true, maximum_size: MAX_PACKAGE_FILE_SIZE, use_final_store_path: false) ⇒ Object
• #present_package_file!(package_file, supports_direct_download: true, content_disposition: nil) ⇒ Object
• #protect_package!(package_name, package_type) ⇒ Object
• #require_dependency_proxy_enabled! ⇒ Object
• #require_packages_enabled! ⇒ Object
• #track_package_event(action, scope, **args) ⇒ Object
• #user_project(action: :read_project) ⇒ Object
• #user_project_with_read_package ⇒ Object

  This function is similar to the ‘find_project!` function, but it considers the `read_package` ability.

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#authorize_admin_package!(subject = user_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 19

def authorize_admin_package!(subject = user_project)
  authorize!(:admin_package, subject)
end

#authorize_create_package!(subject = user_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 27

def authorize_create_package!(subject = user_project)
  authorize!(:create_package, subject)
end

#authorize_destroy_package!(subject = user_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 31

def authorize_destroy_package!(subject = user_project)
  authorize!(:destroy_package, subject)
end

#authorize_packages_access!(subject = user_project, required_permission = :read_package) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 35

def authorize_packages_access!(subject = user_project, required_permission = :read_package)
  require_packages_enabled!

  case required_permission
  when :read_package
    authorize_read_package!(subject)
  when :read_package_within_public_registries
    authorize!(required_permission, subject.packages_policy_subject)
  when :read_group
    authorize!(required_permission, subject)
  else
    forbidden!
  end
end

#authorize_read_package!(subject = user_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 23

def authorize_read_package!(subject = user_project)
  authorize!(:read_package, subject.try(:packages_policy_subject) || subject)
end

#authorize_upload!(subject = user_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 67

def authorize_upload!(subject = user_project)
  authorize_create_package!(subject)
  require_gitlab_workhorse!
end

#authorize_workhorse!(subject: user_project, has_length: true, maximum_size: MAX_PACKAGE_FILE_SIZE, use_final_store_path: false) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 50

def authorize_workhorse!(
  subject: user_project,
  has_length: true,
  maximum_size: MAX_PACKAGE_FILE_SIZE,
  use_final_store_path: false)

  authorize_upload!(subject)

  status 200
  content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE

  params = { has_length: has_length, use_final_store_path: use_final_store_path }
  params[:maximum_size] = maximum_size unless has_length
  params[:final_store_path_config] = { root_hash: subject.id } if use_final_store_path
  ::Packages::PackageFileUploader.workhorse_authorize(**params)
end

#present_package_file!(package_file, supports_direct_download: true, content_disposition: nil) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 140

def present_package_file!(package_file, supports_direct_download: true, content_disposition: nil)
  package_file.package.touch_last_downloaded_at
  present_carrierwave_file!(
    package_file.file,
    supports_direct_download: supports_direct_download,
    content_disposition: content_disposition
  )
end

#protect_package!(package_name, package_type) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 149

def protect_package!(package_name, package_type)
  service_response =
    ::Packages::Protection::CheckRuleExistenceService.new(
      project: user_project,
      current_user: current_user,
      params: { package_name: package_name, package_type: package_type }
    ).execute

  bad_request!(service_response.message) if service_response.error?
  forbidden!('Package protected.') if service_response[:protection_rule_exists?]
end

#require_dependency_proxy_enabled! ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 15

def require_dependency_proxy_enabled!
  not_found! unless ::Gitlab.config.dependency_proxy.enabled
end

#require_packages_enabled! ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 11

def require_packages_enabled!
  not_found! unless ::Gitlab.config.packages.enabled
end

#track_package_event(action, scope, **args) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 101

def track_package_event(action, scope, **args)
  service = ::Packages::CreateEventService.new(
    args[:project],
    current_user,
    namespace: args[:namespace],
    event_name: action,
    scope: scope
  )
  service.execute

  category = args.delete(:category) || self.options[:for].name
  args[:user] = current_user if current_user
  event_name = "i_package_#{scope}_user"
  ::Gitlab::Tracking.event(
    category,
    action.to_s,
    property: event_name,
    label: 'redis_hll_counters.user_packages.user_packages_total_unique_counts_monthly',
    context: [Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll, event: event_name).to_context],
    **args
  )

  if action.to_s == 'push_package' && service.originator_type == :deploy_token
    track_snowplow_event(
      'push_package_by_deploy_token',
      'package_pushed_using_deploy_token',
      category,
      args
    )
  elsif action.to_s == 'pull_package' && service.originator_type == :guest
    track_snowplow_event(
      'pull_package_by_guest',
      'package_pulled_by_guest',
      category,
      args
    )
  end
end

#user_project(action: :read_project) ⇒ Object

# File 'lib/api/helpers/packages_helpers.rb', line 73

def user_project(action: :read_project)
  case action
  when :read_project
    super()
  when :read_package
    user_project_with_read_package
  else
    raise ArgumentError, "unexpected action: #{action}"
  end
end

#user_project_with_read_package ⇒ Object

This function is similar to the ‘find_project!` function, but it considers the `read_package` ability.

# File 'lib/api/helpers/packages_helpers.rb', line 85

def user_project_with_read_package
  project = find_project(params[:id])

  return forbidden! unless authorized_project_scope?(project)

  project && authorize_job_token_policies!(project) && return

  return project if can?(current_user, :read_package, project&.packages_policy_subject)
  # guest users can have :read_project but not :read_package
  return forbidden! if can?(current_user, :read_project, project)
  return unauthorized! if authenticate_non_public?

  not_found!('Project')
end