Module: API::Helpers::Packages::BasicAuthHelpers

Extended by:

Gitlab::Utils::Override

Includes:

Constants, Gitlab::Utils::StrongMemoize

Included in:

Maven::BasicAuthHelpers

Defined in:

lib/api/helpers/packages/basic_auth_helpers.rb

Defined Under Namespace

Modules: Constants

Constant Summary

Constants included from Constants

Constants::AUTHENTICATE_REALM_HEADER, Constants::AUTHENTICATE_REALM_NAME

Instance Method Summary

• #authorize!(action, subject = :global, reason = nil) ⇒ Object
• #authorized_project_find!(action: :read_project) ⇒ Object
• #authorized_user_project(action: :read_project) ⇒ Object
• #find_authorized_group!(action: :read_group) ⇒ Object
• #unauthorized! ⇒ Object
• #unauthorized_or! ⇒ Object

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#authorize!(action, subject = :global, reason = nil) ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 62

def authorize!(action, subject = :global, reason = nil)
  return if can?(current_user, action, subject)

  unauthorized_or! { forbidden!(reason) }
end

#authorized_project_find!(action: :read_project) ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 23

def authorized_project_find!(action: :read_project)
  project = find_project(params[:id])

  return unauthorized_or! { not_found! } unless project

  case action
  when :read_package
    unless can?(current_user, :read_package, project&.packages_policy_subject)
      # guest users can have :read_project but not :read_package
      return forbidden! if can?(current_user, :read_project, project)

      return unauthorized_or! { not_found! }
    end
  else
    return unauthorized_or! { not_found! } unless can?(current_user, action, project)
  end

  project
end

#authorized_user_project(action: :read_project) ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 17

def authorized_user_project(action: :read_project)
  strong_memoize("authorized_user_project_#{action}") do
    authorized_project_find!(action: action)
  end
end

#find_authorized_group!(action: :read_group) ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 43

def find_authorized_group!(action: :read_group)
  strong_memoize_with(:find_authorized_group, action) do
    group = find_group(params[:id])

    subject = case action
              when :read_package_within_public_registries
                group&.packages_policy_subject
              when :read_group
                group
              end

    unless group && can?(current_user, action, subject)
      break unauthorized_or! { not_found! }
    end

    group
  end
end

#unauthorized! ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 73

def unauthorized!
  header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
  super
end

#unauthorized_or! ⇒ Object

# File 'lib/api/helpers/packages/basic_auth_helpers.rb', line 68

def unauthorized_or!
  current_user ? yield : unauthorized!
end