debian-mirror-gitlab/lib/api/helpers/packages/basic_auth_helpers.rb

# frozen_string_literal: true

module API
  module Helpers
    module Packages
      module BasicAuthHelpers
        extend ::Gitlab::Utils::Override

        module Constants
          AUTHENTICATE_REALM_HEADER = 'WWW-Authenticate'
          AUTHENTICATE_REALM_NAME = 'Basic realm="GitLab Packages Registry"'
        end

        include Constants
        include Gitlab::Utils::StrongMemoize

        def authorized_user_project(action: :read_project)
          strong_memoize("authorized_user_project_#{action}") do
            authorized_project_find!(action: action)
          end
        end

        def authorized_project_find!(action: :read_project)
          project = find_project(params[:id])

          return unauthorized_or! { not_found! } unless project

          case action
          when :read_package
            unless can?(current_user, :read_package, project&.packages_policy_subject)
              # guest users can have :read_project but not :read_package
              return forbidden! if can?(current_user, :read_project, project)

              return unauthorized_or! { not_found! }
            end
          else
            return unauthorized_or! { not_found! } unless can?(current_user, action, project)
          end

          project
        end

        def find_authorized_group!
          strong_memoize(:authorized_group) do
            group = find_group(params[:id])

            unless group && can?(current_user, :read_group, group)
              next unauthorized_or! { not_found! }
            end

            group
          end
        end

        def authorize!(action, subject = :global, reason = nil)
          return if can?(current_user, action, subject)

          unauthorized_or! { forbidden!(reason) }
        end

        def unauthorized_or!
          current_user ? yield : unauthorized!
        end

        override :unauthorized!
        def unauthorized!
          header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
          super
        end
      end
    end
  end
end
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`# frozen_string_literal: true`

			`module API`
			`module Helpers`
			`module Packages`
			`module BasicAuthHelpers`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`extend ::Gitlab::Utils::Override`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`module Constants`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`AUTHENTICATE_REALM_HEADER = 'WWW-Authenticate'`
			`AUTHENTICATE_REALM_NAME = 'Basic realm="GitLab Packages Registry"'`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`

			`include Constants`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`include Gitlab::Utils::StrongMemoize`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`def authorized_user_project(action: :read_project)`
			`strong_memoize("authorized_user_project_#{action}") do`
			`authorized_project_find!(action: action)`
			`end`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`

New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`def authorized_project_find!(action: :read_project)`
New upstream version 15.3.2+ds1 2022-09-01 20:07:04 +05:30			`project = find_project(params[:id])`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`return unauthorized_or! { not_found! } unless project`

			`case action`
			`when :read_package`
			`unless can?(current_user, :read_package, project&.packages_policy_subject)`
			`# guest users can have :read_project but not :read_package`
			`return forbidden! if can?(current_user, :read_project, project)`

			`return unauthorized_or! { not_found! }`
			`end`
			`else`
			`return unauthorized_or! { not_found! } unless can?(current_user, action, project)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`

			`project`
			`end`

New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`def find_authorized_group!`
			`strong_memoize(:authorized_group) do`
			`group = find_group(params[:id])`

			`unless group && can?(current_user, :read_group, group)`
			`next unauthorized_or! { not_found! }`
			`end`

			`group`
			`end`
			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`def authorize!(action, subject = :global, reason = nil)`
			`return if can?(current_user, action, subject)`

			`unauthorized_or! { forbidden!(reason) }`
			`end`

			`def unauthorized_or!`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`current_user ? yield : unauthorized!`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`override :unauthorized!`
			`def unauthorized!`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`super`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`
			`end`
			`end`
			`end`
			`end`