diff --git a/app/controllers/import/gitlab_project_controller.rb b/app/controllers/import/gitlab_project_controller.rb deleted file mode 100644 index ab0da196ac1..00000000000 --- a/app/controllers/import/gitlab_project_controller.rb +++ /dev/null @@ -1,45 +0,0 @@ -class Import::GitlabProjectController < Import::BaseController - before_action :verify_gitlab_project_import_enabled - before_action :gitlab_project_auth, except: :callback - - rescue_from OAuth::Error, with: :gitlab_project_unauthorized - - #TODO permissions stuff - - def callback - - redirect_to status_import_gitlab_project_url - end - - def status - @repos = client.projects - @incompatible_repos = client.incompatible_projects - - @already_added_projects = current_user.created_projects.where(import_type: "gitlab_project") - already_added_projects_names = @already_added_projects.pluck(:import_source) - - @repos.to_a.reject!{ |repo| already_added_projects_names.include? "#{repo["owner"]}/#{repo["slug"]}" } - end - - def jobs - jobs = current_user.created_projects.where(import_type: "gitlab_project").to_json(only: [:id, :import_status]) - render json: jobs - end - - def create - @file = params[:file] - - repo_owner = current_user.username - @target_namespace = params[:new_namespace].presence || repo_owner - - # namespace = get_or_create_namespace || (render and return) - - @project = Gitlab::ImportExport::ImportService.execute(archive_file: file, owner: repo_owner) - end - - private - - def verify_gitlab_project_import_enabled - render_404 unless gitlab_project_import_enabled? - end -end diff --git a/app/controllers/import/gitlab_projects_controller.rb b/app/controllers/import/gitlab_projects_controller.rb index f8d4bcff55a..41b72c33ffe 100644 --- a/app/controllers/import/gitlab_projects_controller.rb +++ b/app/controllers/import/gitlab_projects_controller.rb @@ -1,44 +1,39 @@ class Import::GitlabProjectsController < Import::BaseController before_action :verify_gitlab_project_import_enabled - #before_action :gitlab_project_auth, except: :callback + before_action :verify_project_and_namespace_access rescue_from OAuth::Error, with: :gitlab_project_unauthorized - #TODO permissions stuff - def new @namespace_id = project_params[:namespace_id] @path = project_params[:path] end - def status - - end - - def jobs - jobs = current_user.created_projects.where(import_type: "gitlab_project").to_json(only: [:id, :import_status]) - render json: jobs - end - def create - # TODO verify access to namespace and path - file = params[:file] - namespace_id = project_params[:namespace_id] - path = project_params[:path] - - repo_owner = current_user.username - @target_namespace = params[:new_namespace].presence || repo_owner - @project = Project.create_from_import_job(current_user_id: current_user.id, - tmp_file: File.expand_path(file.path), - namespace_id: namespace_id, - project_path: path) + tmp_file: File.expand_path(params[:file].path), + namespace_id: project_params[:namespace_id], + project_path: project_params[:path]) - redirect_to status_import_gitlab_project_path + redirect_to dashboard_projects_path end private + def verify_project_and_namespace_access + unless namespace_access? && project_access? + render_403 + end + end + + def project_access? + can?(current_user, :admin_project, @project) + end + + def namespace_access? + current_user.can?(:create_projects, Namespace.find(project_params[:namespace_id])) + end + def verify_gitlab_project_import_enabled render_404 unless gitlab_project_import_enabled? end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index f15f20dcf52..980cae65f84 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -7,7 +7,7 @@ class ProjectsController < Projects::ApplicationController before_action :assign_ref_vars, :tree, only: [:show], if: :repo_exists? # Authorize - before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping] + before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export] before_action :event_filter, only: [:show, :activity] layout :determine_layout