33 lines
821 B
Ruby
33 lines
821 B
Ruby
class Users::UsersController < Users::BaseController
|
|
skip_before_action :authenticate_user!, only: [:allowed, :check, :discover]
|
|
skip_after_action :verify_authorized
|
|
before_action :find_user_by_key, only: [:allowed, :discover]
|
|
|
|
def allowed
|
|
project = Project.find_by_owner_and_name! params[:project]
|
|
pp = ProjectPolicy.new(@user, project)
|
|
can = case params[:action_type]
|
|
when 'git-upload-pack'
|
|
pp.read?
|
|
when 'git-receive-pack'
|
|
pp.write?
|
|
end
|
|
render inline: (!@user.access_locked? && can).to_s
|
|
end
|
|
|
|
def check
|
|
render nothing: true
|
|
end
|
|
|
|
def discover
|
|
render json: {name: @user.name}.to_json
|
|
end
|
|
|
|
protected
|
|
|
|
def find_user_by_key
|
|
key = SshKey.find(params[:key_id])
|
|
@user = key.user
|
|
end
|
|
end
|