Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Handle authorization verification when processing Git LFS Batch requests

Download Browse

When no reference is given in a write batch request and fine grained permission are enabled for the repository, the access is denied. You can test the implemented HTTP route by crafting manually a valid Batch request. For example, with curl: $ curl -X POST -H 'Accept: application/vnd.git-lfs+json' \ -u username:password \ 'https://tuleap.example.com/plugins/git/projectname/reponame.git/info/lfs/objects/batch' \ --data \ '{"operation": "download", "transfers": [ "basic" ], "ref": { "name": "refs/heads/master" }, "objects": [{"oid": "12345678", "size": 123}]}' The specification of the format of a Batch request can be found at [0]. Git LFS HTTP routes are only accessible when an undocumented feature flag ('git_lfs_dev_enable') is enabled until a minimal support of the Git LFS workflow is implemented. This is part of story #12322: have git-lfs batch and basic transfer API [0] https://github.com/git-lfs/git-lfs/blob/v2.6.0/docs/api/batch.md Change-Id: I7a63fc5ba8df834f89099553a4ffe1a47291d5ac

+182 −106
Thomas Gerbet (tgerbet) 2018-11-19 12:04
Thomas Gerbet (tgerbet) 2018-11-19 12:14
bb09b85a12bb08c189868b6f7516b7bf400e28b9
c71be0859c62a862e2d76ef62b5c7cb6d6b9e30e
git #tuleap/stable/bb09b85a12bb08c189868b6f7516b7bf400e28b9

Modified Files

Side by side diff
Inline diff
Name
R plugins/pullrequest/etc/sudoers.d/gitolite-access-command Go to diff View file
M plugins/git/include/Git/HTTP/GitHTTPOperation.php +5 −0 Go to diff View file
R plugins/pullrequest/include/PullRequest/Authorization/AccessControlVerifier.php Go to diff View file
M plugins/git/include/Git/URL.class.php +5 −0 Go to diff View file
M plugins/git/include/LFS/Batch/LFSBatchController.php +35 −4 Go to diff View file
M plugins/git/include/LFS/Batch/Request/BatchRequest.php +5 −0 Go to diff View file
M plugins/git/include/gitPlugin.class.php +3 −0 Go to diff View file
A plugins/git/phpunit/Git/Permissions/AccessControlVerifierTest.php +120 −0 Go to diff View file
M plugins/git/phpunit/LFS/Batch/Request/BatchRequestTest.php +2 −0 Go to diff View file
M plugins/pullrequest/include/PullRequest/REST/v1/PullRequestRepresentationFactory.php +1 −1 Go to diff View file
M plugins/pullrequest/include/PullRequest/REST/v1/PullRequestsResource.php +1 −1 Go to diff View file
M plugins/pullrequest/include/PullRequest/REST/v1/RepositoryResource.php +1 −1 Go to diff View file
D plugins/pullrequest/tests/Authorization/AccessControlVerifierTest.php +0 −95 Go to diff View file
M tools/rpm/tuleap.rhel6.spec +2 −2 Go to diff View file
M tools/rpm/tuleap.rhel7.spec +2 −2 Go to diff View file