Commit 47d09425 authored by Vivek Das Mohapatra's avatar Vivek Das Mohapatra

Revert "Use the allowbuilddep in meta config to whitelist project access"

Added as an external patch in c4a04440
This reverts commit 7bb95b09.
parent db1159a1
......@@ -1719,8 +1719,7 @@ class Project < ActiveRecord::Base
target_project = Project.get_by_name(target_project_name)
# user can access tprj, but backend would refuse to take binaries from there
if target_project.class == Project && target_project.disabled_for?('access', nil, nil)
# RBEI modification to ACL logic: upstream returns an { error: "… read access protected …" } here.
logger.info "Project #{project_name} depends on restricted project #{target_project_name}"
return { error: "The current backend implementation is not using binaries from read access protected projects #{target_project_name}"}
end
end
logger.debug "Project #{project_name} repository path checked against #{target_project_name} projects permission"
......
......@@ -42,19 +42,6 @@ sub checkaccess {
return $access;
}
sub checkbuilddepok {
my ($gctx, $projid, $aprojid) = @_;
my $adata = $gctx->{projpacks}->{$aprojid} || {};
my $allow = $adata->{allowbuilddep} || [];
foreach my $a ( grep { ref($_) eq 'HASH' } @$allow ) {
if( $a->{name} eq $projid ) { return 1; }
}
return 0;
}
# check if every user from oprojid may access projid
sub checkroles {
my ($gctx, $type, $projid, $packid, $oprojid, $opackid) = @_;
......@@ -114,13 +101,6 @@ sub checkprpaccess {
# ok if aprp is not protected
return 1 if checkaccess($gctx, 'access', $aprojid, undef, $arepoid);
my ($projid, $repoid) = split('/', $prp, 2);
#################################################################
# this is an RBEI modification
# ok if prp has access to aprp (via allowbuilddep in project meta):
return 1 if checkbuilddepok($gctx, $projid, $aprojid);
#################################################################
# not ok if prp is unprotected
return 0 if checkaccess($gctx, 'access', $projid, undef, $repoid);
# both prp and aprp are proteced.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment