Allow only authorized users to make push and clone

sonalkr132 · sonalkr132 · commit 1d6f49889c79 · 2015-06-13T23:21:31.000+05:30
Check if user is owner of the project when git sends push request or
clone request for private projects.
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -64,4 +64,13 @@ def git_author_params
       time: Time.now
     }
   end
+
+  # checks if the user if the owner of the passed project
+  def owner?(project)
+    if id == project.user.id
+      true
+    else
+      false
+    end
+  end
 end
diff --git a/config.ru b/config.ru
@@ -1,29 +1,5 @@
 
 # This file is used by Rack-based servers to start the application.
 
-# require './lib/rack/git_http'
-
 require ::File.expand_path('../config/environment',  __FILE__)
 run Glitter::Application
-
-# map '/health' do
-#   health = proc do |env|
-#     [200, { "Content-Type" => "text/html" }, ["1"]]
-#   end
-#   run health
-# end
-
-
-# map '/git' do
-#   use Rack::ShowExceptions
-
-#   config = {
-#     :project_root => "#{ENV["OPENSHIFT_DATA_DIR"]}/repos",
-#     :git_path => '/usr/bin/git',
-#     :upload_pack => true,
-#     :receive_pack => true,
-#   }
-
-#   run GitHttp::App.new(config)
-
-# end
diff --git a/lib/rack/grack_auth.rb b/lib/rack/grack_auth.rb
@@ -63,17 +63,17 @@ def project_by_path(path)
     def authorized_request?
       case git_cmd
       when *%w{ git-upload-pack git-upload-archive }
-        unless project.private
+        if user
+          user.owner?(project)
+        elsif !project.private
           # Allow clone/fetch for public projects
           true
         else
           false
         end
       when *%w{ git-receive-pack }
         if user
-          # Skip user authorization on upload request.
-          # It will be done by the pre-receive hook in the repository.
-          true
+          user.owner?(project)
         else
           false
         end
