The source project of this merge request has been removed.
Add authentication to the reports endpoint
2 unresolved threads
2 unresolved threads
Merge request reports
Activity
Filter activity
requested review from @cguindon and @zacharysabourin
This will block access to unauthenticated users, and then only allow users set under
eclipse.reports.allowed-usersto access the report. I have this set as webdev and mbarbaro to cover our usage and Mika's usage.@mbarbero will you be the one running the report every time, or should I add another user to the allow list?
30 42 31 43 @Inject 32 44 RequestWrapper wrap; 33 45 @Inject 34 46 ReportsService reportsService; 47 @Inject 48 SecurityIdentity ident; 35 49 36 50 @GET 37 51 @Path("/gitlab/private-projects") 38 52 public Response getPrivateProjectEvents(@QueryParam("status") String status, @QueryParam("since") LocalDate since, 39 53 @QueryParam("until") LocalDate until) { 40 54 if (!allowedUsers.contains(ident.getPrincipal().getName())) { 55 LOGGER.debug("User '{}' does not have access to the reports, access blocked", ident.getPrincipal().getName()); 56 return Response.status(401).build(); mentioned in commit 2c75727e
Please register or sign in to reply