Backend: Downloading artifacts fails via API with CI_JOB_TOKEN for the same project
Problem
When trying to download artifacts using CI_JOB_TOKEN from the same project where the job token originates from, fails with 401 status.
We allow artifacts download via needs
only to GitLab Premium today as a cross_project_pipelines
feature.
However, this feature today blocks even downloads within the same project
Proposal
The code that blocks the download is:
# ee/lib/ee/api/ci/job_artifacts.rb
def authorize_download_artifacts!
super
check_cross_project_pipelines_feature!
end
def check_cross_project_pipelines_feature!
if job_token_authentication? && !user_project.licensed_feature_available?(:cross_project_pipelines)
not_found!('Project')
end
end
It should probably be:
def check_cross_project_pipelines_feature!
if job_token_authentication? &&
@current_authenticated_job.project != user_project &&
!user_project.licensed_feature_available?(:cross_project_pipelines)
not_found!('Project')
end
end
Edited by Mark Nuzzo