diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-02-23 15:31:16 +0100 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-02-23 15:31:16 +0100 |
| commit | cab8cd7e2ee6ae1b21620443958dd3c312e5c655 (patch) | |
| tree | c836a2b8377382b7cf94c7460ad28a8c74ebdb96 | |
| parent | 011ddb51b40897bc13a75d78c9e992f559cbde48 (diff) | |
| parent | 981b5905a02ac89ca9f33ad7c91d8c1a576ed9af (diff) | |
| download | gitlab-ce-backstage/gb/build-stages-catch-up-migration.tar.gz | |
Merge commit '981b5905a02ac89ca9f33ad7c91d8c1a576ed9af' into backstage/gb/build-stages-catch-up-migrationbackstage/gb/build-stages-catch-up-migration
* commit '981b5905a02ac89ca9f33ad7c91d8c1a576ed9af': (40 commits)
242 files changed, 4349 insertions, 1329 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 81858cad1ac..869884f8ca6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.5.1 (2018-02-22) + +- No changes. + ## 10.5.0 (2018-02-22) ### Security (3 changes, 1 of them is from the community) diff --git a/app/assets/javascripts/api.js b/app/assets/javascripts/api.js index 1f34c6b50c2..464611f66f0 100644 --- a/app/assets/javascripts/api.js +++ b/app/assets/javascripts/api.js @@ -9,7 +9,7 @@ const Api = { projectsPath: '/api/:version/projects.json', projectPath: '/api/:version/projects/:id', projectLabelsPath: '/:namespace_path/:project_path/labels', - groupLabelsPath: '/groups/:namespace_path/labels', + groupLabelsPath: '/groups/:namespace_path/-/labels', licensePath: '/api/:version/templates/licenses/:key', gitignorePath: '/api/:version/templates/gitignores/:key', gitlabCiYmlPath: '/api/:version/templates/gitlab_ci_ymls/:key', @@ -32,7 +32,7 @@ const Api = { }, // Return groups list. Filtered by query - groups(query, options, callback) { + groups(query, options, callback = $.noop) { const url = Api.buildUrl(Api.groupsPath); return axios.get(url, { params: Object.assign({ diff --git a/app/assets/javascripts/commit/pipelines/pipelines_table.vue b/app/assets/javascripts/commit/pipelines/pipelines_table.vue index da0e8063ccb..ce19069f103 100644 --- a/app/assets/javascripts/commit/pipelines/pipelines_table.vue +++ b/app/assets/javascripts/commit/pipelines/pipelines_table.vue @@ -7,7 +7,6 @@ mixins: [ pipelinesMixin, ], - props: { endpoint: { type: String, diff --git a/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue index 39b699a6395..34aa04083e6 100644 --- a/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue +++ b/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue @@ -37,7 +37,7 @@ > <div class="item-details"> <!-- FIXME: Pass an alt attribute here for accessibility --> - <user-avatar-image :img-src="mergeRequest.author.avatarUrl"/> + <user-avatar-image :img-src="mergeRequest.author.avatarUrl" /> <h5 class="item-title merge-merquest-title"> <a :href="mergeRequest.url"> {{ mergeRequest.title }} diff --git a/app/assets/javascripts/diff_notes/diff_notes_bundle.js b/app/assets/javascripts/diff_notes/diff_notes_bundle.js index 38c42a11b4e..679057e787c 100644 --- a/app/assets/javascripts/diff_notes/diff_notes_bundle.js +++ b/app/assets/javascripts/diff_notes/diff_notes_bundle.js @@ -71,7 +71,7 @@ export default () => { el: '#resolve-count-app', components: { 'resolve-count': ResolveCount - } + }, }); $(window).trigger('resize.nav'); diff --git a/app/assets/javascripts/dispatcher.js b/app/assets/javascripts/dispatcher.js index 80ee41d3bbb..f66ce1c083b 100644 --- a/app/assets/javascripts/dispatcher.js +++ b/app/assets/javascripts/dispatcher.js @@ -61,111 +61,11 @@ var Dispatcher; case 'projects:find_file:show': case 'projects:blob:show': case 'projects:blame:show': - shortcut_handler = true; - break; - case 'groups:labels:new': - import('./pages/groups/labels/new') - .then(callDefault) - .catch(fail); - break; - case 'groups:labels:edit': - import('./pages/groups/labels/edit') - .then(callDefault) - .catch(fail); - break; - case 'projects:labels:new': - import('./pages/projects/labels/new') - .then(callDefault) - .catch(fail); - break; - case 'projects:labels:edit': - import('./pages/projects/labels/edit') - .then(callDefault) - .catch(fail); - break; - case 'groups:labels:index': - import('./pages/groups/labels/index') - .then(callDefault) - .catch(fail); - break; - case 'projects:labels:index': - import('./pages/projects/labels/index') - .then(callDefault) - .catch(fail); - break; case 'projects:network:show': - // Ensure we don't create a particular shortcut handler here. This is - // already created, where the network graph is created. - shortcut_handler = true; - break; - case 'projects:forks:new': - import('./pages/projects/forks/new') - .then(callDefault) - .catch(fail); - break; case 'projects:artifacts:browse': - import('./pages/projects/artifacts/browse') - .then(callDefault) - .catch(fail); - shortcut_handler = true; - break; case 'projects:artifacts:file': - import('./pages/projects/artifacts/file') - .then(callDefault) - .catch(fail); shortcut_handler = true; break; - case 'search:show': - import('./pages/search/show') - .then(callDefault) - .catch(fail); - break; - case 'projects:settings:repository:show': - import('./pages/projects/settings/repository/show') - .then(callDefault) - .catch(fail); - break; - case 'projects:settings:ci_cd:show': - import('./pages/projects/settings/ci_cd/show') - .then(callDefault) - .catch(fail); - break; - case 'groups:settings:ci_cd:show': - import('./pages/groups/settings/ci_cd/show') - .then(callDefault) - .catch(fail); - break; - case 'ci:lints:create': - case 'ci:lints:show': - import('./pages/ci/lints') - .then(callDefault) - .catch(fail); - break; - case 'admin:conversational_development_index:show': - import('./pages/admin/conversational_development_index/show') - .then(callDefault) - .catch(fail); - break; - case 'import:fogbugz:new_user_map': - import('./pages/import/fogbugz/new_user_map') - .then(callDefault) - .catch(fail); - break; - case 'profiles:personal_access_tokens:index': - import('./pages/profiles/personal_access_tokens') - .then(callDefault) - .catch(fail); - break; - case 'admin:impersonation_tokens:index': - import('./pages/admin/impersonation_tokens') - .then(callDefault) - .catch(fail); - break; - case 'dashboard:groups:index': - import('./pages/dashboard/groups/index') - .then(callDefault) - .catch(fail); - break; } switch (path[0]) { case 'admin': diff --git a/app/assets/javascripts/filtered_search/filtered_search_dropdown.js b/app/assets/javascripts/filtered_search/filtered_search_dropdown.js index cfdd3380fc7..fb4ae1d17dd 100644 --- a/app/assets/javascripts/filtered_search/filtered_search_dropdown.js +++ b/app/assets/javascripts/filtered_search/filtered_search_dropdown.js @@ -111,6 +111,9 @@ export default class FilteredSearchDropdown { if (hook) { const data = hook.list.data || []; + + if (!data) return; + const results = data.map((o) => { const updated = o; updated.droplab_hidden = false; diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index e322756f256..6cf78bab6ad 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -607,7 +607,20 @@ GitLabDropdown = (function() { }; GitLabDropdown.prototype.renderItem = function(data, group, index) { - var field, fieldName, html, selected, text, url, value; + var field, fieldName, html, selected, text, url, value, rowHidden; + + if (!this.options.renderRow) { + value = this.options.id ? this.options.id(data) : data.id; + + if (value) { + value = value.toString().replace(/'/g, '\\\''); + } + } + + // Hide element + if (this.options.hideRow && this.options.hideRow(value)) { + rowHidden = true; + } if (group == null) { group = false; } @@ -616,6 +629,7 @@ GitLabDropdown = (function() { index = false; } html = document.createElement('li'); + if (data === 'divider' || data === 'separator') { html.className = data; return html; @@ -631,11 +645,9 @@ GitLabDropdown = (function() { html = this.options.renderRow.call(this.options, data, this); } else { if (!selected) { - value = this.options.id ? this.options.id(data) : data.id; fieldName = this.options.fieldName; if (value) { - value = value.toString().replace(/'/g, '\\\''); field = this.dropdown.parent().find(`input[name='${fieldName}'][value='${value}']`); if (field.length) { selected = true; diff --git a/app/assets/javascripts/groups/components/item_stats_value.vue b/app/assets/javascripts/groups/components/item_stats_value.vue index 08d0bf6e344..4d86ac8023c 100644 --- a/app/assets/javascripts/groups/components/item_stats_value.vue +++ b/app/assets/javascripts/groups/components/item_stats_value.vue @@ -30,11 +30,11 @@ default: 'bottom', }, /** - * value could either be number or string - * as `memberCount` is always passed as string - * while `subgroupCount` & `projectCount` - * are always number - */ + * value could either be number or string + * as `memberCount` is always passed as string + * while `subgroupCount` & `projectCount` + * are always number + */ value: { type: [Number, String], required: false, diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index dc1930a997f..5de48aa49a9 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -316,9 +316,9 @@ export default class LabelsSelect { }, multiSelect: $dropdown.hasClass('js-multiselect'), vue: $dropdown.hasClass('js-issue-board-sidebar'), - clicked: function(options) { - const { $el, e, isMarking } = options; - const label = options.selectedObj; + clicked: function (clickEvent) { + const { $el, e, isMarking } = clickEvent; + const label = clickEvent.selectedObj; var isIssueIndex, isMRIndex, page, boardsModel; var fadeOutLoader = () => { diff --git a/app/assets/javascripts/lib/utils/common_utils.js b/app/assets/javascripts/lib/utils/common_utils.js index 7d2cf4b634f..017f3b986fd 100644 --- a/app/assets/javascripts/lib/utils/common_utils.js +++ b/app/assets/javascripts/lib/utils/common_utils.js @@ -418,6 +418,16 @@ export const convertObjectPropsToCamelCase = (obj = {}) => { export const imagePath = imgUrl => `${gon.asset_host || ''}${gon.relative_url_root || ''}/assets/${imgUrl}`; +export const addSelectOnFocusBehaviour = (selector = '.js-select-on-focus') => { + // Click a .js-select-on-focus field, select the contents + // Prevent a mouseup event from deselecting the input + $(selector).on('focusin', function selectOnFocusCallback() { + $(this).select().one('mouseup', (e) => { + e.preventDefault(); + }); + }); +}; + window.gl = window.gl || {}; window.gl.utils = { ...(window.gl.utils || {}), diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js index dc9e5bb03f4..659dc9eaa1f 100644 --- a/app/assets/javascripts/main.js +++ b/app/assets/javascripts/main.js @@ -10,7 +10,7 @@ window.jQuery = jQuery; window.$ = jQuery; // lib/utils -import { handleLocationHash } from './lib/utils/common_utils'; +import { handleLocationHash, addSelectOnFocusBehaviour } from './lib/utils/common_utils'; import { localTimeAgo } from './lib/utils/datetime_utility'; import { getLocationHash, visitUrl } from './lib/utils/url_utility'; @@ -104,13 +104,7 @@ document.addEventListener('DOMContentLoaded', () => { return true; }); - // Click a .js-select-on-focus field, select the contents - // Prevent a mouseup event from deselecting the input - $('.js-select-on-focus').on('focusin', function selectOnFocusCallback() { - $(this).select().one('mouseup', (e) => { - e.preventDefault(); - }); - }); + addSelectOnFocusBehaviour('.js-select-on-focus'); $('.remove-row').on('ajax:success', function removeRowAjaxSuccessCallback() { $(this).tooltip('destroy') diff --git a/app/assets/javascripts/pages/admin/conversational_development_index/show/index.js b/app/assets/javascripts/pages/admin/conversational_development_index/show/index.js index 6e66ef69fe1..c1056537f90 100644 --- a/app/assets/javascripts/pages/admin/conversational_development_index/show/index.js +++ b/app/assets/javascripts/pages/admin/conversational_development_index/show/index.js @@ -1,3 +1,3 @@ -import UserCallout from '../../../../user_callout'; +import UserCallout from '~/user_callout'; -export default () => new UserCallout(); +document.addEventListener('DOMContentLoaded', () => new UserCallout()); diff --git a/app/assets/javascripts/pages/admin/impersonation_tokens/index.js b/app/assets/javascripts/pages/admin/impersonation_tokens/index.js index 030328a1363..78a5c4c27be 100644 --- a/app/assets/javascripts/pages/admin/impersonation_tokens/index.js +++ b/app/assets/javascripts/pages/admin/impersonation_tokens/index.js @@ -1,3 +1,3 @@ -import DueDateSelectors from '../../../due_date_select'; +import DueDateSelectors from '~/due_date_select'; -export default () => new DueDateSelectors(); +document.addEventListener('DOMContentLoaded', () => new DueDateSelectors()); diff --git a/app/assets/javascripts/pages/ci/lints/create/index.js b/app/assets/javascripts/pages/ci/lints/create/index.js new file mode 100644 index 00000000000..8e8a843da0b --- /dev/null +++ b/app/assets/javascripts/pages/ci/lints/create/index.js @@ -0,0 +1,3 @@ +import CILintEditor from '../ci_lint_editor'; + +document.addEventListener('DOMContentLoaded', () => new CILintEditor()); diff --git a/app/assets/javascripts/pages/ci/lints/index.js b/app/assets/javascripts/pages/ci/lints/index.js deleted file mode 100644 index 5cc66546109..00000000000 --- a/app/assets/javascripts/pages/ci/lints/index.js +++ /dev/null @@ -1,3 +0,0 @@ -import CILintEditor from './ci_lint_editor'; - -export default () => new CILintEditor(); diff --git a/app/assets/javascripts/pages/ci/lints/show/index.js b/app/assets/javascripts/pages/ci/lints/show/index.js new file mode 100644 index 00000000000..8e8a843da0b --- /dev/null +++ b/app/assets/javascripts/pages/ci/lints/show/index.js @@ -0,0 +1,3 @@ +import CILintEditor from '../ci_lint_editor'; + +document.addEventListener('DOMContentLoaded', () => new CILintEditor()); diff --git a/app/assets/javascripts/pages/dashboard/groups/index/index.js b/app/assets/javascripts/pages/dashboard/groups/index/index.js index 9f235ed6a98..79987642796 100644 --- a/app/assets/javascripts/pages/dashboard/groups/index/index.js +++ b/app/assets/javascripts/pages/dashboard/groups/index/index.js @@ -1,3 +1,3 @@ import initGroupsList from '~/groups'; -export default initGroupsList; +document.addEventListener('DOMContentLoaded', initGroupsList); diff --git a/app/assets/javascripts/pages/groups/labels/edit/index.js b/app/assets/javascripts/pages/groups/labels/edit/index.js index 72c5e4744ac..fa81ad914ba 100644 --- a/app/assets/javascripts/pages/groups/labels/edit/index.js +++ b/app/assets/javascripts/pages/groups/labels/edit/index.js @@ -1,3 +1,3 @@ import Labels from '~/labels'; -export default () => new Labels(); +document.addEventListener('DOMContentLoaded', () => new Labels()); diff --git a/app/assets/javascripts/pages/groups/labels/index/index.js b/app/assets/javascripts/pages/groups/labels/index/index.js index 018345fa112..6e45de2a724 100644 --- a/app/assets/javascripts/pages/groups/labels/index/index.js +++ b/app/assets/javascripts/pages/groups/labels/index/index.js @@ -1,3 +1,3 @@ import initLabels from '~/init_labels'; -export default initLabels; +document.addEventListener('DOMContentLoaded', initLabels); diff --git a/app/assets/javascripts/pages/groups/labels/new/index.js b/app/assets/javascripts/pages/groups/labels/new/index.js index 72c5e4744ac..fa81ad914ba 100644 --- a/app/assets/javascripts/pages/groups/labels/new/index.js +++ b/app/assets/javascripts/pages/groups/labels/new/index.js @@ -1,3 +1,3 @@ import Labels from '~/labels'; -export default () => new Labels(); +document.addEventListener('DOMContentLoaded', () => new Labels()); diff --git a/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js b/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js index ad79f7e09ac..04a0d8117cc 100644 --- a/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js +++ b/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js @@ -1,6 +1,6 @@ import AjaxVariableList from '~/ci_variable_list/ajax_variable_list'; -export default () => { +document.addEventListener('DOMContentLoaded', () => { const variableListEl = document.querySelector('.js-ci-variable-list-section'); // eslint-disable-next-line no-new new AjaxVariableList({ @@ -9,4 +9,4 @@ export default () => { errorBox: variableListEl.querySelector('.js-ci-variable-error-box'), saveEndpoint: variableListEl.dataset.saveEndpoint, }); -}; +}); diff --git a/app/assets/javascripts/pages/import/fogbugz/new_user_map/index.js b/app/assets/javascripts/pages/import/fogbugz/new_user_map/index.js index 5defea104d4..68d4c1f049f 100644 --- a/app/assets/javascripts/pages/import/fogbugz/new_user_map/index.js +++ b/app/assets/javascripts/pages/import/fogbugz/new_user_map/index.js @@ -1,3 +1,3 @@ -import UsersSelect from '../../../../users_select'; +import UsersSelect from '~/users_select'; -export default () => new UsersSelect(); +document.addEventListener('DOMContentLoaded', () => new UsersSelect()); diff --git a/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js b/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js index 030328a1363..78a5c4c27be 100644 --- a/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js +++ b/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js @@ -1,3 +1,3 @@ -import DueDateSelectors from '../../../due_date_select'; +import DueDateSelectors from '~/due_date_select'; -export default () => new DueDateSelectors(); +document.addEventListener('DOMContentLoaded', () => new DueDateSelectors()); diff --git a/app/assets/javascripts/pages/projects/artifacts/browse/index.js b/app/assets/javascripts/pages/projects/artifacts/browse/index.js index 02456071086..ea7458fe9b8 100644 --- a/app/assets/javascripts/pages/projects/artifacts/browse/index.js +++ b/app/assets/javascripts/pages/projects/artifacts/browse/index.js @@ -1,7 +1,7 @@ import BuildArtifacts from '~/build_artifacts'; import ShortcutsNavigation from '~/shortcuts_navigation'; -export default function () { +document.addEventListener('DOMContentLoaded', () => { new ShortcutsNavigation(); // eslint-disable-line no-new new BuildArtifacts(); // eslint-disable-line no-new -} +}); diff --git a/app/assets/javascripts/pages/projects/artifacts/file/index.js b/app/assets/javascripts/pages/projects/artifacts/file/index.js index 4cd67ac76e3..8484e5e9848 100644 --- a/app/assets/javascripts/pages/projects/artifacts/file/index.js +++ b/app/assets/javascripts/pages/projects/artifacts/file/index.js @@ -1,7 +1,7 @@ import BlobViewer from '~/blob/viewer/index'; import ShortcutsNavigation from '~/shortcuts_navigation'; -export default function () { +document.addEventListener('DOMContentLoaded', () => { new ShortcutsNavigation(); // eslint-disable-line no-new new BlobViewer(); // eslint-disable-line no-new -} +}); diff --git a/app/assets/javascripts/pages/projects/forks/new/index.js b/app/assets/javascripts/pages/projects/forks/new/index.js index 7825eb01949..d80e27e9156 100644 --- a/app/assets/javascripts/pages/projects/forks/new/index.js +++ b/app/assets/javascripts/pages/projects/forks/new/index.js @@ -1,5 +1,3 @@ import ProjectFork from '~/project_fork'; -export default () => { - new ProjectFork(); // eslint-disable-line no-new -}; +document.addEventListener('DOMContentLoaded', () => new ProjectFork()); diff --git a/app/assets/javascripts/pages/projects/labels/edit/index.js b/app/assets/javascripts/pages/projects/labels/edit/index.js index 72c5e4744ac..fa81ad914ba 100644 --- a/app/assets/javascripts/pages/projects/labels/edit/index.js +++ b/app/assets/javascripts/pages/projects/labels/edit/index.js @@ -1,3 +1,3 @@ import Labels from '~/labels'; -export default () => new Labels(); +document.addEventListener('DOMContentLoaded', () => new Labels()); diff --git a/app/assets/javascripts/pages/projects/labels/index/index.js b/app/assets/javascripts/pages/projects/labels/index/index.js index 018345fa112..6e45de2a724 100644 --- a/app/assets/javascripts/pages/projects/labels/index/index.js +++ b/app/assets/javascripts/pages/projects/labels/index/index.js @@ -1,3 +1,3 @@ import initLabels from '~/init_labels'; -export default initLabels; +document.addEventListener('DOMContentLoaded', initLabels); diff --git a/app/assets/javascripts/pages/projects/labels/new/index.js b/app/assets/javascripts/pages/projects/labels/new/index.js index 72c5e4744ac..fa81ad914ba 100644 --- a/app/assets/javascripts/pages/projects/labels/new/index.js +++ b/app/assets/javascripts/pages/projects/labels/new/index.js @@ -1,3 +1,3 @@ import Labels from '~/labels'; -export default () => new Labels(); +document.addEventListener('DOMContentLoaded', () => new Labels()); diff --git a/app/assets/javascripts/pages/projects/project.js b/app/assets/javascripts/pages/projects/project.js index 6e48d207571..d23ad9a92f4 100644 --- a/app/assets/javascripts/pages/projects/project.js +++ b/app/assets/javascripts/pages/projects/project.js @@ -50,7 +50,7 @@ export default class Project { Project.projectSelectDropdown(); } - static projectSelectDropdown () { + static projectSelectDropdown() { projectSelect(); $('.project-item-select').on('click', e => Project.changeProject($(e.currentTarget).val())); } diff --git a/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js b/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js index a563d0f9961..6c2a785c0af 100644 --- a/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js +++ b/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js @@ -2,7 +2,7 @@ import initSettingsPanels from '~/settings_panels'; import SecretValues from '~/behaviors/secret_values'; import AjaxVariableList from '~/ci_variable_list/ajax_variable_list'; -export default function () { +document.addEventListener('DOMContentLoaded', () => { // Initialize expandable settings panels initSettingsPanels(); @@ -22,4 +22,4 @@ export default function () { errorBox: variableListEl.querySelector('.js-ci-variable-error-box'), saveEndpoint: variableListEl.dataset.saveEndpoint, }); -} +}); diff --git a/app/assets/javascripts/pages/projects/settings/repository/show/index.js b/app/assets/javascripts/pages/projects/settings/repository/show/index.js index 83b5467fbc0..d88527351c1 100644 --- a/app/assets/javascripts/pages/projects/settings/repository/show/index.js +++ b/app/assets/javascripts/pages/projects/settings/repository/show/index.js @@ -1,3 +1,3 @@ import initSettingsPanels from '~/settings_panels'; -export default initSettingsPanels; +document.addEventListener('DOMContentLoaded', initSettingsPanels); diff --git a/app/assets/javascripts/pages/search/show/index.js b/app/assets/javascripts/pages/search/show/index.js index 4264c5c9dbe..85aaaa2c9da 100644 --- a/app/assets/javascripts/pages/search/show/index.js +++ b/app/assets/javascripts/pages/search/show/index.js @@ -1,3 +1,3 @@ import Search from './search'; -export default () => new Search(); +document.addEventListener('DOMContentLoaded', () => new Search()); diff --git a/app/assets/javascripts/pipelines/components/graph/stage_column_component.vue b/app/assets/javascripts/pipelines/components/graph/stage_column_component.vue index e027f08ff5c..7adcf4017b8 100644 --- a/app/assets/javascripts/pipelines/components/graph/stage_column_component.vue +++ b/app/assets/javascripts/pipelines/components/graph/stage_column_component.vue @@ -7,7 +7,6 @@ jobComponent, dropdownJobComponent, }, - props: { title: { type: String, diff --git a/app/assets/javascripts/pipelines/components/pipelines_table_row.vue b/app/assets/javascripts/pipelines/components/pipelines_table_row.vue index 33d441e573e..2ba59051773 100644 --- a/app/assets/javascripts/pipelines/components/pipelines_table_row.vue +++ b/app/assets/javascripts/pipelines/components/pipelines_table_row.vue @@ -223,7 +223,8 @@ <div class="table-section section-10 commit-link"> <div class="table-mobile-header" - role="rowheader"> + role="rowheader" + > Status </div> <div class="table-mobile-content"> diff --git a/app/assets/javascripts/pipelines/components/stage.vue b/app/assets/javascripts/pipelines/components/stage.vue index 58806aa114a..ecf2b10486e 100644 --- a/app/assets/javascripts/pipelines/components/stage.vue +++ b/app/assets/javascripts/pipelines/components/stage.vue @@ -50,9 +50,7 @@ computed: { dropdownClass() { - return this.dropdownContent.length > 0 ? - 'js-builds-dropdown-container' : - 'js-builds-dropdown-loading'; + return this.dropdownContent.length > 0 ? 'js-builds-dropdown-container' : 'js-builds-dropdown-loading'; }, triggerButtonClass() { diff --git a/app/assets/javascripts/project_find_file.js b/app/assets/javascripts/project_find_file.js index 586d188350f..4fd639cce8e 100644 --- a/app/assets/javascripts/project_find_file.js +++ b/app/assets/javascripts/project_find_file.js @@ -73,7 +73,7 @@ export default class ProjectFindFile { // find file } - // files pathes load + // files pathes load load(url) { axios.get(url) .then(({ data }) => { @@ -85,7 +85,7 @@ export default class ProjectFindFile { .catch(() => flash(__('An error occurred while loading filenames'))); } - // render result + // render result renderList(filePaths, searchText) { var blobItemUrl, filePath, html, i, j, len, matches, results; this.element.find(".tree-table > tbody").empty(); diff --git a/app/assets/javascripts/projects/project_new.js b/app/assets/javascripts/projects/project_new.js index f5133111d04..8da37d14f0b 100644 --- a/app/assets/javascripts/projects/project_new.js +++ b/app/assets/javascripts/projects/project_new.js @@ -1,3 +1,5 @@ +import { addSelectOnFocusBehaviour } from '../lib/utils/common_utils'; + let hasUserDefinedProjectPath = false; const deriveProjectPathFromUrl = ($projectImportUrl) => { @@ -36,6 +38,7 @@ const bindEvents = () => { const $changeTemplateBtn = $('.change-template'); const $selectedIcon = $('.selected-icon svg'); const $templateProjectNameInput = $('#template-project-name #project_path'); + const $pushNewProjectTipTrigger = $('.push-new-project-tip'); if ($newProjectForm.length !== 1) { return; @@ -55,6 +58,34 @@ const bindEvents = () => { $('.btn_import_gitlab_project').attr('href', `${importHref}?namespace_id=${$('#project_namespace_id').val()}&path=${$projectPath.val()}`); }); + if ($pushNewProjectTipTrigger) { + $pushNewProjectTipTrigger + .removeAttr('rel') + .removeAttr('target') + .on('click', (e) => { e.preventDefault(); }) + .popover({ + title: $pushNewProjectTipTrigger.data('title'), + placement: 'auto bottom', + html: 'true', + content: $('.push-new-project-tip-template').html(), + }) + .on('shown.bs.popover', () => { + $(document).on('click.popover touchstart.popover', (event) => { + if ($(event.target).closest('.popover').length === 0) { + $pushNewProjectTipTrigger.trigger('click'); + } + }); + + const target = $(`#${$pushNewProjectTipTrigger.attr('aria-describedby')}`).find('.js-select-on-focus'); + addSelectOnFocusBehaviour(target); + + target.focus(); + }) + .on('hide.bs.popover', () => { + $(document).off('click.popover touchstart.popover'); + }); + } + function chooseTemplate() { $('.template-option').hide(); $projectFieldsForm.addClass('selected'); diff --git a/app/assets/javascripts/render_gfm.js b/app/assets/javascripts/render_gfm.js index 5482c55f8bb..05a623ca6d9 100644 --- a/app/assets/javascripts/render_gfm.js +++ b/app/assets/javascripts/render_gfm.js @@ -1,6 +1,7 @@ import renderMath from './render_math'; import renderMermaid from './render_mermaid'; import syntaxHighlight from './syntax_highlight'; + // Render Gitlab flavoured Markdown // // Delegates to syntax highlight and render math & mermaid diagrams. diff --git a/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue b/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue index 9d22b9d77be..0686910fc7e 100644 --- a/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue +++ b/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue @@ -1,5 +1,5 @@ <script> - import Flash from '../../../flash'; + import Flash from '~/flash'; import editForm from './edit_form.vue'; import issuableMixin from '../../../vue_shared/mixins/issuable'; import Icon from '../../../vue_shared/components/icon.vue'; @@ -53,8 +53,7 @@ discussion_locked: locked, }) .then(() => location.reload()) - .catch(() => Flash(this.__(`Something went wrong trying to - change the locked state of this ${this.issuableDisplayName}`))); + .catch(() => Flash(this.__(`Something went wrong trying to change the locked state of this ${this.issuableDisplayName}`))); }, }, }; diff --git a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue index 2968af0d5cb..e9f23b0b113 100644 --- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue +++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue @@ -107,7 +107,8 @@ <template v-if="!mr.rebaseInProgress && mr.canPushToSourceBranch && !isMakingRequest"> <div class="accept-merge-holder clearfix -js-toggle-container accept-action media space-children"> +js-toggle-container accept-action media space-children" + > <button type="button" class="btn btn-sm btn-reopen btn-success" diff --git a/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js b/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js index d8f0442ef9d..797f0f6ec0f 100644 --- a/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js +++ b/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js @@ -96,9 +96,7 @@ export default { cb.call(null, data); } }) - .catch(() => { - new Flash('Something went wrong. Please try again.'); // eslint-disable-line - }); + .catch(() => new Flash('Something went wrong. Please try again.')); }, initPolling() { this.pollingInterval = new SmartInterval({ @@ -146,9 +144,7 @@ export default { Project.initRefSwitcher(); } }) - .catch(() => { - new Flash('Something went wrong. Please try again.'); // eslint-disable-line - }); + .catch(() => new Flash('Something went wrong. Please try again.')); }, handleNotification(data) { if (data.ci_status === this.mr.ciStatus) return; diff --git a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js index ed004b3bb08..9a750ce42bd 100644 --- a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js +++ b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js @@ -4,7 +4,6 @@ import { stateKey } from './state_maps'; import { formatDate } from '../../lib/utils/datetime_utility'; export default class MergeRequestStore { - constructor(data) { this.sha = data.diff_head_sha; this.gitlabLogo = data.gitlabLogo; @@ -169,5 +168,4 @@ export default class MergeRequestStore { return timeagoInstance.format(date); } - } diff --git a/app/assets/javascripts/vue_shared/components/header_ci_component.vue b/app/assets/javascripts/vue_shared/components/header_ci_component.vue index 1f72dea1b33..a0cd0cbd200 100644 --- a/app/assets/javascripts/vue_shared/components/header_ci_component.vue +++ b/app/assets/javascripts/vue_shared/components/header_ci_component.vue @@ -6,12 +6,12 @@ import userAvatarImage from './user_avatar/user_avatar_image.vue'; /** - * Renders header component for job and pipeline page based on UI mockups - * - * Used in: - * - job show page - * - pipeline show page - */ + * Renders header component for job and pipeline page based on UI mockups + * + * Used in: + * - job show page + * - pipeline show page + */ export default { components: { ciIconBadge, @@ -118,7 +118,8 @@ <section class="header-action-buttons" - v-if="actions.length"> + v-if="actions.length" + > <template v-for="(action, i) in actions" > diff --git a/app/assets/javascripts/vue_shared/components/loading_button.vue b/app/assets/javascripts/vue_shared/components/loading_button.vue index 6ae6b179f7f..e832d94d32f 100644 --- a/app/assets/javascripts/vue_shared/components/loading_button.vue +++ b/app/assets/javascripts/vue_shared/components/loading_button.vue @@ -1,6 +1,5 @@ <script> /* eslint-disable vue/require-default-prop */ - /* This is a re-usable vue component for rendering a button that will probably be sending off ajax requests and need to show the loading status by setting the `loading` option. diff --git a/app/assets/javascripts/vue_shared/components/markdown/header.vue b/app/assets/javascripts/vue_shared/components/markdown/header.vue index f65eab11a27..177d2cfc8da 100644 --- a/app/assets/javascripts/vue_shared/components/markdown/header.vue +++ b/app/assets/javascripts/vue_shared/components/markdown/header.vue @@ -65,7 +65,8 @@ </li> <li class="md-header-tab" - :class="{ active: previewMarkdown }"> + :class="{ active: previewMarkdown }" + > <a class="js-preview-link" href="#md-preview-holder" diff --git a/app/assets/javascripts/vue_shared/components/table_pagination.vue b/app/assets/javascripts/vue_shared/components/table_pagination.vue index c44c606a8b2..22fc5757447 100644 --- a/app/assets/javascripts/vue_shared/components/table_pagination.vue +++ b/app/assets/javascripts/vue_shared/components/table_pagination.vue @@ -13,6 +13,12 @@ props: { /** This function will take the information given by the pagination component + + Here is an example `change` method: + + change(pagenum) { + gl.utils.visitUrl(`?page=${pagenum}`); + }, */ change: { type: Function, diff --git a/app/assets/stylesheets/framework/buttons.scss b/app/assets/stylesheets/framework/buttons.scss index c4b046a6d68..6b89387ab5f 100644 --- a/app/assets/stylesheets/framework/buttons.scss +++ b/app/assets/stylesheets/framework/buttons.scss @@ -444,6 +444,19 @@ } } +.btn-missing { + color: $notes-light-color; + border: 1px dashed $border-gray-normal-dashed; + border-radius: $border-radius-default; + + &:hover, + &:active, + &:focus { + color: $notes-light-color; + background-color: $white-normal; + } +} + .btn-svg svg { @include btn-svg; } diff --git a/app/assets/stylesheets/framework/mobile.scss b/app/assets/stylesheets/framework/mobile.scss index a12f28efce6..8604e753c18 100644 --- a/app/assets/stylesheets/framework/mobile.scss +++ b/app/assets/stylesheets/framework/mobile.scss @@ -63,10 +63,6 @@ } } - .project-stats { - display: none; - } - .group-buttons { display: none; } diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss index d61809cb0a4..d1d98270ad9 100644 --- a/app/assets/stylesheets/framework/sidebar.scss +++ b/app/assets/stylesheets/framework/sidebar.scss @@ -3,7 +3,6 @@ transition: padding $sidebar-transition-duration; .container-fluid { - background: $white-light; padding: 0 $gl-padding; &.container-blank { diff --git a/app/assets/stylesheets/framework/typography.scss b/app/assets/stylesheets/framework/typography.scss index d0999e60e65..294c59f037f 100644 --- a/app/assets/stylesheets/framework/typography.scss +++ b/app/assets/stylesheets/framework/typography.scss @@ -296,7 +296,7 @@ body { line-height: 1.3; font-size: 1.25em; font-weight: $gl-font-weight-bold; - margin: 12px 7px; + margin: 12px 0; } h1, @@ -333,6 +333,10 @@ a > code { font-family: $monospace_font; } +.weight-normal { + font-weight: $gl-font-weight-normal; +} + .commit-sha, .ref-name { @extend .monospace; diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss index 54e13f9d95c..a5a8f6d2206 100644 --- a/app/assets/stylesheets/framework/variables.scss +++ b/app/assets/stylesheets/framework/variables.scss @@ -215,8 +215,8 @@ $tooltip-font-size: 12px; */ $gl-padding: 16px; $gl-padding-8: 8px; +$gl-padding-4: 4px; $gl-col-padding: 15px; -$gl-btn-padding: 10px; $gl-input-padding: 10px; $gl-vert-padding: 6px; $gl-padding-top: 10px; @@ -377,6 +377,10 @@ $inactive-badge-background: rgba(0, 0, 0, .08); $btn-active-gray: #ececec; $btn-active-gray-light: e4e7ed; $btn-white-active: #848484; +$gl-btn-padding: 10px; +$gl-btn-line-height: 16px; +$gl-btn-vert-padding: 8px; +$gl-btn-horz-padding: 12px; /* * Badges diff --git a/app/assets/stylesheets/pages/projects.scss b/app/assets/stylesheets/pages/projects.scss index bf41005b6d5..85de0d8e70f 100644 --- a/app/assets/stylesheets/pages/projects.scss +++ b/app/assets/stylesheets/pages/projects.scss @@ -678,6 +678,9 @@ a.deploy-project-label { } } +.project-empty-note-panel { + border-bottom: 1px solid $border-color; +} .project-stats { font-size: 0; @@ -686,11 +689,13 @@ a.deploy-project-label { border-bottom: 1px solid $border-color; .nav { - padding-top: 12px; - padding-bottom: 12px; + margin-top: $gl-padding-8; + margin-bottom: $gl-padding-8; > li { display: inline-block; + margin-top: $gl-padding-4; + margin-bottom: $gl-padding-4; &:not(:last-child) { margin-right: $gl-padding; @@ -704,36 +709,32 @@ a.deploy-project-label { float: right; } } + } - > a { - padding: 0; - background-color: transparent; - font-size: 14px; - line-height: 29px; - color: $notes-light-color; + .stat-text, + .stat-link { + padding: $gl-btn-vert-padding 0; + background-color: transparent; + font-size: $gl-font-size; + line-height: $gl-btn-line-height; + color: $notes-light-color; + } - &:hover, - &:focus { - color: $gl-text-color; - text-decoration: underline; - } + .stat-link { + &:hover, + &:focus { + color: $gl-text-color; + text-decoration: underline; } } - } - li.missing { - border: 1px dashed $border-gray-normal-dashed; - border-radius: $border-radius-default; - - a { - padding-left: 10px; - padding-right: 10px; - color: $notes-light-color; - display: block; + .btn { + padding: $gl-btn-vert-padding $gl-btn-horz-padding; + line-height: $gl-btn-line-height; } - &:hover { - background-color: $gray-normal; + .btn-missing { + @extend .btn-missing; } } } @@ -743,7 +744,7 @@ pre.light-well { } .git-empty { - margin: 0 7px 7px; + margin-bottom: 7px; h5 { color: $gl-text-color; @@ -895,6 +896,12 @@ pre.light-well { } } +.project-tip-command { + > .input-group-btn:first-child { + width: auto; + } +} + .protected-branches-list, .protected-tags-list { margin-bottom: 30px; diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b04bfaf3e49..e6a41202f04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -126,10 +126,15 @@ class ApplicationController < ActionController::Base Ability.allowed?(object, action, subject) end - def access_denied! + def access_denied!(message = nil) respond_to do |format| - format.json { head :not_found } - format.any { render "errors/access_denied", layout: "errors", status: 404 } + format.any { head :not_found } + format.html do + render "errors/access_denied", + layout: "errors", + status: 404, + locals: { message: message } + end end end diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb index ee23ee0bcc3..352f12a89fd 100644 --- a/app/controllers/boards/issues_controller.rb +++ b/app/controllers/boards/issues_controller.rb @@ -55,7 +55,7 @@ module Boards end def issue - @issue ||= issues_finder.execute.find(params[:id]) + @issue ||= issues_finder.find(params[:id]) end def filter_params diff --git a/app/controllers/concerns/controller_with_cross_project_access_check.rb b/app/controllers/concerns/controller_with_cross_project_access_check.rb new file mode 100644 index 00000000000..a45c3384578 --- /dev/null +++ b/app/controllers/concerns/controller_with_cross_project_access_check.rb @@ -0,0 +1,24 @@ +module ControllerWithCrossProjectAccessCheck + extend ActiveSupport::Concern + + included do + extend Gitlab::CrossProjectAccess::ClassMethods + before_action :cross_project_check + end + + def cross_project_check + if Gitlab::CrossProjectAccess.find_check(self)&.should_run?(self) + authorize_cross_project_page! + end + end + + def authorize_cross_project_page! + return if can?(current_user, :read_cross_project) + + rejection_message = _( + "This page is unavailable because you are not allowed to read information "\ + "across multiple projects." + ) + access_denied!(rejection_message) + end +end diff --git a/app/controllers/concerns/routable_actions.rb b/app/controllers/concerns/routable_actions.rb index f745deb083c..0931bdf4c04 100644 --- a/app/controllers/concerns/routable_actions.rb +++ b/app/controllers/concerns/routable_actions.rb @@ -3,16 +3,20 @@ module RoutableActions def find_routable!(routable_klass, requested_full_path, extra_authorization_proc: nil) routable = routable_klass.find_by_full_path(requested_full_path, follow_redirects: request.get?) - if routable_authorized?(routable, extra_authorization_proc) ensure_canonical_path(routable, requested_full_path) routable else - route_not_found + handle_not_found_or_authorized(routable) nil end end + # This is overridden in gitlab-ee. + def handle_not_found_or_authorized(_routable) + route_not_found + end + def routable_authorized?(routable, extra_authorization_proc) action = :"read_#{routable.class.to_s.underscore}" return false unless can?(current_user, action, routable) diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 7ad79a1e56c..3dbfabcae8a 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -24,7 +24,7 @@ module UploadsActions # - or redirect to its URL # def show - return render_404 unless uploader.exists? + return render_404 unless uploader&.exists? if uploader.file_storage? disposition = uploader.image_or_video? ? 'inline' : 'attachment' @@ -71,6 +71,9 @@ module UploadsActions def build_uploader_from_params uploader = uploader_class.new(model, secret: params[:secret]) + + return nil unless uploader.model_valid? + uploader.retrieve_from_store!(params[:filename]) uploader end diff --git a/app/controllers/dashboard/application_controller.rb b/app/controllers/dashboard/application_controller.rb index 9d3d1c23c28..9fb5c525425 100644 --- a/app/controllers/dashboard/application_controller.rb +++ b/app/controllers/dashboard/application_controller.rb @@ -1,6 +1,10 @@ class Dashboard::ApplicationController < ApplicationController + include ControllerWithCrossProjectAccessCheck + layout 'dashboard' + requires_cross_project_access + private def projects diff --git a/app/controllers/dashboard/groups_controller.rb b/app/controllers/dashboard/groups_controller.rb index 025769f512a..79f563bef86 100644 --- a/app/controllers/dashboard/groups_controller.rb +++ b/app/controllers/dashboard/groups_controller.rb @@ -1,6 +1,8 @@ class Dashboard::GroupsController < Dashboard::ApplicationController include GroupTree + skip_cross_project_access_check :index + def index groups = GroupsFinder.new(current_user, all_available: false).execute render_group_tree(groups) diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb index de9f8f9224a..4d4ac025f8c 100644 --- a/app/controllers/dashboard/projects_controller.rb +++ b/app/controllers/dashboard/projects_controller.rb @@ -4,6 +4,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController before_action :set_non_archived_param before_action :default_sorting + skip_cross_project_access_check :index, :starred def index @projects = load_projects(params.merge(non_public: true)).page(params[:page]) diff --git a/app/controllers/dashboard/snippets_controller.rb b/app/controllers/dashboard/snippets_controller.rb index 8dd91264451..0ba97e4fd59 100644 --- a/app/controllers/dashboard/snippets_controller.rb +++ b/app/controllers/dashboard/snippets_controller.rb @@ -1,4 +1,6 @@ class Dashboard::SnippetsController < Dashboard::ApplicationController + skip_cross_project_access_check :index + def index @snippets = SnippetsFinder.new( current_user, diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb index 96ce686c989..4a2bfc1f887 100644 --- a/app/controllers/groups/application_controller.rb +++ b/app/controllers/groups/application_controller.rb @@ -1,10 +1,12 @@ class Groups::ApplicationController < ApplicationController include RoutableActions + include ControllerWithCrossProjectAccessCheck layout 'group' skip_before_action :authenticate_user! before_action :group + requires_cross_project_access private diff --git a/app/controllers/groups/avatars_controller.rb b/app/controllers/groups/avatars_controller.rb index 735915abdaa..cc5ba5878f8 100644 --- a/app/controllers/groups/avatars_controller.rb +++ b/app/controllers/groups/avatars_controller.rb @@ -1,6 +1,8 @@ class Groups::AvatarsController < Groups::ApplicationController before_action :authorize_admin_group! + skip_cross_project_access_check :destroy + def destroy @group.remove_avatar! @group.save diff --git a/app/controllers/groups/children_controller.rb b/app/controllers/groups/children_controller.rb index b474f5d15ee..0e8125d6113 100644 --- a/app/controllers/groups/children_controller.rb +++ b/app/controllers/groups/children_controller.rb @@ -1,6 +1,7 @@ module Groups class ChildrenController < Groups::ApplicationController before_action :group + skip_cross_project_access_check :index def index parent = if params[:parent_id].present? diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index 21e77431176..2c371e76313 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -6,6 +6,10 @@ class Groups::GroupMembersController < Groups::ApplicationController # Authorize before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access] + skip_cross_project_access_check :index, :create, :update, :destroy, :request_access, + :approve_access_request, :leave, :resend_invite, + :override + def index @sort = params[:sort].presence || sort_value_name @project = @group.projects.find(params[:project_id]) if params[:project_id] diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index 0142ad8278c..4bf6a2a3ad1 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -1,6 +1,7 @@ module Groups module Settings class CiCdController < Groups::ApplicationController + skip_cross_project_access_check :show before_action :authorize_admin_pipeline! def show diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb index 913e13bf734..cb8771bc97e 100644 --- a/app/controllers/groups/variables_controller.rb +++ b/app/controllers/groups/variables_controller.rb @@ -2,6 +2,8 @@ module Groups class VariablesController < Groups::ApplicationController before_action :authorize_admin_build! + skip_cross_project_access_check :show, :update + def show respond_to do |format| format.json do diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 7d129c5dece..14b9d6c22bd 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -19,6 +19,12 @@ class GroupsController < Groups::ApplicationController before_action :user_actions, only: [:show, :subgroups] + skip_cross_project_access_check :index, :new, :create, :edit, :update, + :destroy, :projects + # When loading show as an atom feed, we render events that could leak cross + # project information + skip_cross_project_access_check :show, if: -> { request.format.html? } + layout :determine_layout def index diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb index 6a21a3f77ad..a1fe02dc852 100644 --- a/app/controllers/oauth/applications_controller.rb +++ b/app/controllers/oauth/applications_controller.rb @@ -1,5 +1,6 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController include Gitlab::GonHelper + include Gitlab::Allowable include PageLayoutHelper include OauthApplications @@ -8,6 +9,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController before_action :add_gon_variables before_action :load_scopes, only: [:index, :create, :edit] + helper_method :can? + layout 'profile' def index diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb index 45c66b63ea5..992c8ea6992 100644 --- a/app/controllers/projects/autocomplete_sources_controller.rb +++ b/app/controllers/projects/autocomplete_sources_controller.rb @@ -34,9 +34,9 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController def target case params[:type]&.downcase when 'issue' - IssuesFinder.new(current_user, project_id: @project.id).execute.find_by(iid: params[:type_id]) + IssuesFinder.new(current_user, project_id: @project.id).find_by(iid: params[:type_id]) when 'mergerequest' - MergeRequestsFinder.new(current_user, project_id: @project.id).execute.find_by(iid: params[:type_id]) + MergeRequestsFinder.new(current_user, project_id: @project.id).find_by(iid: params[:type_id]) when 'commit' @project.commit(params[:type_id]) end diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 35e67730a27..74c25505e36 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -133,7 +133,7 @@ class Projects::BlobController < Projects::ApplicationController end def after_edit_path - from_merge_request = MergeRequestsFinder.new(current_user, project_id: @project.id).execute.find_by(iid: params[:from_merge_request_iid]) + from_merge_request = MergeRequestsFinder.new(current_user, project_id: @project.id).find_by(iid: params[:from_merge_request_iid]) if from_merge_request && @branch_name == @ref diffs_project_merge_request_path(from_merge_request.target_project, from_merge_request) + "##{hexdigest(@path)}" diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb index a5a2d54ba82..a90030a8312 100644 --- a/app/controllers/projects/merge_requests/creations_controller.rb +++ b/app/controllers/projects/merge_requests/creations_controller.rb @@ -75,7 +75,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap def branch_to @target_project = selected_target_project - if params[:ref].present? + if @target_project && params[:ref].present? @ref = params[:ref] @commit = @target_project.commit(Gitlab::Git::BRANCH_REF_PREFIX + @ref) end @@ -85,7 +85,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap def update_branches @target_project = selected_target_project - @target_branches = @target_project.repository.branch_names + @target_branches = @target_project ? @target_project.repository.branch_names : [] render layout: false end @@ -121,7 +121,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap @project elsif params[:target_project_id].present? MergeRequestTargetProjectFinder.new(current_user: current_user, source_project: @project) - .execute.find(params[:target_project_id]) + .find_by(id: params[:target_project_id]) else @project.forked_from_project end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 0370edc6e20..913689a1e74 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -45,7 +45,7 @@ class ProjectsController < Projects::ApplicationController notice: _("Project '%{project_name}' was successfully created.") % { project_name: @project.name } ) else - render 'new' + render 'new', locals: { active_tab: ('import' if project_params[:import_url].present?) } end end @@ -114,6 +114,8 @@ class ProjectsController < Projects::ApplicationController respond_to do |format| format.html do @notification_setting = current_user.notification_settings_for(@project) if current_user + @project = @project.present(current_user: current_user) + render_landing_page end diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index fbad9ba7db8..983f888b8ec 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -1,9 +1,14 @@ class SearchController < ApplicationController - skip_before_action :authenticate_user! - + include ControllerWithCrossProjectAccessCheck include SearchHelper include RendersCommits + skip_before_action :authenticate_user! + requires_cross_project_access if: -> do + search_term_present = params[:search].present? || params[:term].present? + search_term_present && !params[:project_id].present? + end + layout 'search' def show diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 575ec5c20f0..956df4a0a16 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,15 @@ class UsersController < ApplicationController include RoutableActions include RendersMemberAccess + include ControllerWithCrossProjectAccessCheck + + requires_cross_project_access show: false, + groups: false, + projects: false, + contributed: false, + snippets: true, + calendar: false, + calendar_activities: true skip_before_action :authenticate_user! before_action :user, except: [:exists] @@ -103,12 +112,7 @@ class UsersController < ApplicationController end def load_events - # Get user activity feed for projects common for both users - @events = user.recent_events - .merge(projects_for_current_user) - .references(:project) - .with_associations - .limit_recent(20, params[:offset]) + @events = UserRecentEventsFinder.new(current_user, user, params).execute Events::RenderService.new(current_user).execute(@events, atom_request: request.format.atom?) end @@ -141,10 +145,6 @@ class UsersController < ApplicationController ).execute.page(params[:page]) end - def projects_for_current_user - ProjectsFinder.new(current_user: current_user).execute - end - def build_canonical_path(user) url_for(params.merge(username: user.to_param)) end diff --git a/app/finders/concerns/finder_methods.rb b/app/finders/concerns/finder_methods.rb new file mode 100644 index 00000000000..2e905fa5750 --- /dev/null +++ b/app/finders/concerns/finder_methods.rb @@ -0,0 +1,51 @@ +module FinderMethods + def find_by!(*args) + raise_not_found_unless_authorized execute.find_by!(*args) + end + + def find_by(*args) + if_authorized execute.find_by(*args) + end + + def find(*args) + raise_not_found_unless_authorized model.find(*args) + end + + private + + def raise_not_found_unless_authorized(result) + result = if_authorized(result) + + raise ActiveRecord::RecordNotFound.new("Couldn't find #{model}") unless result + + result + end + + def if_authorized(result) + # Return the result if the finder does not perform authorization checks. + # this is currently the case in the `MilestoneFinder` + return result unless respond_to?(:current_user) + + if can_read_object?(result) + result + else + nil + end + end + + def can_read_object?(object) + # When there's no policy, we'll allow the read, this is for example the case + # for Todos + return true unless DeclarativePolicy.has_policy?(object) + + model_name = object&.model_name || model.model_name + + Ability.allowed?(current_user, :"read_#{model_name.singular}", object) + end + + # This fetches the model from the `ActiveRecord::Relation` but does not + # actually execute the query. + def model + execute.model + end +end diff --git a/app/finders/concerns/finder_with_cross_project_access.rb b/app/finders/concerns/finder_with_cross_project_access.rb new file mode 100644 index 00000000000..92bf98d7cd2 --- /dev/null +++ b/app/finders/concerns/finder_with_cross_project_access.rb @@ -0,0 +1,70 @@ +# Module to prepend into finders to specify wether or not the finder requires +# cross project access +# +# This module depends on the finder implementing the following methods: +# +# - `#execute` should return an `ActiveRecord::Relation` +# - `#current_user` the user that requires access (or nil) +module FinderWithCrossProjectAccess + extend ActiveSupport::Concern + extend ::Gitlab::Utils::Override + + prepended do + extend Gitlab::CrossProjectAccess::ClassMethods + end + + override :execute + def execute(*args) + check = Gitlab::CrossProjectAccess.find_check(self) + original = super + + return original unless check + return original if should_skip_cross_project_check || can_read_cross_project? + + if check.should_run?(self) + original.model.none + else + original + end + end + + # We can skip the cross project check for finding indivitual records. + # this would be handled by the `can?(:read_*, result)` call in `FinderMethods` + # itself. + override :find_by! + def find_by!(*args) + skip_cross_project_check { super } + end + + override :find_by + def find_by(*args) + skip_cross_project_check { super } + end + + override :find + def find(*args) + skip_cross_project_check { super } + end + + private + + attr_accessor :should_skip_cross_project_check + + def skip_cross_project_check + self.should_skip_cross_project_check = true + + yield + ensure + # The find could raise an `ActiveRecord::RecordNotFound`, after which we + # still want to re-enable the check. + self.should_skip_cross_project_check = false + end + + def can_read_cross_project? + Ability.allowed?(current_user, :read_cross_project) + end + + def can_read_project?(project) + Ability.allowed?(current_user, :read_project, project) + end +end diff --git a/app/finders/events_finder.rb b/app/finders/events_finder.rb index 46ecbaba73a..8676925a540 100644 --- a/app/finders/events_finder.rb +++ b/app/finders/events_finder.rb @@ -1,6 +1,10 @@ class EventsFinder + prepend FinderMethods + prepend FinderWithCrossProjectAccess attr_reader :source, :params, :current_user + requires_cross_project_access unless: -> { source.is_a?(Project) } + # Used to filter Events # # Arguments: diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb index 384a336e2bb..9dd6634b38f 100644 --- a/app/finders/issuable_finder.rb +++ b/app/finders/issuable_finder.rb @@ -21,8 +21,12 @@ # my_reaction_emoji: string # class IssuableFinder + prepend FinderWithCrossProjectAccess + include FinderMethods include CreatedAtFilter + requires_cross_project_access unless: -> { project? } + NONE = '0'.freeze attr_accessor :current_user, :params @@ -87,14 +91,6 @@ class IssuableFinder by_my_reaction_emoji(items) end - def find(*params) - execute.find(*params) - end - - def find_by(*params) - execute.find_by(*params) - end - def row_count Gitlab::IssuablesCountForState.new(self).for_state_or_opened(params[:state]) end @@ -124,10 +120,6 @@ class IssuableFinder counts end - def find_by!(*params) - execute.find_by!(*params) - end - def group return @group if defined?(@group) diff --git a/app/finders/labels_finder.rb b/app/finders/labels_finder.rb index 1427cdaa382..f013e177c5b 100644 --- a/app/finders/labels_finder.rb +++ b/app/finders/labels_finder.rb @@ -1,6 +1,10 @@ class LabelsFinder < UnionFinder + prepend FinderWithCrossProjectAccess + include FinderMethods include Gitlab::Utils::StrongMemoize + requires_cross_project_access unless: -> { project? } + def initialize(current_user, params = {}) @current_user = current_user @params = params diff --git a/app/finders/merge_request_target_project_finder.rb b/app/finders/merge_request_target_project_finder.rb index 189eb3847eb..f358938344e 100644 --- a/app/finders/merge_request_target_project_finder.rb +++ b/app/finders/merge_request_target_project_finder.rb @@ -1,4 +1,6 @@ class MergeRequestTargetProjectFinder + include FinderMethods + attr_reader :current_user, :source_project def initialize(current_user: nil, source_project:) diff --git a/app/finders/milestones_finder.rb b/app/finders/milestones_finder.rb index b4605fca193..f5d2b9f253a 100644 --- a/app/finders/milestones_finder.rb +++ b/app/finders/milestones_finder.rb @@ -8,6 +8,8 @@ # state - filters by state. class MilestonesFinder + include FinderMethods + attr_reader :params, :project_ids, :group_ids def initialize(params = {}) diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb index ec61fe1892e..a73c573736e 100644 --- a/app/finders/snippets_finder.rb +++ b/app/finders/snippets_finder.rb @@ -13,7 +13,9 @@ # params are optional class SnippetsFinder < UnionFinder include Gitlab::Allowable - attr_accessor :current_user, :params, :project + include FinderMethods + + attr_accessor :current_user, :project, :params def initialize(current_user, params = {}) @current_user = current_user @@ -52,10 +54,14 @@ class SnippetsFinder < UnionFinder end def authorized_snippets - Snippet.where(feature_available_projects.or(not_project_related)).public_or_visible_to_user(current_user) + Snippet.where(feature_available_projects.or(not_project_related)) + .public_or_visible_to_user(current_user) end def feature_available_projects + # Don't return any project related snippets if the user cannot read cross project + return table[:id].eq(nil) unless Ability.allowed?(current_user, :read_cross_project) + projects = Project.public_or_visible_to_user(current_user, use_where_in: false) do |part| part.with_feature_available_for_user(:snippets, current_user) end.select(:id) diff --git a/app/finders/todos_finder.rb b/app/finders/todos_finder.rb index 3502bf08971..edb17843002 100644 --- a/app/finders/todos_finder.rb +++ b/app/finders/todos_finder.rb @@ -13,6 +13,11 @@ # class TodosFinder + prepend FinderWithCrossProjectAccess + include FinderMethods + + requires_cross_project_access unless: -> { project? } + NONE = '0'.freeze attr_accessor :current_user, :params diff --git a/app/finders/user_recent_events_finder.rb b/app/finders/user_recent_events_finder.rb new file mode 100644 index 00000000000..6f7f7c30d92 --- /dev/null +++ b/app/finders/user_recent_events_finder.rb @@ -0,0 +1,33 @@ +# Get user activity feed for projects common for a user and a logged in user +# +# - current_user: The user viewing the events +# - user: The user for which to load the events +# - params: +# - offset: The page of events to return +class UserRecentEventsFinder + prepend FinderWithCrossProjectAccess + include FinderMethods + + requires_cross_project_access + + attr_reader :current_user, :target_user, :params + + def initialize(current_user, target_user, params = {}) + @current_user = current_user + @target_user = target_user + @params = params + end + + def execute + target_user + .recent_events + .merge(projects_for_current_user) + .references(:project) + .with_associations + .limit_recent(20, params[:offset]) + end + + def projects_for_current_user + ProjectsFinder.new(current_user: current_user).execute + end +end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index a6011eb9f30..475341cf9b1 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -34,7 +34,7 @@ module ApplicationHelper def project_icon(project_id, options = {}) project = - if project_id.is_a?(Project) + if project_id.respond_to?(:avatar_url) project_id else Project.find_by_full_path(project_id) diff --git a/app/helpers/branches_helper.rb b/app/helpers/branches_helper.rb index 2641a98e29e..00b9a0e00eb 100644 --- a/app/helpers/branches_helper.rb +++ b/app/helpers/branches_helper.rb @@ -10,12 +10,6 @@ module BranchesHelper project_branches_path(@project, @id, options) end - def can_push_branch?(project, branch_name) - return false unless project.repository.branch_exists?(branch_name) - - ::Gitlab::UserAccess.new(current_user, project: project).can_push_to_branch?(branch_name) - end - def project_branches options_for_select(@project.repository.branch_names, @project.default_branch) end diff --git a/app/helpers/dashboard_helper.rb b/app/helpers/dashboard_helper.rb index c25b54eadc6..19aa55a8d49 100644 --- a/app/helpers/dashboard_helper.rb +++ b/app/helpers/dashboard_helper.rb @@ -6,4 +6,28 @@ module DashboardHelper def assigned_mrs_dashboard_path merge_requests_dashboard_path(assignee_id: current_user.id) end + + def dashboard_nav_links + @dashboard_nav_links ||= get_dashboard_nav_links + end + + def dashboard_nav_link?(link) + dashboard_nav_links.include?(link) + end + + def any_dashboard_nav_link?(links) + links.any? { |link| dashboard_nav_link?(link) } + end + + private + + def get_dashboard_nav_links + links = [:projects, :groups, :snippets] + + if can?(current_user, :read_cross_project) + links += [:activity, :milestones] + end + + links + end end diff --git a/app/helpers/explore_helper.rb b/app/helpers/explore_helper.rb index b981a1e8242..f062a91a166 100644 --- a/app/helpers/explore_helper.rb +++ b/app/helpers/explore_helper.rb @@ -25,8 +25,24 @@ module ExploreHelper controller.class.name.split("::").first == "Explore" end + def explore_nav_links + @explore_nav_links ||= get_explore_nav_links + end + + def explore_nav_link?(link) + explore_nav_links.include?(link) + end + + def any_explore_nav_link?(links) + links.any? { |link| explore_nav_link?(link) } + end + private + def get_explore_nav_links + [:projects, :groups, :snippets] + end + def request_path_with_options(options = {}) request.path + "?#{options.to_param}" end diff --git a/app/helpers/groups_helper.rb b/app/helpers/groups_helper.rb index 23de3590b93..5fbaa17c40e 100644 --- a/app/helpers/groups_helper.rb +++ b/app/helpers/groups_helper.rb @@ -3,6 +3,14 @@ module GroupsHelper %w[groups#projects groups#edit ci_cd#show ldap_group_links#index hooks#index audit_events#index pipeline_quota#index] end + def group_sidebar_links + @group_sidebar_links ||= get_group_sidebar_links + end + + def group_sidebar_link?(link) + group_sidebar_links.include?(link) + end + def can_change_group_visibility_level?(group) can?(current_user, :change_visibility_level, group) end @@ -107,6 +115,20 @@ module GroupsHelper private + def get_group_sidebar_links + links = [:overview, :group_members] + + if can?(current_user, :read_cross_project) + links += [:activity, :issues, :labels, :milestones, :merge_requests] + end + + if can?(current_user, :admin_group, @group) + links << :settings + end + + links + end + def group_title_link(group, hidable: false, show_avatar: false, for_dropdown: false) link_to(group_path(group), class: "group-path #{'breadcrumb-item-text' unless for_dropdown} js-breadcrumb-item-text #{'hidable' if hidable}") do output = diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index 64cd3032780..0f25d401406 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -47,27 +47,6 @@ module IssuesHelper end end - def milestone_options(object) - milestones = object.project.milestones.active.reorder(due_date: :asc, title: :asc).to_a - milestones.unshift(object.milestone) if object.milestone.present? && object.milestone.closed? - milestones.unshift(Milestone::None) - - options_from_collection_for_select(milestones, 'id', 'title', object.milestone_id) - end - - def project_options(issuable, current_user, ability: :read_project) - projects = current_user.authorized_projects.order_id_desc - projects = projects.select do |project| - current_user.can?(ability, project) - end - - no_project = OpenStruct.new(id: 0, name_with_namespace: 'No project') - projects.unshift(no_project) - projects.delete(issuable.project) - - options_from_collection_for_select(projects, :id, :name_with_namespace) - end - def status_box_class(item) if item.try(:expired?) 'status-box-expired' diff --git a/app/helpers/nav_helper.rb b/app/helpers/nav_helper.rb index 680ea96a556..56c88e6eab0 100644 --- a/app/helpers/nav_helper.rb +++ b/app/helpers/nav_helper.rb @@ -1,4 +1,12 @@ module NavHelper + def header_links + @header_links ||= get_header_links + end + + def header_link?(link) + header_links.include?(link) + end + def page_with_sidebar_class class_name = page_gutter_class class_name << 'page-with-contextual-sidebar' if defined?(@left_sidebar) && @left_sidebar @@ -38,4 +46,28 @@ module NavHelper class_names end + + private + + def get_header_links + links = if current_user + [:user_dropdown] + else + [:sign_in] + end + + if can?(current_user, :read_cross_project) + links += [:issues, :merge_requests, :todos] if current_user.present? + end + + if @project&.persisted? || can?(current_user, :read_cross_project) + links << :search + end + + if session[:impersonator_id] + links << :admin_impersonation + end + + links + end end diff --git a/app/helpers/preferences_helper.rb b/app/helpers/preferences_helper.rb index aaee6eaeedd..373dfd457f7 100644 --- a/app/helpers/preferences_helper.rb +++ b/app/helpers/preferences_helper.rb @@ -48,30 +48,4 @@ module PreferencesHelper def user_color_scheme Gitlab::ColorSchemes.for_user(current_user).css_class end - - def default_project_view - return anonymous_project_view unless current_user - - user_view = current_user.project_view - - if can?(current_user, :download_code, @project) - user_view - elsif user_view == "activity" - "activity" - elsif can?(current_user, :read_wiki, @project) - "wiki" - elsif @project.feature_available?(:issues, current_user) - "projects/issues/issues" - else - "customize_workflow" - end - end - - def anonymous_project_view - if !@project.empty_repo? && can?(current_user, :download_code, @project) - 'files' - else - 'activity' - end - end end diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index b97b72d62c3..cc1c69a1999 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -153,11 +153,6 @@ module ProjectsHelper end end - def license_short_name(project) - license = project.repository.license - license&.nickname || license&.name || 'LICENSE' - end - def last_push_event current_user&.recent_push(@project) end @@ -213,6 +208,7 @@ module ProjectsHelper controller.controller_name, controller.action_name, Gitlab::CurrentSettings.cache_key, + "cross-project:#{can?(current_user, :read_cross_project)}", 'v2.5' ] @@ -265,6 +261,17 @@ module ProjectsHelper !!(params[:personal] || params[:name] || any_projects?(projects)) end + def push_to_create_project_command(user = current_user) + repository_url = + if Gitlab::CurrentSettings.current_application_settings.enabled_git_access_protocol == 'http' + user_url(user) + else + Gitlab.config.gitlab_shell.ssh_path_prefix + user.username + end + + "git push --set-upstream #{repository_url}/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD)" + end + private def repo_children_classes(field) @@ -390,55 +397,6 @@ module ProjectsHelper end end - def add_special_file_path(project, file_name:, commit_message: nil, branch_name: nil, context: nil) - commit_message ||= s_("CommitMessage|Add %{file_name}") % { file_name: file_name } - project_new_blob_path( - project, - project.default_branch || 'master', - file_name: file_name, - commit_message: commit_message, - branch_name: branch_name, - context: context - ) - end - - def add_koding_stack_path(project) - project_new_blob_path( - project, - project.default_branch || 'master', - file_name: '.koding.yml', - commit_message: "Add Koding stack script", - content: <<-CONTENT.strip_heredoc - provider: - aws: - access_key: '${var.aws_access_key}' - secret_key: '${var.aws_secret_key}' - resource: - aws_instance: - #{project.path}-vm: - instance_type: t2.nano - user_data: |- - - # Created by GitLab UI for :> - - echo _KD_NOTIFY_@Installing Base packages...@ - - apt-get update -y - apt-get install git -y - - echo _KD_NOTIFY_@Cloning #{project.name}...@ - - export KODING_USER=${var.koding_user_username} - export REPO_URL=#{root_url}${var.koding_queryString_repo}.git - export BRANCH=${var.koding_queryString_branch} - - sudo -i -u $KODING_USER git clone $REPO_URL -b $BRANCH - - echo _KD_NOTIFY_@#{project.name} cloned.@ - CONTENT - ) - end - def koding_project_url(project = nil, branch = nil, sha = nil) if project import_path = "/Home/Stacks/import" @@ -455,36 +413,6 @@ module ProjectsHelper Gitlab::CurrentSettings.koding_url end - def contribution_guide_path(project) - if project && contribution_guide = project.repository.contribution_guide - project_blob_path( - project, - tree_join(project.default_branch, - contribution_guide.name) - ) - end - end - - def readme_path(project) - filename_path(project, :readme) - end - - def changelog_path(project) - filename_path(project, :changelog) - end - - def license_path(project) - filename_path(project, :license_blob) - end - - def version_path(project) - filename_path(project, :version) - end - - def ci_configuration_path(project) - filename_path(project, :gitlab_ci_yml) - end - def project_wiki_path_with_version(proj, page, version, is_newest) url_params = is_newest ? {} : { version_id: version } project_wiki_path(proj, page, url_params) @@ -510,15 +438,6 @@ module ProjectsHelper @ref || @repository.try(:root_ref) end - def filename_path(project, filename) - if project && blob = project.repository.public_send(filename) # rubocop:disable GitlabSecurity/PublicSend - project_blob_path( - project, - tree_join(project.default_branch, blob.name) - ) - end - end - def sanitize_repo_path(project, message) return '' unless message.present? @@ -608,4 +527,8 @@ module ProjectsHelper project_find_file_path(@project, ref) end + + def can_show_last_commit_in_list?(project) + can?(current_user, :read_cross_project) && project.commit + end end diff --git a/app/helpers/tree_helper.rb b/app/helpers/tree_helper.rb index d39cac0f510..f5733b4b57c 100644 --- a/app/helpers/tree_helper.rb +++ b/app/helpers/tree_helper.rb @@ -55,7 +55,9 @@ module TreeHelper def tree_edit_branch(project = @project, ref = @ref) return unless can_edit_tree?(project, ref) - if can_push_branch?(project, ref) + project = project.present(current_user: current_user) + + if project.can_current_user_push_to_branch?(ref) ref else project = tree_edit_project(project) diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index b5f54d3e154..01af68088df 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -14,4 +14,18 @@ module UsersHelper content_tag(:strong) { user.unconfirmed_email } + h('.') + content_tag(:p) { confirmation_link } end + + def profile_tabs + @profile_tabs ||= get_profile_tabs + end + + def profile_tab?(tab) + profile_tabs.include?(tab) + end + + private + + def get_profile_tabs + [:activity, :groups, :contributed, :projects, :snippets] + end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 0b6bcbde5d9..6dae49f38dc 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -22,12 +22,30 @@ class Ability # # issues - The issues to reduce down to those readable by the user. # user - The User for which to check the issues - def issues_readable_by_user(issues, user = nil) + # filters - A hash of abilities and filters to apply if the user lacks this + # ability + def issues_readable_by_user(issues, user = nil, filters: {}) + issues = apply_filters_if_needed(issues, user, filters) + DeclarativePolicy.user_scope do issues.select { |issue| issue.visible_to_user?(user) } end end + # Returns an Array of MergeRequests that can be read by the given user. + # + # merge_requests - MRs out of which to collect mr's readable by the user. + # user - The User for which to check the merge_requests + # filters - A hash of abilities and filters to apply if the user lacks this + # ability + def merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) + merge_requests = apply_filters_if_needed(merge_requests, user, filters) + + DeclarativePolicy.user_scope do + merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) } + end + end + def can_edit_note?(user, note) allowed?(user, :edit_note, note) end @@ -53,5 +71,15 @@ class Ability cache = RequestStore.active? ? RequestStore : {} DeclarativePolicy.policy_for(user, subject, cache: cache) end + + private + + def apply_filters_if_needed(elements, user, filters) + filters.each do |ability, filter| + elements = filter.call(elements) unless allowed?(user, ability) + end + + elements + end end end diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index ee987949080..b230b7f47ef 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -467,7 +467,7 @@ module Ci if cache && project.jobs_cache_index cache = cache.merge( - key: "#{cache[:key]}_#{project.jobs_cache_index}") + key: "#{cache[:key]}-#{project.jobs_cache_index}") end [cache] diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb index 80c9f7d4eb4..bfda5b1678b 100644 --- a/app/models/concerns/protected_ref_access.rb +++ b/app/models/concerns/protected_ref_access.rb @@ -35,6 +35,7 @@ module ProtectedRefAccess def check_access(user) return true if user.admin? - project.team.max_member_access(user.id) >= access_level + user.can?(:push_code, project) && + project.team.max_member_access(user.id) >= access_level end end diff --git a/app/models/issue.rb b/app/models/issue.rb index 93628b456f2..c81f7e52bb1 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -159,7 +159,18 @@ class Issue < ActiveRecord::Base object.all_references(current_user, extractor: ext) end - ext.merge_requests.sort_by(&:iid) + merge_requests = ext.merge_requests.sort_by(&:iid) + + cross_project_filter = -> (merge_requests) do + merge_requests.select { |mr| mr.target_project == project } + end + + Ability.merge_requests_readable_by_user( + merge_requests, current_user, + filters: { + read_cross_project: cross_project_filter + } + ) end # All branches containing the current issue's ID, except for diff --git a/app/models/notification_recipient.rb b/app/models/notification_recipient.rb index 472b348a545..fd70e920c7e 100644 --- a/app/models/notification_recipient.rb +++ b/app/models/notification_recipient.rb @@ -85,6 +85,7 @@ class NotificationRecipient return false unless user.can?(:receive_notifications) return true if @skip_read_ability + return false if @target && !user.can?(:read_cross_project) return false if @project && !user.can?(:read_project, @project) return true unless read_ability diff --git a/app/models/project.rb b/app/models/project.rb index 79058d51af8..ba278a49688 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -15,6 +15,7 @@ class Project < ActiveRecord::Base include ValidAttribute include ProjectFeaturesCompatibility include SelectForProjectAuthorization + include Presentable include Routable include GroupDescendant include Gitlab::SQL::Pattern @@ -1036,6 +1037,9 @@ class Project < ActiveRecord::Base end def user_can_push_to_empty_repo?(user) + return false unless empty_repo? + return false unless Ability.allowed?(user, :push_code, self) + !ProtectedBranch.default_branch_protected? || team.max_member_access(user.id) > Gitlab::Access::DEVELOPER end diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 8fa7b2753c7..603218aa6df 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -15,4 +15,7 @@ class BasePolicy < DeclarativePolicy::Base condition(:restricted_public_level, scope: :global) do Gitlab::CurrentSettings.current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) end + + # This is prevented in some cases in `gitlab-ee` + rule { default }.enable :read_cross_project end diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb index f0aa16d2ecf..3f6d7d04667 100644 --- a/app/policies/issuable_policy.rb +++ b/app/policies/issuable_policy.rb @@ -3,6 +3,19 @@ class IssuablePolicy < BasePolicy condition(:locked, scope: :subject, score: 0) { @subject.discussion_locked? } + # We aren't checking `:read_issue` or `:read_merge_request` in this case + # because it could be possible for a user to see an issuable-iid + # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be allowed + # to read the actual issue after a more expensive `:read_issue` check. + # + # `:read_issue` & `:read_issue_iid` could diverge in gitlab-ee. + condition(:visible_to_user, score: 4) do + Project.where(id: @subject.project) + .public_or_visible_to_user(@user) + .with_feature_available_for_user(@subject, @user) + .any? + end + condition(:is_project_member) { @user && @subject.project && @subject.project.team.member?(@user) } desc "User is the assignee or author" diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb index bd2d417b2a8..ed499511999 100644 --- a/app/policies/issue_policy.rb +++ b/app/policies/issue_policy.rb @@ -13,7 +13,10 @@ class IssuePolicy < IssuablePolicy rule { confidential & ~can_read_confidential }.policy do prevent :read_issue + prevent :read_issue_iid prevent :update_issue prevent :admin_issue end + + rule { can?(:read_issue) | visible_to_user }.enable :read_issue_iid end diff --git a/app/policies/merge_request_policy.rb b/app/policies/merge_request_policy.rb index bc3afc626fb..e003376d219 100644 --- a/app/policies/merge_request_policy.rb +++ b/app/policies/merge_request_policy.rb @@ -1,3 +1,3 @@ class MergeRequestPolicy < IssuablePolicy - # pass + rule { can?(:read_merge_request) | visible_to_user }.enable :read_merge_request_iid end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 61a7bf02675..3b0550b4dd6 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -80,8 +80,9 @@ class ProjectPolicy < BasePolicy rule { reporter }.enable :reporter_access rule { developer }.enable :developer_access rule { master }.enable :master_access + rule { owner | admin }.enable :owner_access - rule { owner | admin }.policy do + rule { can?(:owner_access) }.policy do enable :guest_access enable :reporter_access enable :developer_access @@ -98,11 +99,6 @@ class ProjectPolicy < BasePolicy enable :remove_pages end - rule { owner | reporter }.policy do - enable :build_download_code - enable :build_read_container_image - end - rule { can?(:guest_access) }.policy do enable :read_project enable :read_board @@ -121,6 +117,11 @@ class ProjectPolicy < BasePolicy enable :read_cycle_analytics end + # These abilities are not allowed to admins that are not members of the project, + # that's why they are defined separatly. + rule { guest & can?(:download_code) }.enable :build_download_code + rule { guest & can?(:read_container_image) }.enable :build_read_container_image + rule { can?(:reporter_access) }.policy do enable :download_code enable :download_wiki_code @@ -140,12 +141,19 @@ class ProjectPolicy < BasePolicy enable :read_merge_request end + # We define `:public_user_access` separately because there are cases in gitlab-ee + # where we enable or prevent it based on other coditions. rule { (~anonymous & public_project) | internal_access }.policy do enable :public_user_access end rule { can?(:public_user_access) }.policy do + enable :public_access enable :guest_access + + enable :fork_project + enable :build_download_code + enable :build_read_container_image enable :request_access end @@ -196,14 +204,6 @@ class ProjectPolicy < BasePolicy enable :create_cluster end - rule { can?(:public_user_access) }.policy do - enable :public_access - - enable :fork_project - enable :build_download_code - enable :build_read_container_image - end - rule { archived }.policy do prevent :create_merge_request prevent :push_code diff --git a/app/presenters/project_presenter.rb b/app/presenters/project_presenter.rb new file mode 100644 index 00000000000..484ac64580d --- /dev/null +++ b/app/presenters/project_presenter.rb @@ -0,0 +1,338 @@ +class ProjectPresenter < Gitlab::View::Presenter::Delegated + include ActionView::Helpers::NumberHelper + include ActionView::Helpers::UrlHelper + include GitlabRoutingHelper + include StorageHelper + include TreeHelper + include Gitlab::Utils::StrongMemoize + + presents :project + + def statistics_anchors(show_auto_devops_callout:) + [ + files_anchor_data, + commits_anchor_data, + branches_anchor_data, + tags_anchor_data, + readme_anchor_data, + changelog_anchor_data, + license_anchor_data, + contribution_guide_anchor_data, + gitlab_ci_anchor_data, + autodevops_anchor_data(show_auto_devops_callout: show_auto_devops_callout), + kubernetes_cluster_anchor_data + ].compact.select { |item| item.enabled } + end + + def statistics_buttons(show_auto_devops_callout:) + [ + changelog_anchor_data, + license_anchor_data, + contribution_guide_anchor_data, + autodevops_anchor_data(show_auto_devops_callout: show_auto_devops_callout), + kubernetes_cluster_anchor_data, + gitlab_ci_anchor_data, + koding_anchor_data + ].compact.reject { |item| item.enabled } + end + + def empty_repo_statistics_anchors + [ + autodevops_anchor_data, + kubernetes_cluster_anchor_data + ].compact.select { |item| item.enabled } + end + + def empty_repo_statistics_buttons + [ + new_file_anchor_data, + readme_anchor_data, + license_anchor_data, + autodevops_anchor_data, + kubernetes_cluster_anchor_data + ].compact.reject { |item| item.enabled } + end + + def default_view + return anonymous_project_view unless current_user + + user_view = current_user.project_view + + if can?(current_user, :download_code, project) + user_view + elsif user_view == "activity" + "activity" + elsif can?(current_user, :read_wiki, project) + "wiki" + elsif feature_available?(:issues, current_user) + "projects/issues/issues" + else + "customize_workflow" + end + end + + def readme_path + filename_path(:readme) + end + + def changelog_path + filename_path(:changelog) + end + + def license_path + filename_path(:license_blob) + end + + def ci_configuration_path + filename_path(:gitlab_ci_yml) + end + + def contribution_guide_path + if project && contribution_guide = repository.contribution_guide + project_blob_path( + project, + tree_join(project.default_branch, + contribution_guide.name) + ) + end + end + + def add_license_path + add_special_file_path(file_name: 'LICENSE') + end + + def add_changelog_path + add_special_file_path(file_name: 'CHANGELOG') + end + + def add_contribution_guide_path + add_special_file_path(file_name: 'CONTRIBUTING.md', commit_message: 'Add contribution guide') + end + + def add_ci_yml_path + add_special_file_path(file_name: '.gitlab-ci.yml') + end + + def add_readme_path + add_special_file_path(file_name: 'README.md') + end + + def add_koding_stack_path + project_new_blob_path( + project, + default_branch || 'master', + file_name: '.koding.yml', + commit_message: "Add Koding stack script", + content: <<-CONTENT.strip_heredoc + provider: + aws: + access_key: '${var.aws_access_key}' + secret_key: '${var.aws_secret_key}' + resource: + aws_instance: + #{project.path}-vm: + instance_type: t2.nano + user_data: |- + + # Created by GitLab UI for :> + + echo _KD_NOTIFY_@Installing Base packages...@ + + apt-get update -y + apt-get install git -y + + echo _KD_NOTIFY_@Cloning #{project.name}...@ + + export KODING_USER=${var.koding_user_username} + export REPO_URL=#{root_url}${var.koding_queryString_repo}.git + export BRANCH=${var.koding_queryString_branch} + + sudo -i -u $KODING_USER git clone $REPO_URL -b $BRANCH + + echo _KD_NOTIFY_@#{project.name} cloned.@ + CONTENT + ) + end + + def license_short_name + license = repository.license + license&.nickname || license&.name || 'LICENSE' + end + + def can_current_user_push_code? + strong_memoize(:can_current_user_push_code) do + if empty_repo? + can?(current_user, :push_code, project) + else + can_current_user_push_to_branch?(default_branch) + end + end + end + + def can_current_user_push_to_branch?(branch) + return false unless repository.branch_exists?(branch) + + ::Gitlab::UserAccess.new(current_user, project: project).can_push_to_branch?(branch) + end + + def files_anchor_data + OpenStruct.new(enabled: true, + label: _('Files (%{human_size})') % { human_size: storage_counter(statistics.total_repository_size) }, + link: project_tree_path(project)) + end + + def commits_anchor_data + OpenStruct.new(enabled: true, + label: n_('Commit (%{commit_count})', 'Commits (%{commit_count})', statistics.commit_count) % { commit_count: number_with_delimiter(statistics.commit_count) }, + link: project_commits_path(project, repository.root_ref)) + end + + def branches_anchor_data + OpenStruct.new(enabled: true, + label: n_('Branch (%{branch_count})', 'Branches (%{branch_count})', repository.branch_count) % { branch_count: number_with_delimiter(repository.branch_count) }, + link: project_branches_path(project)) + end + + def tags_anchor_data + OpenStruct.new(enabled: true, + label: n_('Tag (%{tag_count})', 'Tags (%{tag_count})', repository.tag_count) % { tag_count: number_with_delimiter(repository.tag_count) }, + link: project_tags_path(project)) + end + + def new_file_anchor_data + if current_user && can_current_user_push_code? + OpenStruct.new(enabled: false, + label: _('New file'), + link: project_new_blob_path(project, default_branch || 'master'), + class_modifier: 'new') + end + end + + def readme_anchor_data + if current_user && can_current_user_push_code? && repository.readme.blank? + OpenStruct.new(enabled: false, + label: _('Add Readme'), + link: add_readme_path) + elsif repository.readme.present? + OpenStruct.new(enabled: true, + label: _('Readme'), + link: default_view != 'readme' ? readme_path : '#readme') + end + end + + def changelog_anchor_data + if current_user && can_current_user_push_code? && repository.changelog.blank? + OpenStruct.new(enabled: false, + label: _('Add Changelog'), + link: add_changelog_path) + elsif repository.changelog.present? + OpenStruct.new(enabled: true, + label: _('Changelog'), + link: changelog_path) + end + end + + def license_anchor_data + if current_user && can_current_user_push_code? && repository.license_blob.blank? + OpenStruct.new(enabled: false, + label: _('Add License'), + link: add_license_path) + elsif repository.license_blob.present? + OpenStruct.new(enabled: true, + label: license_short_name, + link: license_path) + end + end + + def contribution_guide_anchor_data + if current_user && can_current_user_push_code? && repository.contribution_guide.blank? + OpenStruct.new(enabled: false, + label: _('Add Contribution guide'), + link: add_contribution_guide_path) + elsif repository.contribution_guide.present? + OpenStruct.new(enabled: true, + label: _('Contribution guide'), + link: contribution_guide_path) + end + end + + def autodevops_anchor_data(show_auto_devops_callout: false) + if current_user && can?(current_user, :admin_pipeline, project) && repository.gitlab_ci_yml.blank? && !show_auto_devops_callout + OpenStruct.new(enabled: auto_devops_enabled?, + label: auto_devops_enabled? ? _('Auto DevOps enabled') : _('Enable Auto DevOps'), + link: project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings')) + elsif auto_devops_enabled? + OpenStruct.new(enabled: true, + label: _('Auto DevOps enabled'), + link: nil) + end + end + + def kubernetes_cluster_anchor_data + if current_user && can?(current_user, :create_cluster, project) + cluster_link = clusters.count == 1 ? project_cluster_path(project, clusters.first) : project_clusters_path(project) + + if clusters.empty? + cluster_link = new_project_cluster_path(project) + end + + OpenStruct.new(enabled: !clusters.empty?, + label: clusters.empty? ? _('Add Kubernetes cluster') : _('Kubernetes configured'), + link: cluster_link) + end + end + + def gitlab_ci_anchor_data + if current_user && can_current_user_push_code? && repository.gitlab_ci_yml.blank? && !auto_devops_enabled? + OpenStruct.new(enabled: false, + label: _('Set up CI/CD'), + link: add_ci_yml_path) + elsif repository.gitlab_ci_yml.present? + OpenStruct.new(enabled: true, + label: _('CI/CD configuration'), + link: ci_configuration_path) + end + end + + def koding_anchor_data + if current_user && can_current_user_push_code? && koding_enabled? && repository.koding_yml.blank? + OpenStruct.new(enabled: false, + label: _('Set up Koding'), + link: add_koding_stack_path) + end + end + + private + + def filename_path(filename) + if blob = repository.public_send(filename) # rubocop:disable GitlabSecurity/PublicSend + project_blob_path( + project, + tree_join(default_branch, blob.name) + ) + end + end + + def anonymous_project_view + if !project.empty_repo? && can?(current_user, :download_code, project) + 'files' + else + 'activity' + end + end + + def add_special_file_path(file_name:, commit_message: nil, branch_name: nil) + commit_message ||= s_("CommitMessage|Add %{file_name}") % { file_name: file_name } + project_new_blob_path( + project, + project.default_branch || 'master', + file_name: file_name, + commit_message: commit_message, + branch_name: branch_name + ) + end + + def koding_enabled? + Gitlab::CurrentSettings.koding_enabled? + end +end diff --git a/app/serializers/group_child_entity.rb b/app/serializers/group_child_entity.rb index aca4e4ca488..15ec0f89bb2 100644 --- a/app/serializers/group_child_entity.rb +++ b/app/serializers/group_child_entity.rb @@ -11,9 +11,7 @@ class GroupChildEntity < Grape::Entity end expose :can_edit do |instance| - return false unless request.respond_to?(:current_user) - - can?(request.current_user, "admin_#{type}", instance) + can_edit? end expose :edit_path do |instance| @@ -83,4 +81,17 @@ class GroupChildEntity < Grape::Entity def markdown_description markdown_field(object, :description) end + + def can_edit? + return false unless request.respond_to?(:current_user) + + if project? + # Avoid checking rights for each project, as it might be expensive if the + # user cannot read cross project. + can?(request.current_user, :read_cross_project) && + can?(request.current_user, :admin_project, object) + else + can?(request.current_user, :admin_group, object) + end + end end diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index cea56f4e849..15ab2d54404 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -30,10 +30,10 @@ module Clusters ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), username: gke_cluster.master_auth.username, password: gke_cluster.master_auth.password, - token: request_kuberenetes_token) + token: request_kubernetes_token) end - def request_kuberenetes_token + def request_kubernetes_token Ci::FetchKubernetesTokenService.new( 'https://' + gke_cluster.endpoint, Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index e7463e6e25c..66a9b1f82e0 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -247,7 +247,7 @@ class IssuableBaseService < BaseService when 'add' todo_service.mark_todo(issuable, current_user) when 'done' - todo = TodosFinder.new(current_user).execute.find_by(target: issuable) + todo = TodosFinder.new(current_user).find_by(target: issuable) todo_service.mark_todos_as_done_by_ids(todo, current_user) if todo end end diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index a9e5c028b03..010100f2da1 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -67,6 +67,10 @@ class GitlabUploader < CarrierWave::Uploader::Base super || file&.filename end + def model_valid? + !!model + end + private # Designed to be overridden by child uploaders that have a dynamic path diff --git a/app/uploaders/personal_file_uploader.rb b/app/uploaders/personal_file_uploader.rb index e7d9ecd3222..f2ad0badd53 100644 --- a/app/uploaders/personal_file_uploader.rb +++ b/app/uploaders/personal_file_uploader.rb @@ -14,6 +14,12 @@ class PersonalFileUploader < FileUploader File.join(model.class.to_s.underscore, model.id.to_s) end + # model_path_segment does not require a model to be passed, so we can always + # generate a path, even when there's no model. + def model_valid? + true + end + # Revert-Override def store_dir File.join(base_dir, dynamic_segment) diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 938185b6eba..60f12030f98 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -647,11 +647,8 @@ = f.label :version_check_enabled do = f.check_box :version_check_enabled Version check enabled - = link_to icon('question-circle'), help_page_path("user/admin_area/settings/usage_statistics", anchor: "version-check") .help-block - Let GitLab inform you when an update is available. When - enabled, GitLab Inc. will collect info about your hostname - and version. + Let GitLab inform you when an update is available. .form-group .col-sm-offset-2.col-sm-10 - can_be_configured = @application_setting.usage_ping_can_be_configured? diff --git a/app/views/errors/access_denied.html.haml b/app/views/errors/access_denied.html.haml index a97cbd4d4b3..bf540439c79 100644 --- a/app/views/errors/access_denied.html.haml +++ b/app/views/errors/access_denied.html.haml @@ -1,3 +1,5 @@ +- message = local_assigns.fetch(:message) + - content_for(:title, 'Access Denied') %img{ :alt => "GitLab Logo", :src => image_path('logo.svg') } %h1 @@ -5,5 +7,9 @@ .container %h3 Access Denied %hr - %p You are not allowed to access this page. - %p Read more about project permissions #{link_to "here", help_page_path("user/permissions"), class: "vlink"} + - if message + %p + = message + - else + %p You are not allowed to access this page. + %p Read more about project permissions #{link_to "here", help_page_path("user/permissions"), class: "vlink"} diff --git a/app/views/help/ui.html.haml b/app/views/help/ui.html.haml index 1c4d67a8d2c..ce09b44fbb2 100644 --- a/app/views/help/ui.html.haml +++ b/app/views/help/ui.html.haml @@ -1,7 +1,5 @@ - page_title "UI Development Kit", "Help" - lorem = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed fermentum nisi sapien, non consequat lectus aliquam ultrices. Suspendisse sodales est euismod nunc condimentum, a consectetur diam ornare." -- content_for :page_specific_javascripts do - = webpack_bundle_tag('ui_development_kit') .gitlab-ui-dev-kit %h1 GitLab UI development kit diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml index 1d00ae928f6..e6238c0dddb 100644 --- a/app/views/layouts/header/_default.html.haml +++ b/app/views/layouts/header/_default.html.haml @@ -20,29 +20,34 @@ %ul.nav.navbar-nav - if current_user = render 'layouts/header/new_dropdown' - %li.hidden-sm.hidden-xs - = render 'layouts/search' unless current_controller?(:search) - %li.visible-sm-inline-block.visible-xs-inline-block - = link_to search_path, title: 'Search', aria: { label: "Search" }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do - = sprite_icon('search', size: 16) - - if current_user + - if header_link?(:search) + %li.hidden-sm.hidden-xs + = render 'layouts/search' unless current_controller?(:search) + %li.visible-sm-inline-block.visible-xs-inline-block + = link_to search_path, title: 'Search', aria: { label: "Search" }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do + = sprite_icon('search', size: 16) + + - if header_link?(:issues) = nav_link(path: 'dashboard#issues', html_options: { class: "user-counter" }) do = link_to assigned_issues_dashboard_path, title: 'Issues', class: 'dashboard-shortcuts-issues', aria: { label: "Issues" }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do = sprite_icon('issues', size: 16) - issues_count = assigned_issuables_count(:issues) %span.badge.issues-count{ class: ('hidden' if issues_count.zero?) } = number_with_delimiter(issues_count) + - if header_link?(:merge_requests) = nav_link(path: 'dashboard#merge_requests', html_options: { class: "user-counter" }) do = link_to assigned_mrs_dashboard_path, title: 'Merge requests', class: 'dashboard-shortcuts-merge_requests', aria: { label: "Merge requests" }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do = sprite_icon('git-merge', size: 16) - merge_requests_count = assigned_issuables_count(:merge_requests) %span.badge.merge-requests-count{ class: ('hidden' if merge_requests_count.zero?) } = number_with_delimiter(merge_requests_count) + - if header_link?(:todos) = nav_link(controller: 'dashboard/todos', html_options: { class: "user-counter" }) do = link_to dashboard_todos_path, title: 'Todos', aria: { label: "Todos" }, class: 'shortcuts-todos', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do = sprite_icon('todo-done', size: 16) %span.badge.todos-count{ class: ('hidden' if todos_pending_count.zero?) } = todos_count_format(todos_pending_count) + - if header_link?(:user_dropdown) %li.header-user.dropdown = link_to current_user, class: user_dropdown_class, data: { toggle: "dropdown" } do = image_tag avatar_icon_for_user(current_user, 23), width: 23, height: 23, class: "header-user-avatar qa-user-avatar" @@ -64,11 +69,11 @@ %li.divider %li = link_to "Sign out", destroy_user_session_path, class: "sign-out-link" - - if session[:impersonator_id] - %li.impersonation - = link_to admin_impersonation_path, class: 'impersonation-btn', method: :delete, title: "Stop impersonation", aria: { label: 'Stop impersonation' }, data: { toggle: 'tooltip', placement: 'bottom', container: 'body' } do - = icon('user-secret') - - else + - if header_link?(:admin_impersonation) + %li.impersonation + = link_to admin_impersonation_path, class: 'impersonation-btn', method: :delete, title: "Stop impersonation", aria: { label: 'Stop impersonation' }, data: { toggle: 'tooltip', placement: 'bottom', container: 'body' } do + = icon('user-secret') + - if header_link?(:sign_in) %li %div = link_to "Sign in / Register", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in' diff --git a/app/views/layouts/nav/_dashboard.html.haml b/app/views/layouts/nav/_dashboard.html.haml index 74532eba298..f773bd0832d 100644 --- a/app/views/layouts/nav/_dashboard.html.haml +++ b/app/views/layouts/nav/_dashboard.html.haml @@ -1,53 +1,64 @@ %ul.list-unstyled.navbar-sub-nav - = nav_link(path: ['root#index', 'projects#trending', 'projects#starred', 'dashboard/projects#index'], html_options: { id: 'nav-projects-dropdown', class: "home dropdown header-projects qa-projects-dropdown" }) do - %a{ href: "#", data: { toggle: "dropdown" } } - Projects - = sprite_icon('angle-down', css_class: 'caret-down') - .dropdown-menu.projects-dropdown-menu - = render "layouts/nav/projects_dropdown/show" + - if dashboard_nav_link?(:projects) + = nav_link(path: ['root#index', 'projects#trending', 'projects#starred', 'dashboard/projects#index'], html_options: { id: 'nav-projects-dropdown', class: "home dropdown header-projects qa-projects-dropdown" }) do + %a{ href: "#", data: { toggle: "dropdown" } } + Projects + = sprite_icon('angle-down', css_class: 'caret-down') + .dropdown-menu.projects-dropdown-menu + = render "layouts/nav/projects_dropdown/show" - = nav_link(controller: ['dashboard/groups', 'explore/groups'], html_options: { class: "hidden-xs" }) do - = link_to dashboard_groups_path, class: 'dashboard-shortcuts-groups qa-groups-link', title: 'Groups' do - Groups + - if dashboard_nav_link?(:groups) + = nav_link(controller: ['dashboard/groups', 'explore/groups'], html_options: { class: "hidden-xs" }) do + = link_to dashboard_groups_path, class: 'dashboard-shortcuts-groups qa-groups-link', title: 'Groups' do + Groups - = nav_link(path: 'dashboard#activity', html_options: { class: "visible-lg" }) do - = link_to activity_dashboard_path, class: 'dashboard-shortcuts-activity', title: 'Activity' do - Activity + - if dashboard_nav_link?(:activity) + = nav_link(path: 'dashboard#activity', html_options: { class: "visible-lg" }) do + = link_to activity_dashboard_path, class: 'dashboard-shortcuts-activity', title: 'Activity' do + Activity - = nav_link(controller: 'dashboard/milestones', html_options: { class: "visible-lg" }) do - = link_to dashboard_milestones_path, class: 'dashboard-shortcuts-milestones', title: 'Milestones' do - Milestones + - if dashboard_nav_link?(:milestones) + = nav_link(controller: 'dashboard/milestones', html_options: { class: "visible-lg" }) do + = link_to dashboard_milestones_path, class: 'dashboard-shortcuts-milestones', title: 'Milestones' do + Milestones - = nav_link(controller: 'dashboard/snippets', html_options: { class: "visible-lg" }) do - = link_to dashboard_snippets_path, class: 'dashboard-shortcuts-snippets', title: 'Snippets' do - Snippets + - if dashboard_nav_link?(:snippets) + = nav_link(controller: 'dashboard/snippets', html_options: { class: "visible-lg" }) do + = link_to dashboard_snippets_path, class: 'dashboard-shortcuts-snippets', title: 'Snippets' do + Snippets - %li.header-more.dropdown.hidden-lg - %a{ href: "#", data: { toggle: "dropdown" } } - More - = sprite_icon('angle-down', css_class: 'caret-down') - .dropdown-menu - %ul - = nav_link(controller: ['dashboard/groups', 'explore/groups'], html_options: { class: "visible-xs" }) do - = link_to dashboard_groups_path, class: 'dashboard-shortcuts-groups', title: 'Groups' do - Groups + - if any_dashboard_nav_link?([:groups, :milestones, :activity, :snippets]) + %li.header-more.dropdown.hidden-lg + %a{ href: "#", data: { toggle: "dropdown" } } + More + = sprite_icon('angle-down', css_class: 'caret-down') + .dropdown-menu + %ul + - if dashboard_nav_link?(:groups) + = nav_link(controller: ['dashboard/groups', 'explore/groups'], html_options: { class: "visible-xs" }) do + = link_to dashboard_groups_path, class: 'dashboard-shortcuts-groups', title: 'Groups' do + Groups - = nav_link(path: 'dashboard#activity') do - = link_to activity_dashboard_path, title: 'Activity' do - Activity + - if dashboard_nav_link?(:activity) + = nav_link(path: 'dashboard#activity') do + = link_to activity_dashboard_path, title: 'Activity' do + Activity - = nav_link(controller: 'dashboard/milestones') do - = link_to dashboard_milestones_path, class: 'dashboard-shortcuts-milestones', title: 'Milestones' do - Milestones + - if dashboard_nav_link?(:milestones) + = nav_link(controller: 'dashboard/milestones') do + = link_to dashboard_milestones_path, class: 'dashboard-shortcuts-milestones', title: 'Milestones' do + Milestones - = nav_link(controller: 'dashboard/snippets') do - = link_to dashboard_snippets_path, class: 'dashboard-shortcuts-snippets', title: 'Snippets' do - Snippets + - if dashboard_nav_link?(:snippets) + = nav_link(controller: 'dashboard/snippets') do + = link_to dashboard_snippets_path, class: 'dashboard-shortcuts-snippets', title: 'Snippets' do + Snippets -# Shortcut to Dashboard > Projects - %li.hidden - = link_to dashboard_projects_path, title: 'Projects', class: 'dashboard-shortcuts-projects' do - Projects + - if dashboard_nav_link?(:projects) + %li.hidden + = link_to dashboard_projects_path, title: 'Projects', class: 'dashboard-shortcuts-projects' do + Projects - if current_controller?('ide') %li.line-separator.hidden-xs diff --git a/app/views/layouts/nav/_explore.html.haml b/app/views/layouts/nav/_explore.html.haml index cd1c39f3226..50bde9d1754 100644 --- a/app/views/layouts/nav/_explore.html.haml +++ b/app/views/layouts/nav/_explore.html.haml @@ -1,12 +1,15 @@ %ul.list-unstyled.navbar-sub-nav - = nav_link(path: ['dashboard#show', 'root#show', 'projects#trending', 'projects#starred', 'projects#index'], html_options: {class: 'home'}) do - = link_to explore_root_path, title: 'Projects', class: 'dashboard-shortcuts-projects' do - Projects - = nav_link(controller: [:groups, 'groups/milestones', 'groups/group_members']) do - = link_to explore_groups_path, title: 'Groups', class: 'dashboard-shortcuts-groups' do - Groups - = nav_link(controller: :snippets) do - = link_to explore_snippets_path, title: 'Snippets', class: 'dashboard-shortcuts-snippets' do - Snippets + - if explore_nav_link?(:projects) + = nav_link(path: ['dashboard#show', 'root#show', 'projects#trending', 'projects#starred', 'projects#index'], html_options: {class: 'home'}) do + = link_to explore_root_path, title: 'Projects', class: 'dashboard-shortcuts-projects' do + Projects + - if explore_nav_link?(:groups) + = nav_link(controller: [:groups, 'groups/milestones', 'groups/group_members']) do + = link_to explore_groups_path, title: 'Groups', class: 'dashboard-shortcuts-groups' do + Groups + - if explore_nav_link?(:snippets) + = nav_link(controller: :snippets) do + = link_to explore_snippets_path, title: 'Snippets', class: 'dashboard-shortcuts-snippets' do + Snippets %li = link_to "Help", help_path, title: 'About GitLab CE' diff --git a/app/views/layouts/nav/sidebar/_group.html.haml b/app/views/layouts/nav/sidebar/_group.html.haml index 09a43a2cac5..47ae79b7a69 100644 --- a/app/views/layouts/nav/sidebar/_group.html.haml +++ b/app/views/layouts/nav/sidebar/_group.html.haml @@ -1,6 +1,8 @@ - issues_count = IssuesFinder.new(current_user, group_id: @group.id, state: 'opened').execute.count - merge_requests_count = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened', non_archived: true).execute.count +- issues_sub_menu_items = ['groups#issues', 'labels#index', 'milestones#index'] + .nav-sidebar{ class: ("sidebar-collapsed-desktop" if collapsed_sidebar?) } .nav-sidebar-inner-scroll .context-header @@ -10,84 +12,93 @@ .sidebar-context-title = @group.name %ul.sidebar-top-level-items - = nav_link(path: ['groups#show', 'groups#activity', 'groups#subgroups'], html_options: { class: 'home' }) do - = link_to group_path(@group) do - .nav-icon-container - = sprite_icon('project') - %span.nav-item-name - Overview + - if group_sidebar_link?(:overview) + = nav_link(path: ['groups#show', 'groups#activity', 'groups#subgroups', 'analytics#show'], html_options: { class: 'home' }) do + = link_to group_path(@group) do + .nav-icon-container + = sprite_icon('project') + %span.nav-item-name + Overview - %ul.sidebar-sub-level-items - = nav_link(path: ['groups#show', 'groups#activity', 'groups#subgroups'], html_options: { class: "fly-out-top-item" } ) do - = link_to group_path(@group) do - %strong.fly-out-top-item-name - #{ _('Overview') } - %li.divider.fly-out-top-item - = nav_link(path: ['groups#show', 'groups#subgroups'], html_options: { class: 'home' }) do - = link_to group_path(@group), title: 'Group details' do - %span - Details + %ul.sidebar-sub-level-items + = nav_link(path: ['groups#show', 'groups#activity', 'groups#subgroups'], html_options: { class: "fly-out-top-item" } ) do + = link_to group_path(@group) do + %strong.fly-out-top-item-name + #{ _('Overview') } + %li.divider.fly-out-top-item + = nav_link(path: ['groups#show', 'groups#subgroups'], html_options: { class: 'home' }) do + = link_to group_path(@group), title: 'Group details' do + %span + Details - = nav_link(path: 'groups#activity') do - = link_to activity_group_path(@group), title: 'Activity' do - %span - Activity + - if group_sidebar_link?(:activity) + = nav_link(path: 'groups#activity') do + = link_to activity_group_path(@group), title: 'Activity' do + %span + Activity - = nav_link(path: ['groups#issues', 'labels#index', 'milestones#index']) do - = link_to issues_group_path(@group) do - .nav-icon-container - = sprite_icon('issues') - %span.nav-item-name - Issues - %span.badge.count= number_with_delimiter(issues_count) + - if group_sidebar_link?(:issues) + = nav_link(path: issues_sub_menu_items) do + = link_to issues_group_path(@group) do + .nav-icon-container + = sprite_icon('issues') + %span.nav-item-name + Issues + %span.badge.count= number_with_delimiter(issues_count) - %ul.sidebar-sub-level-items - = nav_link(path: ['groups#issues', 'labels#index', 'milestones#index'], html_options: { class: "fly-out-top-item" } ) do - = link_to issues_group_path(@group) do - %strong.fly-out-top-item-name - #{ _('Issues') } - %span.badge.count.issue_counter.fly-out-badge= number_with_delimiter(issues_count) - %li.divider.fly-out-top-item - = nav_link(path: 'groups#issues', html_options: { class: 'home' }) do - = link_to issues_group_path(@group), title: 'List' do - %span - List + %ul.sidebar-sub-level-items + = nav_link(path: ['groups#issues', 'labels#index', 'milestones#index'], html_options: { class: "fly-out-top-item" } ) do + = link_to issues_group_path(@group) do + %strong.fly-out-top-item-name + #{ _('Issues') } + %span.badge.count.issue_counter.fly-out-badge= number_with_delimiter(issues_count) + %li.divider.fly-out-top-item + = nav_link(path: 'groups#issues', html_options: { class: 'home' }) do + = link_to issues_group_path(@group), title: 'List' do + %span + List + + - if group_sidebar_link?(:labels) + = nav_link(path: 'labels#index') do + = link_to group_labels_path(@group), title: 'Labels' do + %span + Labels - = nav_link(path: 'labels#index') do - = link_to group_labels_path(@group), title: 'Labels' do - %span - Labels + - if group_sidebar_link?(:milestones) + = nav_link(path: 'milestones#index') do + = link_to group_milestones_path(@group), title: 'Milestones' do + %span + Milestones + + - if group_sidebar_link?(:merge_requests) + = nav_link(path: 'groups#merge_requests') do + = link_to merge_requests_group_path(@group) do + .nav-icon-container + = sprite_icon('git-merge') + %span.nav-item-name + Merge Requests + %span.badge.count= number_with_delimiter(merge_requests_count) + %ul.sidebar-sub-level-items.is-fly-out-only + = nav_link(path: 'groups#merge_requests', html_options: { class: "fly-out-top-item" } ) do + = link_to merge_requests_group_path(@group) do + %strong.fly-out-top-item-name + #{ _('Merge Requests') } + %span.badge.count.merge_counter.js-merge-counter.fly-out-badge= number_with_delimiter(merge_requests_count) - = nav_link(path: 'milestones#index') do - = link_to group_milestones_path(@group), title: 'Milestones' do - %span - Milestones + - if group_sidebar_link?(:group_members) + = nav_link(path: 'group_members#index') do + = link_to group_group_members_path(@group) do + .nav-icon-container + = sprite_icon('users') + %span.nav-item-name + Members + %ul.sidebar-sub-level-items.is-fly-out-only + = nav_link(path: 'group_members#index', html_options: { class: "fly-out-top-item" } ) do + = link_to group_group_members_path(@group) do + %strong.fly-out-top-item-name + #{ _('Members') } - = nav_link(path: 'groups#merge_requests') do - = link_to merge_requests_group_path(@group) do - .nav-icon-container - = sprite_icon('git-merge') - %span.nav-item-name - Merge Requests - %span.badge.count= number_with_delimiter(merge_requests_count) - %ul.sidebar-sub-level-items.is-fly-out-only - = nav_link(path: 'groups#merge_requests', html_options: { class: "fly-out-top-item" } ) do - = link_to merge_requests_group_path(@group) do - %strong.fly-out-top-item-name - #{ _('Merge Requests') } - %span.badge.count.merge_counter.js-merge-counter.fly-out-badge= number_with_delimiter(merge_requests_count) - = nav_link(path: 'group_members#index') do - = link_to group_group_members_path(@group) do - .nav-icon-container - = sprite_icon('users') - %span.nav-item-name - Members - %ul.sidebar-sub-level-items.is-fly-out-only - = nav_link(path: 'group_members#index', html_options: { class: "fly-out-top-item" } ) do - = link_to group_group_members_path(@group) do - %strong.fly-out-top-item-name - #{ _('Members') } - - if current_user && can?(current_user, :admin_group, @group) + - if group_sidebar_link?(:settings) = nav_link(path: group_nav_link_paths) do = link_to edit_group_path(@group) do .nav-icon-container diff --git a/app/views/projects/_new_project_push_tip.html.haml b/app/views/projects/_new_project_push_tip.html.haml new file mode 100644 index 00000000000..9bc69211d12 --- /dev/null +++ b/app/views/projects/_new_project_push_tip.html.haml @@ -0,0 +1,11 @@ +.push-to-create-popover + %p + = label_tag(:push_to_create_tip, _("Private projects can be created in your personal namespace with:"), class: "weight-normal") + + %p.input-group.project-tip-command + %span.input-group-btn + = text_field_tag :push_to_create_tip, push_to_create_project_command, class: "js-select-on-focus form-control monospace", readonly: true, aria: { label: _("Push project from command line") } + %span.input-group-btn + = clipboard_button(text: push_to_create_project_command, title: _("Copy command to clipboard"), placement: "right") + %p + = link_to("What does this command do?", help_page_path("gitlab-basics/create-project", anchor: "push-to-create-a-new-project"), target: "_blank") diff --git a/app/views/projects/_readme.html.haml b/app/views/projects/_readme.html.haml index aebdfbc8218..705338c083e 100644 --- a/app/views/projects/_readme.html.haml +++ b/app/views/projects/_readme.html.haml @@ -20,4 +20,4 @@ distributed with computer software, forming part of its documentation. GitLab will render it here instead of this message. %p - = link_to "Add Readme", add_special_file_path(@project, file_name: 'README.md'), class: 'btn btn-new' + = link_to "Add Readme", @project.add_readme_path, class: 'btn btn-new' diff --git a/app/views/projects/_stat_anchor_list.html.haml b/app/views/projects/_stat_anchor_list.html.haml new file mode 100644 index 00000000000..a115b65938b --- /dev/null +++ b/app/views/projects/_stat_anchor_list.html.haml @@ -0,0 +1,8 @@ +- anchors = local_assigns.fetch(:anchors, []) + +- return unless anchors.any? +%ul.nav + - anchors.each do |anchor| + %li + = link_to_if anchor.link, anchor.label, anchor.link, class: anchor.enabled ? 'stat-link' : "btn btn-#{anchor.class_modifier || 'missing'}" do + %span.stat-text= anchor.label diff --git a/app/views/projects/buttons/_koding.html.haml b/app/views/projects/buttons/_koding.html.haml index de2d61d4aa3..e665ca61da8 100644 --- a/app/views/projects/buttons/_koding.html.haml +++ b/app/views/projects/buttons/_koding.html.haml @@ -1,3 +1,3 @@ -- if koding_enabled? && current_user && @repository.koding_yml && can_push_branch?(@project, @project.default_branch) +- if koding_enabled? && current_user && @repository.koding_yml && @project.can_current_user_push_code? = link_to koding_project_url(@project), class: 'btn project-action-button inline', target: '_blank', rel: 'noopener noreferrer' do _('Run in IDE (Koding)') diff --git a/app/views/projects/empty.html.haml b/app/views/projects/empty.html.haml index ab225796b12..8a36fada389 100644 --- a/app/views/projects/empty.html.haml +++ b/app/views/projects/empty.html.haml @@ -5,38 +5,41 @@ = render "home_panel" -.row-content-block.second-block.center - %h4 - The repository for this project is empty +.project-empty-note-panel + %div{ class: [container_class, ("limit-container-width-sm" unless fluid_layout)] } + .prepend-top-20 + %h4 + = _('The repository for this project is empty') + + - if @project.can_current_user_push_code? + %p + - link_to_cli = link_to _('command line instructions'), '#repo-command-line-instructions' + = _('If you already have files you can push them using the %{link_to_cli} below.').html_safe % { link_to_cli: link_to_cli } + %p + %em + - link_to_protected_branches = link_to _('Learn more about protected branches'), help_page_path('user/project/protected_branches') + = _('Note that the master branch is automatically protected. %{link_to_protected_branches}').html_safe % { link_to_protected_branches: link_to_protected_branches } - - if can?(current_user, :push_code, @project) - %p - If you already have files you can push them using command line instructions below. - %p - Otherwise you can start with adding a - = succeed ',' do - = link_to "README", add_special_file_path(@project, file_name: 'README.md') - a - = succeed ',' do - = link_to "LICENSE", add_special_file_path(@project, file_name: 'LICENSE') - or a - = link_to '.gitignore', add_special_file_path(@project, file_name: '.gitignore') - to this project. - %p - You will need to be owner or have the master permission level for the initial push, as the master branch is automatically protected. + %hr + %p + - link_to_auto_devops_settings = link_to(s_('AutoDevOps|enable Auto DevOps (Beta)'), project_settings_ci_cd_path(@project, anchor: 'js-general-pipeline-settings')) + - link_to_add_kubernetes_cluster = link_to(s_('AutoDevOps|add a Kubernetes cluster'), new_project_cluster_path(@project)) + = s_('AutoDevOps|You can automatically build and test your application if you %{link_to_auto_devops_settings} for this project. You can automatically deploy it as well, if you %{link_to_add_kubernetes_cluster}.').html_safe % { link_to_auto_devops_settings: link_to_auto_devops_settings, link_to_add_kubernetes_cluster: link_to_add_kubernetes_cluster } - - if show_auto_devops_callout?(@project) + %hr %p - - link = link_to(s_('AutoDevOps|Auto DevOps (Beta)'), project_settings_ci_cd_path(@project, anchor: 'js-general-pipeline-settings')) - = s_('AutoDevOps|You can activate %{link_to_settings} for this project.').html_safe % { link_to_settings: link } - %p= s_('AutoDevOps|It will automatically build, test, and deploy your application based on a predefined CI/CD configuration.') - %p= link_to _('New file'), project_new_blob_path(@project, @project.default_branch || 'master'), class: 'btn btn-new' + = _('Otherwise it is recommended you start with one of the options below.') + .prepend-top-20 + +%nav.project-stats{ class: container_class } + = render 'stat_anchor_list', anchors: @project.empty_repo_statistics_anchors + = render 'stat_anchor_list', anchors: @project.empty_repo_statistics_buttons - if can?(current_user, :push_code, @project) - %div{ class: container_class } + %div{ class: [container_class, ("limit-container-width-sm" unless fluid_layout)] } .prepend-top-20 .empty_wrapper - %h3.page-title-empty + %h3#repo-command-line-instructions.page-title-empty Command line instructions .git-empty %fieldset diff --git a/app/views/projects/new.html.haml b/app/views/projects/new.html.haml index 61ae0ebbce6..679ba23a4db 100644 --- a/app/views/projects/new.html.haml +++ b/app/views/projects/new.html.haml @@ -4,6 +4,7 @@ - page_title 'New Project' - header_title "Projects", dashboard_projects_path - visibility_level = params.dig(:project, :visibility_level) || default_project_visibility +- active_tab = local_assigns.fetch(:active_tab, 'blank') .project-edit-container .project-edit-errors @@ -18,34 +19,41 @@ All features are enabled when you create a project, but you can disable the ones you don’t need in the project settings. .md = brand_new_project_guidelines + %p + %strong= _("Tip:") + = _("You can also create a project from the command line.") + %a.push-new-project-tip{ data: { title: _("Push to create a project") }, href: help_page_path('gitlab-basics/create-project', anchor: 'push-to-create-a-new-project'), target: "_blank", rel: "noopener noreferrer" } + = _("Show command") + %template.push-new-project-tip-template= render partial: "new_project_push_tip" + .col-lg-9.js-toggle-container %ul.nav-links.gitlab-tabs{ role: 'tablist' } - %li.active{ role: 'presentation' } + %li{ class: ('active' if active_tab == 'blank'), role: 'presentation' } %a{ href: '#blank-project-pane', id: 'blank-project-tab', data: { toggle: 'tab' }, role: 'tab' } %span.hidden-xs Blank project %span.visible-xs Blank - %li{ role: 'presentation' } + %li{ class: ('active' if active_tab == 'template'), role: 'presentation' } %a{ href: '#create-from-template-pane', id: 'create-from-template-tab', data: { toggle: 'tab' }, role: 'tab' } %span.hidden-xs Create from template %span.visible-xs Template - %li{ role: 'presentation' } + %li{ class: ('active' if active_tab == 'import'), role: 'presentation' } %a{ href: '#import-project-pane', id: 'import-project-tab', data: { toggle: 'tab' }, role: 'tab' } %span.hidden-xs Import project %span.visible-xs Import .tab-content.gitlab-tab-content - .tab-pane.active{ id: 'blank-project-pane', role: 'tabpanel' } + .tab-pane{ id: 'blank-project-pane', class: ('active' if active_tab == 'blank'), role: 'tabpanel' } = form_for @project, html: { class: 'new_project' } do |f| = render 'new_project_fields', f: f, project_name_id: "blank-project-name" - .tab-pane.no-padding{ id: 'create-from-template-pane', role: 'tabpanel' } + .tab-pane.no-padding{ id: 'create-from-template-pane', class: ('active' if active_tab == 'template'), role: 'tabpanel' } = form_for @project, html: { class: 'new_project' } do |f| .project-template .form-group %div = render 'project_templates', f: f - .tab-pane.import-project-pane{ id: 'import-project-pane', role: 'tabpanel' } + .tab-pane.import-project-pane{ id: 'import-project-pane', class: ('active' if active_tab == 'import'), role: 'tabpanel' } = form_for @project, html: { class: 'new_project' } do |f| - if import_sources_enabled? .project-import.row @@ -92,7 +100,7 @@ %button.btn.js-toggle-button.import_git{ type: "button" } = icon('git', text: 'Repo by URL') .col-lg-12 - .js-toggle-content.hide.toggle-import-form + .js-toggle-content.toggle-import-form{ class: ('hide' if active_tab != 'import') } %hr = render "shared/import_form", f: f = render 'new_project_fields', f: f, project_name_id: "import-url-name" diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml index 888d820b04e..fa281327eb7 100644 --- a/app/views/projects/show.html.haml +++ b/app/views/projects/show.html.haml @@ -1,6 +1,7 @@ - @no_container = true - breadcrumb_title "Details" - @content_class = "limit-container-width" unless fluid_layout +- show_auto_devops_callout = show_auto_devops_callout?(@project) = content_for :meta_tags do = auto_discovery_link_tag(:atom, project_path(@project, rss_url_options), title: "#{@project.name} activity") @@ -14,65 +15,9 @@ - if can?(current_user, :download_code, @project) %nav.project-stats{ class: container_class } - %ul.nav - %li - = link_to project_tree_path(@project) do - #{_('Files')} (#{storage_counter(@project.statistics.total_repository_size)}) - %li - = link_to project_commits_path(@project, current_ref) do - #{n_('Commit', 'Commits', @project.statistics.commit_count)} (#{number_with_delimiter(@project.statistics.commit_count)}) - %li - = link_to project_branches_path(@project) do - #{n_('Branch', 'Branches', @repository.branch_count)} (#{number_with_delimiter(@repository.branch_count)}) - %li - = link_to project_tags_path(@project) do - #{n_('Tag', 'Tags', @repository.tag_count)} (#{number_with_delimiter(@repository.tag_count)}) + = render 'stat_anchor_list', anchors: @project.statistics_anchors(show_auto_devops_callout: show_auto_devops_callout) + = render 'stat_anchor_list', anchors: @project.statistics_buttons(show_auto_devops_callout: show_auto_devops_callout) - - if @repository.readme - %li - = link_to _('Readme'), - default_project_view != 'readme' ? readme_path(@project) : '#readme' - - - if @repository.changelog - %li - = link_to _('Changelog'), changelog_path(@project) - - - if @repository.license_blob - %li - = link_to license_short_name(@project), license_path(@project) - - - if @repository.contribution_guide - %li - = link_to _('Contribution guide'), contribution_guide_path(@project) - - - if @repository.gitlab_ci_yml - %li - = link_to _('CI/CD configuration'), ci_configuration_path(@project) - - - if current_user && can_push_branch?(@project, @project.default_branch) - - unless @repository.changelog - %li.missing - = link_to add_special_file_path(@project, file_name: 'CHANGELOG') do - #{ _('Add Changelog') } - - unless @repository.license_blob - %li.missing - = link_to add_special_file_path(@project, file_name: 'LICENSE') do - #{ _('Add License') } - - unless @repository.contribution_guide - %li.missing - = link_to add_special_file_path(@project, file_name: 'CONTRIBUTING.md', commit_message: 'Add contribution guide') do - #{ _('Add Contribution guide') } - - unless @repository.gitlab_ci_yml - %li.missing - = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml') do - #{ _('Set up CI/CD') } - - if koding_enabled? && @repository.koding_yml.blank? - %li.missing - = link_to _('Set up Koding'), add_koding_stack_path(@project) - - if @repository.gitlab_ci_yml.blank? && @project.deployment_platform.present? - %li.missing - = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml', commit_message: 'Set up auto deploy', branch_name: 'auto-deploy', context: 'autodeploy') do - #{ _('Set up auto deploy') } %div{ class: [container_class, ("limit-container-width" unless fluid_layout)] } - if @project.archived? @@ -81,7 +26,7 @@ = icon("exclamation-triangle fw") #{ _('Archived project! Repository is read-only') } - - view_path = default_project_view + - view_path = @project.default_view - if show_auto_devops_callout?(@project) = render 'shared/auto_devops_callout' diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml index 79021a08719..6dfabd7ba4c 100644 --- a/app/views/shared/issuable/_form.html.haml +++ b/app/views/shared/issuable/_form.html.haml @@ -69,7 +69,7 @@ - else = form.submit 'Save changes', class: 'btn btn-save' - - if !issuable.persisted? && !issuable.project.empty_repo? && (guide_url = contribution_guide_path(issuable.project)) + - if !issuable.persisted? && !issuable.project.empty_repo? && (guide_url = issuable.project.present.contribution_guide_path) .inline.prepend-top-10 Please review the %strong= link_to('contribution guidelines', guide_url) diff --git a/app/views/shared/projects/_project.html.haml b/app/views/shared/projects/_project.html.haml index 33435216c14..0687f6d961d 100644 --- a/app/views/shared/projects/_project.html.haml +++ b/app/views/shared/projects/_project.html.haml @@ -6,7 +6,7 @@ - user = local_assigns[:user] - access = user&.max_member_access_for_project(project.id) unless user.nil? - css_class = '' unless local_assigns[:css_class] -- show_last_commit_as_description = false unless local_assigns[:show_last_commit_as_description] == true && project.commit +- show_last_commit_as_description = false unless local_assigns[:show_last_commit_as_description] == true && can_show_last_commit_in_list?(project) - css_class += " no-description" if project.description.blank? && !show_last_commit_as_description - cache_key = project_list_cache_key(project) - updated_tooltip = time_ago_with_tooltip(project.last_activity_date) @@ -47,7 +47,7 @@ .prepend-top-0 - if project.archived %span.prepend-left-10.label.label-warning archived - - if project.pipeline_status.has_status? + - if can?(current_user, :read_cross_project) && project.pipeline_status.has_status? %span.prepend-left-10 = render_project_pipeline_status(project.pipeline_status) - if forks diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml index a396d1007a7..4bf01ecb48c 100644 --- a/app/views/users/show.html.haml +++ b/app/views/users/show.html.haml @@ -82,47 +82,58 @@ .fade-left= icon('angle-left') .fade-right= icon('angle-right') %ul.nav-links.user-profile-nav.scrolling-tabs - %li.js-activity-tab - = link_to user_path, data: { target: 'div#activity', action: 'activity', toggle: 'tab' } do - Activity - %li.js-groups-tab - = link_to user_groups_path, data: { target: 'div#groups', action: 'groups', toggle: 'tab', endpoint: user_groups_path(format: :json) } do - Groups - %li.js-contributed-tab - = link_to user_contributed_projects_path, data: { target: 'div#contributed', action: 'contributed', toggle: 'tab', endpoint: user_contributed_projects_path(format: :json) } do - Contributed projects - %li.js-projects-tab - = link_to user_projects_path, data: { target: 'div#projects', action: 'projects', toggle: 'tab', endpoint: user_projects_path(format: :json) } do - Personal projects - %li.js-snippets-tab - = link_to user_snippets_path, data: { target: 'div#snippets', action: 'snippets', toggle: 'tab', endpoint: user_snippets_path(format: :json) } do - Snippets + - if profile_tab?(:activity) + %li.js-activity-tab + = link_to user_path, data: { target: 'div#activity', action: 'activity', toggle: 'tab' } do + Activity + - if profile_tab?(:groups) + %li.js-groups-tab + = link_to user_groups_path, data: { target: 'div#groups', action: 'groups', toggle: 'tab', endpoint: user_groups_path(format: :json) } do + Groups + - if profile_tab?(:contributed) + %li.js-contributed-tab + = link_to user_contributed_projects_path, data: { target: 'div#contributed', action: 'contributed', toggle: 'tab', endpoint: user_contributed_projects_path(format: :json) } do + Contributed projects + - if profile_tab?(:projects) + %li.js-projects-tab + = link_to user_projects_path, data: { target: 'div#projects', action: 'projects', toggle: 'tab', endpoint: user_projects_path(format: :json) } do + Personal projects + - if profile_tab?(:snippets) + %li.js-snippets-tab + = link_to user_snippets_path, data: { target: 'div#snippets', action: 'snippets', toggle: 'tab', endpoint: user_snippets_path(format: :json) } do + Snippets %div{ class: container_class } .tab-content - #activity.tab-pane - .row-content-block.calender-block.white.second-block.hidden-xs - .user-calendar{ data: { calendar_path: user_calendar_path(@user, :json), calendar_activities_path: user_calendar_activities_path, utc_offset: Time.zone.utc_offset } } - %h4.center.light - %i.fa.fa-spinner.fa-spin - .user-calendar-activities + - if profile_tab?(:activity) + #activity.tab-pane + .row-content-block.calender-block.white.second-block.hidden-xs + .user-calendar{ data: { calendar_path: user_calendar_path(@user, :json), calendar_activities_path: user_calendar_activities_path, utc_offset: Time.zone.utc_offset } } + %h4.center.light + %i.fa.fa-spinner.fa-spin + .user-calendar-activities - %h4.prepend-top-20 - Most Recent Activity - .content_list{ data: { href: user_path } } - = spinner + - if can?(current_user, :read_cross_project) + %h4.prepend-top-20 + Most Recent Activity + .content_list{ data: { href: user_path } } + = spinner - #groups.tab-pane - -# This tab is always loaded via AJAX + - if profile_tab?(:groups) + #groups.tab-pane + -# This tab is always loaded via AJAX - #contributed.tab-pane - -# This tab is always loaded via AJAX + - if profile_tab?(:contributed) + #contributed.tab-pane + -# This tab is always loaded via AJAX - #projects.tab-pane - -# This tab is always loaded via AJAX + - if profile_tab?(:projects) + #projects.tab-pane + -# This tab is always loaded via AJAX - #snippets.tab-pane - -# This tab is always loaded via AJAX + - if profile_tab?(:snippets) + #snippets.tab-pane + -# This tab is always loaded via AJAX .loading-status = spinner diff --git a/changelogs/unreleased-ee/bvl-external-policy-classification.yml b/changelogs/unreleased-ee/bvl-external-policy-classification.yml new file mode 100644 index 00000000000..074629c8c12 --- /dev/null +++ b/changelogs/unreleased-ee/bvl-external-policy-classification.yml @@ -0,0 +1,5 @@ +--- +title: Authorize project access with an external service +merge_request: 4675 +author: +type: added diff --git a/changelogs/unreleased/41619-turn-on-legacy-authorization-for-new-clusters-on-gke.yml b/changelogs/unreleased/41619-turn-on-legacy-authorization-for-new-clusters-on-gke.yml new file mode 100644 index 00000000000..507367c98c4 --- /dev/null +++ b/changelogs/unreleased/41619-turn-on-legacy-authorization-for-new-clusters-on-gke.yml @@ -0,0 +1,5 @@ +--- +title: Enable Legacy Authorization by default on Cluster creations +merge_request: 17302 +author: +type: fixed diff --git a/changelogs/unreleased/42332-actionview-template-error-366-524-out-of-range.yml b/changelogs/unreleased/42332-actionview-template-error-366-524-out-of-range.yml new file mode 100644 index 00000000000..626c761bfbd --- /dev/null +++ b/changelogs/unreleased/42332-actionview-template-error-366-524-out-of-range.yml @@ -0,0 +1,5 @@ +--- +title: Fix 500 error being shown when diff has context marker with invalid encoding +merge_request: +author: +type: fixed diff --git a/changelogs/unreleased/42431-add-auto-devops-and-clusters-button-to-projects.yml b/changelogs/unreleased/42431-add-auto-devops-and-clusters-button-to-projects.yml new file mode 100644 index 00000000000..5613b2af763 --- /dev/null +++ b/changelogs/unreleased/42431-add-auto-devops-and-clusters-button-to-projects.yml @@ -0,0 +1,6 @@ +--- +title: Add a button on the project page to set up a Kubernetes cluster and enable + Auto DevOps +merge_request: 16900 +author: +type: added diff --git a/changelogs/unreleased/43261-fix-import-from-url-name-collision-active-tab.yml b/changelogs/unreleased/43261-fix-import-from-url-name-collision-active-tab.yml new file mode 100644 index 00000000000..71073b2e214 --- /dev/null +++ b/changelogs/unreleased/43261-fix-import-from-url-name-collision-active-tab.yml @@ -0,0 +1,6 @@ +--- +title: Keep "Import project" tab/form active when validation fails trying to import + "Repo by URL" +merge_request: 17136 +author: +type: fixed diff --git a/changelogs/unreleased/43373-fix-cache-index-appending.yml b/changelogs/unreleased/43373-fix-cache-index-appending.yml new file mode 100644 index 00000000000..fdb293ea04d --- /dev/null +++ b/changelogs/unreleased/43373-fix-cache-index-appending.yml @@ -0,0 +1,5 @@ +--- +title: Fix issue with cache key being empty when variable used as the key +merge_request: 17260 +author: +type: fixed diff --git a/changelogs/unreleased/fix-500-for-invalid-upload-path.yml b/changelogs/unreleased/fix-500-for-invalid-upload-path.yml new file mode 100644 index 00000000000..a4ce00c64c4 --- /dev/null +++ b/changelogs/unreleased/fix-500-for-invalid-upload-path.yml @@ -0,0 +1,5 @@ +--- +title: Fix 500 error when loading an invalid upload URL +merge_request: +author: +type: fixed diff --git a/changelogs/unreleased/tc-info-version-check.yml b/changelogs/unreleased/tc-info-version-check.yml deleted file mode 100644 index 9f20d03b864..00000000000 --- a/changelogs/unreleased/tc-info-version-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add more info about data collected when version check is enabled -merge_request: 17257 -author: -type: changed diff --git a/config/initializers/0_as_concern.rb b/config/initializers/0_as_concern.rb new file mode 100644 index 00000000000..40232bd6252 --- /dev/null +++ b/config/initializers/0_as_concern.rb @@ -0,0 +1,25 @@ +# This module is based on: https://gist.github.com/bcardarella/5735987 + +module Prependable + def prepend_features(base) + if base.instance_variable_defined?(:@_dependencies) + base.instance_variable_get(:@_dependencies) << self + false + else + return false if base < self + + super + base.singleton_class.send(:prepend, const_get('ClassMethods')) if const_defined?(:ClassMethods) + @_dependencies.each { |dep| base.send(:prepend, dep) } # rubocop:disable Gitlab/ModuleWithInstanceVariables + base.class_eval(&@_included_block) if instance_variable_defined?(:@_included_block) # rubocop:disable Gitlab/ModuleWithInstanceVariables + end + end +end + +module ActiveSupport + module Concern + prepend Prependable + + alias_method :prepended, :included + end +end diff --git a/config/webpack.config.js b/config/webpack.config.js index 06737b34aba..94ff39485fb 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -29,13 +29,15 @@ var pageEntries = glob.sync('pages/**/index.js', { cwd: path.join(ROOT_PATH, 'ap var dispatcher = fs.readFileSync(path.join(ROOT_PATH, 'app/assets/javascripts/dispatcher.js')).toString(); var dispatcherChunks = dispatcher.match(/(?!import\(')\.\/pages\/[^']+/g); -pageEntries.forEach(( path ) => { - let chunkPath = path.replace(/\/index\.js$/, ''); - if (!dispatcherChunks.includes('./' + chunkPath)) { - let chunkName = chunkPath.replace(/\//g, '.'); - autoEntries[chunkName] = './' + path; +function generateAutoEntries(path, prefix = '.') { + const chunkPath = path.replace(/\/index\.js$/, ''); + if (!dispatcherChunks.includes(`${prefix}/${chunkPath}`)) { + const chunkName = chunkPath.replace(/\//g, '.'); + autoEntries[chunkName] = `${prefix}/${path}`; } -}); +} + +pageEntries.forEach(( path ) => generateAutoEntries(path)); // report our auto-generated bundle count var autoEntriesCount = Object.keys(autoEntries).length; diff --git a/doc/README.md b/doc/README.md index c8b6b4f32b8..46fcb7c6baf 100644 --- a/doc/README.md +++ b/doc/README.md @@ -12,6 +12,10 @@ GitLab offers the most scalable Git-based fully integrated platform for software With GitLab self-hosted, you deploy your own GitLab instance on-premises or on a private cloud of your choice. GitLab self-hosted is available for [free and with paid subscriptions](https://about.gitlab.com/products/): Libre, Starter, Premium, and Ultimate. +Every feature available in Libre is also available in Starter, Premium, and Ultimate. +Starter features are also available in Premium and Ultimate, and Premium features are also +available in Ultimate. + GitLab.com is our SaaS offering. It's hosted, managed, and administered by GitLab, with [free and paid plans](https://about.gitlab.com/gitlab-com/) for individuals and teams: Free, Bronze, Silver, and Gold. ## Shortcuts to GitLab's most visited docs @@ -124,8 +128,8 @@ Manage your [repositories](user/project/repository/index.md) from the UI (user i ## Administrator documentation -[Administration documentation](administration/index.md) applies to admin users of [GitLab -self-hosted instances](#self-hosted-gitlab): Libre, Starter, Premium, Ultimate. +[Administration documentation](administration/index.md) applies to admin users of GitLab +self-hosted instances. Learn how to install, configure, update, upgrade, integrate, and maintain your own instance. Regular users don't have access to GitLab administration tools and settings. @@ -133,7 +137,7 @@ Regular users don't have access to GitLab administration tools and settings. ## Contributor documentation GitLab Community Edition is [open source](https://gitlab.com/gitlab-org/gitlab-ce/) -and Enterprise Editions are [open-core](https://gitlab.com/gitlab-org/gitlab-ee/). +and GitLab Enterprise Edition is [open-core](https://gitlab.com/gitlab-org/gitlab-ee/). Learn how to contribute to GitLab: - [Development](development/README.md): All styleguides and explanations how to contribute. diff --git a/doc/administration/custom_hooks.md b/doc/administration/custom_hooks.md index 4d35b20d0c3..960970aea30 100644 --- a/doc/administration/custom_hooks.md +++ b/doc/administration/custom_hooks.md @@ -4,8 +4,9 @@ **Note:** Custom Git hooks must be configured on the filesystem of the GitLab server. Only GitLab server administrators will be able to complete these tasks. Please explore [webhooks] as an option if you do not -have filesystem access. For a user configurable Git hook interface, please see -[GitLab Enterprise Edition Git Hooks](http://docs.gitlab.com/ee/git_hooks/git_hooks.html). +have filesystem access. For a user configurable Git hook interface, see +[Push Rules](https://docs.gitlab.com/ee/push_rules/push_rules.html), +available in GitLab Enterprise Edition. Git natively supports hooks that are executed on different actions. Examples of server-side git hooks include pre-receive, post-receive, and update. diff --git a/doc/administration/index.md b/doc/administration/index.md index e53268e5f3e..51444651bdb 100644 --- a/doc/administration/index.md +++ b/doc/administration/index.md @@ -1,9 +1,19 @@ # Administrator documentation Learn how to administer your GitLab instance (Community Edition and -[Enterprise Editions](https://about.gitlab.com/products/)). +Enterprise Edition). Regular users don't have access to GitLab administration tools and settings. +GitLab has two product distributions: the open source +[GitLab Community Edition (CE)](https://gitlab.com/gitlab-org/gitlab-ce), +and the open core [GitLab Enterprise Edition (EE)](https://gitlab.com/gitlab-org/gitlab-ee), +available through [different subscriptions](https://about.gitlab.com/products/). + +You can [install GitLab CE or GitLab EE](https://about.gitlab.com/installation/ce-or-ee/), +but the features you'll have access to depend on the subscription you choose +(Libre, Starter, Premium, or Ultimate). GitLab Community Edition installations +only have access to Libre features. + GitLab.com is administered by GitLab, Inc., therefore, only GitLab team members have access to its admin configurations. If you're a GitLab.com user, please check the [user documentation](../user/index.html). diff --git a/doc/administration/logs.md b/doc/administration/logs.md index debaa2330d0..1b42d7979ed 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -32,6 +32,8 @@ In this example, you can see this was a GET request for a specific issue. Notice 2. `view`: total time taken inside the Rails views 3. `db`: total time to retrieve data from the database +User clone/fetch activity using http transport appears in this log as `action: git_upload_pack`. + In addition, the log contains the IP address from which the request originated (`remote_ip`) as well as the user's ID (`user_id`), and username (`username`). @@ -157,6 +159,8 @@ I, [2015-02-13T06:17:00.671315 #9291] INFO -- : Adding project root/example.git I, [2015-02-13T06:17:00.679433 #9291] INFO -- : Moving existing hooks directory and symlinking global hooks directory for /var/opt/gitlab/git-data/repositories/root/example.git. ``` +User clone/fetch activity using ssh transport appears in this log as `executing git command <gitaly-upload-pack...`. + ## `unicorn\_stderr.log` This file lives in `/var/log/gitlab/unicorn/unicorn_stderr.log` for diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index a795d5116ea..bd6c7bb07b5 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -1,7 +1,7 @@ # Fast lookup of authorized SSH keys in the database > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/1631) in -> [GitLab Enterprise Edition Standard](https://about.gitlab.com/gitlab-ee) 9.3. +> [GitLab Starter](https://about.gitlab.com/gitlab-ee) 9.3. > > [Available in](https://gitlab.com/gitlab-org/gitlab-ee/issues/3953) GitLab > Community Edition 10.4. diff --git a/doc/customization/branded_login_page.md b/doc/customization/branded_login_page.md index d4d9f5f7b5e..b892f59d777 100644 --- a/doc/customization/branded_login_page.md +++ b/doc/customization/branded_login_page.md @@ -1,6 +1,6 @@ # Changing the appearance of the login page -GitLab Community Edition offers a way to put your company's identity on the login page of your GitLab server and make it a branded login page. +GitLab offers a way to put your company's identity on the login page of your GitLab server and make it a branded login page. By default, the page shows the GitLab logo and description. diff --git a/doc/development/architecture.md b/doc/development/architecture.md index d1ba7d3dfc3..31117b5e723 100644 --- a/doc/development/architecture.md +++ b/doc/development/architecture.md @@ -2,9 +2,11 @@ ## Software delivery -There are two editions of GitLab: [Enterprise Edition](https://about.gitlab.com/gitlab-ee/) (EE) and [Community Edition](https://about.gitlab.com/gitlab-ce/) (CE). GitLab CE is delivered via git from the [gitlabhq repository](https://gitlab.com/gitlab-org/gitlab-ce/tree/master). New versions of GitLab are released in stable branches and the master branch is for bleeding edge development. +There are two software distributions of GitLab: the open source [Community Edition](https://gitlab.com/gitlab-org/gitlab-ce/) (CE), and the open core [Enterprise Edition](https://gitlab.com/gitlab-org/gitlab-ee/) (EE). GitLab is available under [different subscriptions](https://about.gitlab.com/products/). -EE releases are available not long after CE releases. To obtain the GitLab EE there is a [repository at gitlab.com](https://gitlab.com/gitlab-org/gitlab-ee). For more information about the release process see the section 'New versions and upgrading' in the readme. +New versions of GitLab are released in stable branches and the master branch is for bleeding edge development. + +For information, see the [GitLab Release Process](https://gitlab.com/gitlab-org/release/docs/tree/master#gitlab-release-process). Both EE and CE require some add-on components called gitlab-shell and Gitaly. These components are available from the [gitlab-shell](https://gitlab.com/gitlab-org/gitlab-shell/tree/master) and [gitaly](https://gitlab.com/gitlab-org/gitaly/tree/master) repositories respectively. New versions are usually tags but staying on the master branch will give you the latest stable version. New releases are generally around the same time as GitLab CE releases with exception for informal security updates deemed critical. diff --git a/doc/development/doc_styleguide.md b/doc/development/doc_styleguide.md index cfeeed2506d..6fe5f647d6c 100644 --- a/doc/development/doc_styleguide.md +++ b/doc/development/doc_styleguide.md @@ -236,6 +236,11 @@ Inside the document: ## New features +New features must be shipped with its accompanying documentation and the doc +reviewed by a technical writer. + +### Mentioning GitLab versions and tiers + - Every piece of documentation that comes with a new feature should declare the GitLab version that feature got introduced. Right below the heading add a note: @@ -244,7 +249,7 @@ Inside the document: > Introduced in GitLab 8.3. ``` -- If possible every feature should have a link to the MR that introduced it. +- If possible every feature should have a link to the MR, issue, or epic that introduced it. The above note would be then transformed to: ``` @@ -254,11 +259,12 @@ Inside the document: , where the [link identifier](#links) is named after the repository (CE) and the MR number. -- If the feature is only in GitLab Enterprise Edition, don't forget to mention - it, like: +- If the feature is only available in GitLab Enterprise Edition, don't forget to mention + the [paid tier](https://about.gitlab.com/handbook/marketing/product-marketing/#tiers) + the feature is available in: ``` - > Introduced in GitLab Enterprise Edition 8.3. + > [Introduced][ee-1234] in [GitLab Starter](https://about.gitlab.com/products/) 8.3. ``` Otherwise, leave this mention out. diff --git a/doc/development/licensing.md b/doc/development/licensing.md index 274923c2d43..c06bc0d4731 100644 --- a/doc/development/licensing.md +++ b/doc/development/licensing.md @@ -1,6 +1,6 @@ # GitLab Licensing and Compatibility -GitLab CE is licensed under the terms of the MIT License. GitLab EE is licensed under "The GitLab Enterprise Edition (EE) license" wherein there are more restrictions. See their respective LICENSE files ([CE][CE], [EE][EE]) for more information. +[GitLab Community Edition](https://gitlab.com/gitlab-org/gitlab-ce/) (CE) is licensed [under the terms of the MIT License][CE]. [GitLab Enterprise Edition](https://gitlab.com/gitlab-org/gitlab-ee/) (EE) is licensed under "[The GitLab Enterprise Edition (EE) license][EE]" wherein there are more restrictions. ## Automated Testing diff --git a/doc/gitlab-basics/create-project.md b/doc/gitlab-basics/create-project.md index 7b87039da84..10e8059756d 100644 --- a/doc/gitlab-basics/create-project.md +++ b/doc/gitlab-basics/create-project.md @@ -41,16 +41,16 @@ When you create a new repo locally, instead of going to GitLab to manually create a new project and then push the repo, you can directly push it to GitLab to create the new project, all without leaving your terminal. If you have access to that namespace, we will automatically create a new project under that GitLab namespace with its -visibility set to private by default (you can later change it in the UI). +visibility set to Private by default (you can later change it in the [project's settings](../public_access/public_access.md#how-to-change-project-visibility)). This can be done by using either SSH or HTTP: ``` ## Git push using SSH -git push git@gitlab.example.com:namespace/nonexistent-project.git +git push --set-upstream git@gitlab.example.com:namespace/nonexistent-project.git master ## Git push using HTTP -git push https://gitlab.example.com/namespace/nonexistent-project.git +git push --set-upstream https://gitlab.example.com/namespace/nonexistent-project.git master ``` Once the push finishes successfully, a remote message will indicate diff --git a/doc/install/azure/index.md b/doc/install/azure/index.md index 7afe338ae8b..b0c3ad960bb 100644 --- a/doc/install/azure/index.md +++ b/doc/install/azure/index.md @@ -38,9 +38,10 @@ create SQL Databases, author websites, and perform lots of other cloud tasks. ## Create New VM The [Azure Marketplace][Azure-Marketplace] is an online store for pre-configured applications and -services which have been optimized for the cloud by software vendors like GitLab, and both -the [Community Edition ("CE")][CE] and the [Enterprise Edition ("EE")][EE] versions of GitLab are -available on the Azure Marketplace as pre-configured solutions. +services which have been optimized for the cloud by software vendors like GitLab, +available on the Azure Marketplace as pre-configured solutions. In this tutorial +we will install GitLab Community Edition, but for GitLab Enterprise Edition you +can follow the same process. To begin creating a new GitLab VM, click on the **+ New** icon, type "GitLab" into the search box, and then click the **"GitLab Community Edition"** search result: diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md index 81b135a5b37..d874688cc29 100644 --- a/doc/user/admin_area/settings/usage_statistics.md +++ b/doc/user/admin_area/settings/usage_statistics.md @@ -10,9 +10,8 @@ under **Admin area > Settings > Usage statistics**. GitLab can inform you when an update is available and the importance of it. -GitLab Inc. collects version statistics, but no information other than -the GitLab version and the instance's hostname (through the HTTP -referer) is collected. +No information other than the GitLab version and the instance's hostname (through the HTTP referer) +are collected. In the **Overview** tab you can see if your GitLab version is up to date. There are three cases: 1) you are up to date (green), 2) there is an update available diff --git a/doc/user/project/issues/issues_functionalities.md b/doc/user/project/issues/issues_functionalities.md index 0bef83d18e8..f2ca6a6822e 100644 --- a/doc/user/project/issues/issues_functionalities.md +++ b/doc/user/project/issues/issues_functionalities.md @@ -50,8 +50,8 @@ Often multiple people likely work on the same issue together, which can especially be difficult to track in large teams where there is shared ownership of an issue. -In GitLab Enterprise Edition, you can also select multiple assignees -to an issue. +In [GitLab Starter](https://about.gitlab.com/products/), you can also +select multiple assignees to an issue. Learn more on the [Multiple Assignees documentation](https://docs.gitlab.com/ee/user/project/issues/multiple_assignees_for_issues.html). diff --git a/doc/user/project/milestones/img/milestone_create.png b/doc/user/project/milestones/img/milestone_create.png Binary files differdeleted file mode 100644 index beb2caa897f..00000000000 --- a/doc/user/project/milestones/img/milestone_create.png +++ /dev/null diff --git a/doc/user/project/milestones/img/milestone_group_create.png b/doc/user/project/milestones/img/milestone_group_create.png Binary files differdeleted file mode 100644 index 7aaa7c56c15..00000000000 --- a/doc/user/project/milestones/img/milestone_group_create.png +++ /dev/null diff --git a/doc/user/project/milestones/img/milestones_new_group_milestone.png b/doc/user/project/milestones/img/milestones_new_group_milestone.png Binary files differnew file mode 100644 index 00000000000..8780394d72e --- /dev/null +++ b/doc/user/project/milestones/img/milestones_new_group_milestone.png diff --git a/doc/user/project/milestones/img/milestones_new_project_milestone.png b/doc/user/project/milestones/img/milestones_new_project_milestone.png Binary files differnew file mode 100644 index 00000000000..ba058428dfa --- /dev/null +++ b/doc/user/project/milestones/img/milestones_new_project_milestone.png diff --git a/doc/user/project/milestones/img/milestones_project_milestone_page.png b/doc/user/project/milestones/img/milestones_project_milestone_page.png Binary files differnew file mode 100644 index 00000000000..9717075b8d0 --- /dev/null +++ b/doc/user/project/milestones/img/milestones_project_milestone_page.png diff --git a/doc/user/project/milestones/img/milestones_promote_milestone.png b/doc/user/project/milestones/img/milestones_promote_milestone.png Binary files differnew file mode 100644 index 00000000000..99bee1240d4 --- /dev/null +++ b/doc/user/project/milestones/img/milestones_promote_milestone.png diff --git a/doc/user/project/milestones/img/sidebar.png b/doc/user/project/milestones/img/sidebar.png Binary files differdeleted file mode 100644 index 274962a936c..00000000000 --- a/doc/user/project/milestones/img/sidebar.png +++ /dev/null diff --git a/doc/user/project/milestones/index.md b/doc/user/project/milestones/index.md index 27832b0fa2b..d3e9bf9e6a8 100644 --- a/doc/user/project/milestones/index.md +++ b/doc/user/project/milestones/index.md @@ -1,63 +1,111 @@ # Milestones -Milestones allow you to organize issues and merge requests into a cohesive group, -optionally setting a due date. A common use is keeping track of an upcoming -software version. Milestones can be created per-project or per-group. +## Overview -## Creating a project milestone +Milestones in GitLab are a way to track issues and merge requests created to achieve a broader goal in a certain period of time. + +Milestones allow you to organize issues and merge requests into a cohesive group, with an optional start date and an optional due date. + +## Project milestones and group milestones + +- **Project milestones** can be assigned to issues or merge requests in that project only. +- **Group milestones** can be assigned to any issue or merge request of any project in that group. +- In the [future](https://gitlab.com/gitlab-org/gitlab-ce/issues/36862), you will be able to assign group milestones to issues and merge reqeusts of projects in [subgroups](../../group/subgroups/index.md). + +## Creating milestones + +>**Note:** +A permission level of `Developer` or higher is required to create milestones. + +### New project milestone + +To create a **project milestone**, navigate to **Issues > Milestones** in the project. + +Click the **New milestone** button. Enter the title, an optional description, an optional start date, and an optional due date. Click **Create milestone** to create the milestone. + + + +### New group milestone + +To create a **group milestone**, follow similar steps from above to project milestones. Navigate to **Issues > Milestones** in the group and create it from there. + + + +## Editing milestones >**Note:** -You need [Master permissions](../../permissions.md) in order to create a milestone. +A permission level of `Developer` or higher is required to edit milestones. + +You can update a milestone by navigating to **Issues > Milestones** in the project or group and clicking the **Edit** button. -You can find the milestones page under your project's **Issues ➔ Milestones**. -To create a new milestone, simply click the **New milestone** button when in the -milestones page. A milestone can have a title, a description and start/due dates. -Once you fill in all the details, hit the **Create milestone** button. +You can delete a milestone by clicking the **Delete** button. - +### Promoting project milestones to group milestones -## Creating a group milestone +If you are expanding from a few projects to a larger number of projects within the same group, you may want to share the same milestone among multiple projects in the same group. If you previously created a project milestone and now want to make it available for other milestones, you can promote it to a group milestone. + +From the project milestone list page, you can promote a project milestone to a group milestone. This will merge all project milestones across all projects in this group with the same name into a single group milestones. All issues and merge requests that previously were assigned one of these project milestones will now be assigned the new group milestones. This action cannot be reversed and the changes are permanent. >**Note:** -You need [Master permissions](../../permissions.md) in order to create a milestone. +Not all features on the project milestone view are available on the group milestone view. If you promote a project milestone to a group milestone, you will lose these features. See [Milestone view](#milestone-view) to see which features are missing from the group milestone view. + + + +## Assigning milestones from the sidebar + +Every issue and merge request can be assigned a milestone. The milestones are visible on every issue and merge request page, in the sidebar. They are also visible in the issue board. From the sidebar, you can assign or unassign a milestones to the object. You can also perform this as a [quick action](../quick_actions.md) in a comment. [As mentioned](#project-milestones-and-group-milestones), for a given issue or merge request, both project milestones and group milestones can be selected and assigned to the object. + +## Filtering issues and merge requests by milestone + +### Filtering in list pages + +From the project issue/merge request list pages and the group issue/merge request list pages, you can [filter](../../search/index.md#issues-and-merge-requests) by both group milestones and project milestones. + +### Filtering in issue boards + +From [project issue boards](../issue_board.md), you can filter by both group milestones and project milestones in the [search and filter bar](../../search/index.md#issue-boards). + +### Special milestone filters + +When filtering by milestone, in addition to choosing a specific project milestone or group milestone, you can choose a special milestone filter. -You can create a milestone for a group that will be shared across group projects. -On the group's **Issues ➔ Milestones** page, you will be able to see the state -of that milestone and the issues/merge requests count that it shares across the group projects. To create a new milestone click the **New milestone** button. The form is the same as when creating a milestone for a specific project which you can find in the previous item. +- **No Milestone**: Show issues or merge requests with no assigned milestone. +- **Upcoming**: Show issues or merge requests that have been assigned the open milestone that has the next upcoming due date (i.e. nearest due date in the future). +- **Started**: Show issues or merge requests that have an assigned milestone with a start date that is before today. -In addition to that you will be able to filter issues or merge requests by group milestones in all projects that belongs to the milestone group. +## Milestone view -## Milestone promotion +Not all features in the project milestone view are available in the group milestone view. This table summarizes the differences: -Project milestones can be promoted to group milestones if its project belongs to a group. When a milestone is promoted all other milestones across the group projects with the same title will be merged into it, which means all milestone's children like issues, merge requests and boards will be moved into the new promoted milestone. -The promote button can be found in the milestone view or milestones list. +| Feature | Project milestone view | Group milestone view | +|---|:---:|:---:| +| Title an description | ✓ | ✓ | +| Issues assigned to milestone | ✓ | | +| Merge requests assigned to milestone | ✓ | | +| Participants and labels used | ✓ | | +| Percentage complete | ✓ | ✓ | +| Start date and due date | ✓ | ✓ | +| Total issue time spent | ✓ | ✓ | +| Total issue weight | ✓ | | -## Special milestone filters +The milestone view shows the title and description. -In addition to the milestones that exist in the project or group, there are some -special options available when filtering by milestone: +### Project milestone features -* **No Milestone** - only show issues or merge requests without a milestone. -* **Upcoming** - show issues or merge request that belong to the next open - milestone with a due date, by project. (For example: if project A has - milestone v1 due in three days, and project B has milestone v2 due in a week, - then this will show issues or merge requests from milestone v1 in project A - and milestone v2 in project B.) -* **Started** - show issues or merge requests from any milestone with a start - date less than today. Note that this can return results from several - milestones in the same project. +These features are only available for project milestones and not group milestones. -## Milestone sidebar +- Issues assigned to the milestone are displayed in three columns: Unstarted issues, ongoing issues, and completed issues. +- Merge requests assigned to the milestone are displayed in four columns: Work in progress merge requests, waiting for merge, rejected, and closed. +- Participants and labels that are used in issues and merge requests that have the milestone assigned are displayed. -The milestone sidebar shows percentage complete, start date and due date, -issues, total issue weight, total issue time spent, and merge requests. +### Milestone sidebar -The percentage complete is calculated as: Closed and merged merge requests plus all closed issues divided by -total merge requests and issues. +The milestone sidebar on the milestone view shows the following: - +- Percentage complete, which is calculated as number of closed issues plus number of closed/merged merge requests divided by total number issues and merge requests. +- The start date and due date. +- The total time spent on all issues that have the milestone assigned. -## Quick actions +For project milestones only, the milestone sidebar shows the total issue weight of all issues that have the milestone assigned. -[Quick actions](../quick_actions.md) are available for assigning and removing -project and group milestones. +
\ No newline at end of file diff --git a/doc/user/project/repository/index.md b/doc/user/project/repository/index.md index da3c30a8eaf..e6aede7f46e 100644 --- a/doc/user/project/repository/index.md +++ b/doc/user/project/repository/index.md @@ -66,8 +66,7 @@ your implementation with your team. You can live preview changes submitted to a new branch with [Review Apps](../../../ci/review_apps/index.md). -With [GitLab Enterprise Edition](https://about.gitlab.com/products/) -subscriptions, you can also request +With [GitLab Starter](https://about.gitlab.com/products/), you can also request [approval](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html) from your managers. To create, delete, and [branches](branches/index.md) via GitLab's UI: diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 6134ad2bfc7..e4fca77ab5d 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -172,7 +172,7 @@ module API def find_project_snippet(id) finder_params = { project: user_project } - SnippetsFinder.new(current_user, finder_params).execute.find(id) + SnippetsFinder.new(current_user, finder_params).find(id) end def find_merge_request_with_access(iid, access_level = :read_merge_request) diff --git a/lib/api/settings.rb b/lib/api/settings.rb index cee4d309816..152df23a327 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -147,7 +147,7 @@ module API attrs[:password_authentication_enabled_for_web] = attrs.delete(:password_authentication_enabled) end - if current_settings.update_attributes(attrs) + if ApplicationSettings::UpdateService.new(current_settings, current_user, attrs).execute present current_settings, with: Entities::ApplicationSetting else render_validation_error!(current_settings) diff --git a/lib/banzai/filter/issuable_state_filter.rb b/lib/banzai/filter/issuable_state_filter.rb index 327ea9449a1..77299abe324 100644 --- a/lib/banzai/filter/issuable_state_filter.rb +++ b/lib/banzai/filter/issuable_state_filter.rb @@ -15,6 +15,8 @@ module Banzai issuables = extractor.extract([doc]) issuables.each do |node, issuable| + next if !can_read_cross_project? && issuable.project != project + if VISIBLE_STATES.include?(issuable.state) && node.inner_html == issuable.reference_link_text(project) node.content += " (#{issuable.state})" end @@ -25,6 +27,10 @@ module Banzai private + def can_read_cross_project? + Ability.allowed?(current_user, :read_cross_project) + end + def current_user context[:current_user] end diff --git a/lib/banzai/filter/milestone_reference_filter.rb b/lib/banzai/filter/milestone_reference_filter.rb index 2a6b0964ac5..8ec696ce5fc 100644 --- a/lib/banzai/filter/milestone_reference_filter.rb +++ b/lib/banzai/filter/milestone_reference_filter.rb @@ -64,7 +64,7 @@ module Banzai finder_params[:group_ids] = [project.group.id] end - MilestonesFinder.new(finder_params).execute.find_by(params) + MilestonesFinder.new(finder_params).find_by(params) end def url_for_object(milestone, project) diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb index de3ebe72720..827df7c08ae 100644 --- a/lib/banzai/redactor.rb +++ b/lib/banzai/redactor.rb @@ -19,8 +19,9 @@ module Banzai # # Returns the documents passed as the first argument. def redact(documents) - all_document_nodes = document_nodes(documents) + redact_cross_project_references(documents) unless can_read_cross_project? + all_document_nodes = document_nodes(documents) redact_document_nodes(all_document_nodes) end @@ -51,6 +52,18 @@ module Banzai metadata end + def redact_cross_project_references(documents) + extractor = Banzai::IssuableExtractor.new(project, user) + issuables = extractor.extract(documents) + + issuables.each do |node, issuable| + next if issuable.project == project + + node['class'] = node['class'].gsub('has-tooltip', '') + node['title'] = nil + end + end + # Returns the nodes visible to the current user. # # nodes - The input nodes to check. @@ -78,5 +91,11 @@ module Banzai { document: document, nodes: Querying.css(document, 'a.gfm[data-reference-type]') } end end + + private + + def can_read_cross_project? + Ability.allowed?(user, :read_cross_project) + end end end diff --git a/lib/banzai/reference_parser/issuable_parser.rb b/lib/banzai/reference_parser/issuable_parser.rb index 3953867eb83..fad127d7e5b 100644 --- a/lib/banzai/reference_parser/issuable_parser.rb +++ b/lib/banzai/reference_parser/issuable_parser.rb @@ -18,7 +18,7 @@ module Banzai end def can_read_reference?(user, issuable) - can?(user, "read_#{issuable.class.to_s.underscore}".to_sym, issuable) + can?(user, "read_#{issuable.class.to_s.underscore}_iid".to_sym, issuable) end end end diff --git a/lib/banzai/reference_parser/issue_parser.rb b/lib/banzai/reference_parser/issue_parser.rb index 38d4e3f3e44..230827129b6 100644 --- a/lib/banzai/reference_parser/issue_parser.rb +++ b/lib/banzai/reference_parser/issue_parser.rb @@ -5,12 +5,31 @@ module Banzai def nodes_visible_to_user(user, nodes) issues = records_for_nodes(nodes) + issues_to_check = issues.values - readable_issues = Ability - .issues_readable_by_user(issues.values, user).to_set + unless can?(user, :read_cross_project) + issues_to_check, cross_project_issues = issues_to_check.partition do |issue| + issue.project == project + end + end + + readable_issues = Ability.issues_readable_by_user(issues_to_check, user).to_set nodes.select do |node| - readable_issues.include?(issues[node]) + issue_in_node = issues[node] + + # We check the inclusion of readable issues first because it's faster. + # + # But we need to fall back to `read_issue_iid` if the user cannot read + # cross project, since it might be possible the user can see the IID + # but not the issue. + if readable_issues.include?(issue_in_node) + true + elsif cross_project_issues&.include?(issue_in_node) + can_read_reference?(user, issue_in_node) + else + false + end end end diff --git a/lib/gitlab/contributions_calendar.rb b/lib/gitlab/contributions_calendar.rb index 0735243e021..9576d5a3fd8 100644 --- a/lib/gitlab/contributions_calendar.rb +++ b/lib/gitlab/contributions_calendar.rb @@ -34,6 +34,8 @@ module Gitlab end def events_by_date(date) + return Event.none unless can_read_cross_project? + events = Event.contributions.where(author_id: contributor.id) .where(created_at: date.beginning_of_day..date.end_of_day) .where(project_id: projects) @@ -53,6 +55,10 @@ module Gitlab private + def can_read_cross_project? + Ability.allowed?(current_user, :read_cross_project) + end + def event_counts(date_from, feature) t = Event.arel_table diff --git a/lib/gitlab/cross_project_access.rb b/lib/gitlab/cross_project_access.rb new file mode 100644 index 00000000000..6eaed51b64c --- /dev/null +++ b/lib/gitlab/cross_project_access.rb @@ -0,0 +1,67 @@ +module Gitlab + class CrossProjectAccess + class << self + delegate :add_check, :find_check, :checks, + to: :instance + end + + def self.instance + @instance ||= new + end + + attr_reader :checks + + def initialize + @checks = {} + end + + def add_check( + klass, + actions: {}, + positive_condition: nil, + negative_condition: nil, + skip: false) + + new_check = CheckInfo.new(actions, + positive_condition, + negative_condition, + skip + ) + + @checks[klass] ||= Gitlab::CrossProjectAccess::CheckCollection.new + @checks[klass].add_check(new_check) + recalculate_checks_for_class(klass) + + @checks[klass] + end + + def find_check(object) + @cached_checks ||= Hash.new do |cache, new_class| + parent_classes = @checks.keys.select { |existing_class| new_class <= existing_class } + closest_class = closest_parent(parent_classes, new_class) + cache[new_class] = @checks[closest_class] + end + + @cached_checks[object.class] + end + + private + + def recalculate_checks_for_class(klass) + new_collection = @checks[klass] + + @checks.each do |existing_class, existing_check_collection| + if existing_class < klass + existing_check_collection.add_collection(new_collection) + elsif klass < existing_class + new_collection.add_collection(existing_check_collection) + end + end + end + + def closest_parent(classes, subject) + relevant_ancestors = subject.ancestors & classes + relevant_ancestors.first + end + end +end diff --git a/lib/gitlab/cross_project_access/check_collection.rb b/lib/gitlab/cross_project_access/check_collection.rb new file mode 100644 index 00000000000..88376232065 --- /dev/null +++ b/lib/gitlab/cross_project_access/check_collection.rb @@ -0,0 +1,47 @@ +module Gitlab + class CrossProjectAccess + class CheckCollection + attr_reader :checks + + def initialize + @checks = [] + end + + def add_collection(collection) + @checks |= collection.checks + end + + def add_check(check) + @checks << check + end + + def should_run?(object) + skips, runs = arranged_checks + + # If one rule tells us to skip, we skip the cross project check + return false if skips.any? { |check| check.should_skip?(object) } + + # If the rule isn't skipped, we run it if any of the checks says we + # should run + runs.any? { |check| check.should_run?(object) } + end + + def arranged_checks + return [@skips, @runs] if @skips && @runs + + @skips = [] + @runs = [] + + @checks.each do |check| + if check.skip + @skips << check + else + @runs << check + end + end + + [@skips, @runs] + end + end + end +end diff --git a/lib/gitlab/cross_project_access/check_info.rb b/lib/gitlab/cross_project_access/check_info.rb new file mode 100644 index 00000000000..e8a845c7f1e --- /dev/null +++ b/lib/gitlab/cross_project_access/check_info.rb @@ -0,0 +1,66 @@ +module Gitlab + class CrossProjectAccess + class CheckInfo + attr_accessor :actions, :positive_condition, :negative_condition, :skip + + def initialize(actions, positive_condition, negative_condition, skip) + @actions = actions + @positive_condition = positive_condition + @negative_condition = negative_condition + @skip = skip + end + + def should_skip?(object) + return !should_run?(object) unless @skip + + skip_for_action = @actions[current_action(object)] + skip_for_action = false if @actions[current_action(object)].nil? + + # We need to do the opposite of what was defined in the following cases: + # - skip_cross_project_access_check index: true, if: -> { false } + # - skip_cross_project_access_check index: true, unless: -> { true } + if positive_condition_is_false?(object) + skip_for_action = !skip_for_action + end + + if negative_condition_is_true?(object) + skip_for_action = !skip_for_action + end + + skip_for_action + end + + def should_run?(object) + return !should_skip?(object) if @skip + + run_for_action = @actions[current_action(object)] + run_for_action = true if @actions[current_action(object)].nil? + + # We need to do the opposite of what was defined in the following cases: + # - requires_cross_project_access index: true, if: -> { false } + # - requires_cross_project_access index: true, unless: -> { true } + if positive_condition_is_false?(object) + run_for_action = !run_for_action + end + + if negative_condition_is_true?(object) + run_for_action = !run_for_action + end + + run_for_action + end + + def positive_condition_is_false?(object) + @positive_condition && !object.instance_exec(&@positive_condition) + end + + def negative_condition_is_true?(object) + @negative_condition && object.instance_exec(&@negative_condition) + end + + def current_action(object) + object.respond_to?(:action_name) ? object.action_name.to_sym : nil + end + end + end +end diff --git a/lib/gitlab/cross_project_access/class_methods.rb b/lib/gitlab/cross_project_access/class_methods.rb new file mode 100644 index 00000000000..90eac94800c --- /dev/null +++ b/lib/gitlab/cross_project_access/class_methods.rb @@ -0,0 +1,48 @@ +module Gitlab + class CrossProjectAccess + module ClassMethods + def requires_cross_project_access(*args) + positive_condition, negative_condition, actions = extract_params(args) + + Gitlab::CrossProjectAccess.add_check( + self, + actions: actions, + positive_condition: positive_condition, + negative_condition: negative_condition + ) + end + + def skip_cross_project_access_check(*args) + positive_condition, negative_condition, actions = extract_params(args) + + Gitlab::CrossProjectAccess.add_check( + self, + actions: actions, + positive_condition: positive_condition, + negative_condition: negative_condition, + skip: true + ) + end + + private + + def extract_params(args) + actions = {} + positive_condition = nil + negative_condition = nil + + args.each do |argument| + if argument.is_a?(Hash) + positive_condition = argument.delete(:if) + negative_condition = argument.delete(:unless) + actions.merge!(argument) + else + actions[argument] = true + end + end + + [positive_condition, negative_condition, actions] + end + end + end +end diff --git a/lib/gitlab/diff/highlight.rb b/lib/gitlab/diff/highlight.rb index 0f897e6316c..269016daac2 100644 --- a/lib/gitlab/diff/highlight.rb +++ b/lib/gitlab/diff/highlight.rb @@ -27,7 +27,17 @@ module Gitlab rich_line = highlight_line(diff_line) || diff_line.text if line_inline_diffs = inline_diffs[i] - rich_line = InlineDiffMarker.new(diff_line.text, rich_line).mark(line_inline_diffs) + begin + rich_line = InlineDiffMarker.new(diff_line.text, rich_line).mark(line_inline_diffs) + # This should only happen when the encoding of the diff doesn't + # match the blob, which is a bug. But we shouldn't fail to render + # completely in that case, even though we want to report the error. + rescue RangeError => e + if Gitlab::Sentry.enabled? + Gitlab::Sentry.context + Raven.capture_exception(e) + end + end end diff_line.text = rich_line diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 15eb1c41213..ff4dc29efea 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -65,7 +65,7 @@ module Gitlab return false unless can_access_git? if protected?(ProtectedBranch, project, ref) - return true if project.empty_repo? && project.user_can_push_to_empty_repo?(user) + return true if project.user_can_push_to_empty_repo?(user) protected_branch_accessible_to?(ref, action: :push) else diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb index ff638c07755..f30dd995695 100644 --- a/lib/google_api/cloud_platform/client.rb +++ b/lib/google_api/cloud_platform/client.rb @@ -76,9 +76,13 @@ module GoogleApi "initial_node_count": cluster_size, "node_config": { "machine_type": machine_type + }, + "legacy_abac": { + "enabled": true } } - } ) + } + ) service.create_cluster(project_id, zone, request_body, options: user_agent_header) end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index fadc17a659d..889a03e7859 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: gitlab 1.0.0\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-02-07 11:38-0600\n" -"PO-Revision-Date: 2018-02-07 11:38-0600\n" +"POT-Creation-Date: 2018-02-20 10:26+0100\n" +"PO-Revision-Date: 2018-02-20 10:26+0100\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "Language: \n" @@ -150,6 +150,39 @@ msgstr "" msgid "AdminHealthPageLink|health page" msgstr "" +msgid "AdminProjects|Delete" +msgstr "" + +msgid "AdminProjects|Delete Project %{projectName}?" +msgstr "" + +msgid "AdminProjects|Delete project" +msgstr "" + +msgid "AdminSettings|Specify a domain to use by default for every project's Auto Review Apps and Auto Deploy stages." +msgstr "" + +msgid "AdminUsers|Block user" +msgstr "" + +msgid "AdminUsers|Delete User %{username} and contributions?" +msgstr "" + +msgid "AdminUsers|Delete User %{username}?" +msgstr "" + +msgid "AdminUsers|Delete user" +msgstr "" + +msgid "AdminUsers|Delete user and contributions" +msgstr "" + +msgid "AdminUsers|To confirm, type %{projectName}" +msgstr "" + +msgid "AdminUsers|To confirm, type %{username}" +msgstr "" + msgid "Advanced settings" msgstr "" @@ -177,9 +210,21 @@ msgstr "" msgid "An error occurred while getting projects" msgstr "" +msgid "An error occurred while importing project" +msgstr "" + +msgid "An error occurred while loading commits" +msgstr "" + +msgid "An error occurred while loading diff" +msgstr "" + msgid "An error occurred while loading filenames" msgstr "" +msgid "An error occurred while loading the file" +msgstr "" + msgid "An error occurred while rendering KaTeX" msgstr "" @@ -192,6 +237,9 @@ msgstr "" msgid "An error occurred while retrieving diff" msgstr "" +msgid "An error occurred while saving assignees" +msgstr "" + msgid "An error occurred while validating username" msgstr "" @@ -1018,6 +1066,9 @@ msgstr "" msgid "Create a personal access token on your account to pull or push via %{protocol}." msgstr "" +msgid "Create branch" +msgstr "" + msgid "Create directory" msgstr "" @@ -1033,6 +1084,9 @@ msgstr "" msgid "Create merge request" msgstr "" +msgid "Create merge request and branch" +msgstr "" + msgid "Create new branch" msgstr "" @@ -1290,9 +1344,15 @@ msgstr "" msgid "Failed to change the owner" msgstr "" +msgid "Failed to remove issue from board, please try again." +msgstr "" + msgid "Failed to remove the pipeline schedule" msgstr "" +msgid "Failed to update issues, please try again." +msgstr "" + msgid "Feb" msgstr "" @@ -1985,6 +2045,24 @@ msgstr "" msgid "Pipelines|Get started with Pipelines" msgstr "" +msgid "Pipeline|Retry pipeline" +msgstr "" + +msgid "Pipeline|Retry pipeline #%{id}?" +msgstr "" + +msgid "Pipeline|Stop pipeline" +msgstr "" + +msgid "Pipeline|Stop pipeline #%{id}?" +msgstr "" + +msgid "Pipeline|You’re about to retry pipeline %{id}." +msgstr "" + +msgid "Pipeline|You’re about to stop pipeline %{id}." +msgstr "" + msgid "Pipeline|all" msgstr "" @@ -2144,12 +2222,30 @@ msgstr "" msgid "ProjectsDropdown|This feature requires browser localStorage support" msgstr "" +msgid "PrometheusService|Active" +msgstr "" + +msgid "PrometheusService|Auto configuration" +msgstr "" + +msgid "PrometheusService|Automatically deploy and configure Prometheus on your clusters to monitor your project’s environments" +msgstr "" + msgid "PrometheusService|By default, Prometheus listens on ‘http://localhost:9090’. It’s not recommended to change the default address and port as this might affect or conflict with other services running on the GitLab server." msgstr "" msgid "PrometheusService|Finding and configuring metrics..." msgstr "" +msgid "PrometheusService|Install Prometheus on clusters" +msgstr "" + +msgid "PrometheusService|Manage clusters" +msgstr "" + +msgid "PrometheusService|Manual configuration" +msgstr "" + msgid "PrometheusService|Metrics" msgstr "" @@ -2171,9 +2267,18 @@ msgstr "" msgid "PrometheusService|Prometheus API Base URL, like http://prometheus.example.com/" msgstr "" +msgid "PrometheusService|Prometheus is being automatically managed on your clusters" +msgstr "" + msgid "PrometheusService|Time-series monitoring service" msgstr "" +msgid "PrometheusService|To enable manual configuration, uninstall Prometheus from your clusters" +msgstr "" + +msgid "PrometheusService|To enable the installation of Prometheus on your clusters, deactivate the manual configuration below" +msgstr "" + msgid "PrometheusService|View environments" msgstr "" @@ -2376,12 +2481,18 @@ msgstr "" msgid "Something went wrong when toggling the button" msgstr "" +msgid "Something went wrong while closing the issue. Please try again later" +msgstr "" + msgid "Something went wrong while fetching the projects." msgstr "" msgid "Something went wrong while fetching the registry list." msgstr "" +msgid "Something went wrong while reopening the issue. Please try again later" +msgstr "" + msgid "Something went wrong. Please try again." msgstr "" @@ -2478,6 +2589,9 @@ msgstr "" msgid "Source" msgstr "" +msgid "Source (branch or tag)" +msgstr "" + msgid "Source code" msgstr "" @@ -2738,6 +2852,9 @@ msgstr "" msgid "This merge request is locked." msgstr "" +msgid "This page is unavailable because you are not allowed to read information across multiple projects." +msgstr "" + msgid "This project" msgstr "" @@ -2934,9 +3051,6 @@ msgstr "" msgid "Trigger this manual action" msgstr "" -msgid "Type %{value} to confirm:" -msgstr "" - msgid "Unable to reset project cache." msgstr "" @@ -3229,6 +3343,9 @@ msgid_plural "merge requests" msgstr[0] "" msgstr[1] "" +msgid "mrWidget| Please restore it or use a different %{missingBranchName} branch" +msgstr "" + msgid "mrWidget|Cancel automatic merge" msgstr "" @@ -3262,6 +3379,9 @@ msgstr "" msgid "mrWidget|If the %{branch} branch exists in your local repository, you can merge this merge request manually using the" msgstr "" +msgid "mrWidget|If the %{missingBranchName} branch exists in your local repository, you can merge this merge request manually using the command line" +msgstr "" + msgid "mrWidget|Mentions" msgstr "" @@ -3349,6 +3469,9 @@ msgstr "" msgid "mrWidget|You can remove source branch now" msgstr "" +msgid "mrWidget|branch does not exist." +msgstr "" + msgid "mrWidget|command line" msgstr "" diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb index 79bbc29e80d..4770e187db6 100644 --- a/spec/controllers/boards/issues_controller_spec.rb +++ b/spec/controllers/boards/issues_controller_spec.rb @@ -86,6 +86,7 @@ describe Boards::IssuesController do context 'with unauthorized user' do before do + allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_issue, project).and_return(false) end diff --git a/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb new file mode 100644 index 00000000000..27f558e1b5d --- /dev/null +++ b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb @@ -0,0 +1,146 @@ +require 'spec_helper' + +describe ControllerWithCrossProjectAccessCheck do + let(:user) { create(:user) } + + before do + sign_in user + end + + render_views + + context 'When reading cross project is not allowed' do + before do + allow(Ability).to receive(:allowed).and_call_original + allow(Ability).to receive(:allowed?) + .with(user, :read_cross_project, :global) + .and_return(false) + end + + describe '#requires_cross_project_access' do + controller(ApplicationController) do + # `described_class` is not available in this context + include ControllerWithCrossProjectAccessCheck # rubocop:disable RSpec/DescribedClass + + requires_cross_project_access :index, show: false, + unless: -> { unless_condition }, + if: -> { if_condition } + + def index + render nothing: true + end + + def show + render nothing: true + end + + def unless_condition + false + end + + def if_condition + true + end + end + + it 'renders a 404 with trying to access a cross project page' do + message = "This page is unavailable because you are not allowed to read "\ + "information across multiple projects." + + get :index + + expect(response).to have_gitlab_http_status(404) + expect(response.body).to match(/#{message}/) + end + + it 'is skipped when the `if` condition returns false' do + expect(controller).to receive(:if_condition).and_return(false) + + get :index + + expect(response).to have_gitlab_http_status(200) + end + + it 'is skipped when the `unless` condition returns true' do + expect(controller).to receive(:unless_condition).and_return(true) + + get :index + + expect(response).to have_gitlab_http_status(200) + end + + it 'correctly renders an action that does not require cross project access' do + get :show, id: 'nothing' + + expect(response).to have_gitlab_http_status(200) + end + end + + describe '#skip_cross_project_access_check' do + controller(ApplicationController) do + # `described_class` is not available in this context + include ControllerWithCrossProjectAccessCheck # rubocop:disable RSpec/DescribedClass + + requires_cross_project_access + + skip_cross_project_access_check index: true, show: false, + unless: -> { unless_condition }, + if: -> { if_condition } + + def index + render nothing: true + end + + def show + render nothing: true + end + + def edit + render nothing: true + end + + def unless_condition + false + end + + def if_condition + true + end + end + + it 'renders a success when the check is skipped' do + get :index + + expect(response).to have_gitlab_http_status(200) + end + + it 'is executed when the `if` condition returns false' do + expect(controller).to receive(:if_condition).and_return(false) + + get :index + + expect(response).to have_gitlab_http_status(404) + end + + it 'is executed when the `unless` condition returns true' do + expect(controller).to receive(:unless_condition).and_return(true) + + get :index + + expect(response).to have_gitlab_http_status(404) + end + + it 'does not skip the check on an action that is not skipped' do + get :show, id: 'hello' + + expect(response).to have_gitlab_http_status(404) + end + + it 'does not skip the check on an action that was not defined to skip' do + get :edit, id: 'hello' + + expect(response).to have_gitlab_http_status(404) + end + end + end +end diff --git a/spec/controllers/projects/merge_requests/creations_controller_spec.rb b/spec/controllers/projects/merge_requests/creations_controller_spec.rb index 92db7284e0e..24310b847e8 100644 --- a/spec/controllers/projects/merge_requests/creations_controller_spec.rb +++ b/spec/controllers/projects/merge_requests/creations_controller_spec.rb @@ -17,7 +17,7 @@ describe Projects::MergeRequests::CreationsController do before do fork_project.add_master(user) - + Projects::ForkService.new(project, user).execute(fork_project) sign_in(user) end @@ -125,4 +125,66 @@ describe Projects::MergeRequests::CreationsController do end end end + + describe 'GET #branch_to' do + before do + allow(Ability).to receive(:allowed?).and_call_original + end + + it 'fetches the commit if a user has access' do + expect(Ability).to receive(:allowed?).with(user, :read_project, project) { true } + + get :branch_to, + namespace_id: fork_project.namespace, + project_id: fork_project, + target_project_id: project.id, + ref: 'master' + + expect(assigns(:commit)).not_to be_nil + expect(response).to have_gitlab_http_status(200) + end + + it 'does not load the commit when the user cannot read the project' do + expect(Ability).to receive(:allowed?).with(user, :read_project, project) { false } + + get :branch_to, + namespace_id: fork_project.namespace, + project_id: fork_project, + target_project_id: project.id, + ref: 'master' + + expect(assigns(:commit)).to be_nil + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'GET #update_branches' do + before do + allow(Ability).to receive(:allowed?).and_call_original + end + + it 'lists the branches of another fork if the user has access' do + expect(Ability).to receive(:allowed?).with(user, :read_project, project) { true } + + get :update_branches, + namespace_id: fork_project.namespace, + project_id: fork_project, + target_project_id: project.id + + expect(assigns(:target_branches)).not_to be_empty + expect(response).to have_gitlab_http_status(200) + end + + it 'does not list branches when the user cannot read the project' do + expect(Ability).to receive(:allowed?).with(user, :read_project, project) { false } + + get :update_branches, + namespace_id: fork_project.namespace, + project_id: fork_project, + target_project_id: project.id + + expect(response).to have_gitlab_http_status(200) + expect(assigns(:target_branches)).to eq([]) + end + end end diff --git a/spec/controllers/projects/uploads_controller_spec.rb b/spec/controllers/projects/uploads_controller_spec.rb index d572085661d..eca9baed9c9 100644 --- a/spec/controllers/projects/uploads_controller_spec.rb +++ b/spec/controllers/projects/uploads_controller_spec.rb @@ -7,4 +7,12 @@ describe Projects::UploadsController do end it_behaves_like 'handle uploads' + + context 'when the URL the old style, without /-/system' do + it 'responds with a redirect to the login page' do + get :show, namespace_id: 'project', project_id: 'avatar', filename: 'foo.png', secret: 'bar' + + expect(response).to redirect_to(new_user_session_path) + end + end end diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 37f961d0c94..30c06ddf744 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -16,6 +16,32 @@ describe SearchController do expect(assigns[:search_objects].first).to eq note end + context 'when the user cannot read cross project' do + before do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?) + .with(user, :read_cross_project, :global) { false } + end + + it 'still allows accessing the search page' do + get :show + + expect(response).to have_gitlab_http_status(200) + end + + it 'still blocks searches without a project_id' do + get :show, search: 'hello' + + expect(response).to have_gitlab_http_status(404) + end + + it 'allows searches with a project_id' do + get :show, search: 'hello', project_id: create(:project, :public).id + + expect(response).to have_gitlab_http_status(200) + end + end + context 'on restricted projects' do context 'when signed out' do before do diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 2898c4b119e..b0acf4a49ac 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -74,6 +74,31 @@ describe UsersController do end end end + + context 'json with events' do + let(:project) { create(:project) } + before do + project.add_developer(user) + Gitlab::DataBuilder::Push.build_sample(project, user) + + sign_in(user) + end + + it 'loads events' do + get :show, username: user, format: :json + + expect(assigns(:events)).not_to be_empty + end + + it 'hides events if the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + get :show, username: user, format: :json + + expect(assigns(:events)).to be_empty + end + end end describe 'GET #calendar' do diff --git a/spec/features/auto_deploy_spec.rb b/spec/features/auto_deploy_spec.rb deleted file mode 100644 index 9aef68b7156..00000000000 --- a/spec/features/auto_deploy_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -require 'spec_helper' - -describe 'Auto deploy' do - let(:user) { create(:user) } - let(:project) { create(:project, :repository) } - - shared_examples 'same behavior between KubernetesService and Platform::Kubernetes' do - context 'when no deployment service is active' do - before do - trun_off - end - - it 'does not show a button to set up auto deploy' do - visit project_path(project) - expect(page).to have_no_content('Set up auto deploy') - end - end - - context 'when a deployment service is active' do - before do - trun_on - visit project_path(project) - end - - it 'shows a button to set up auto deploy' do - expect(page).to have_link('Set up auto deploy') - end - - it 'includes OpenShift as an available template', :js do - click_link 'Set up auto deploy' - click_button 'Apply a GitLab CI Yaml template' - - within '.gitlab-ci-yml-selector' do - expect(page).to have_content('OpenShift') - end - end - - it 'creates a merge request using "auto-deploy" branch', :js do - click_link 'Set up auto deploy' - click_button 'Apply a GitLab CI Yaml template' - within '.gitlab-ci-yml-selector' do - click_on 'OpenShift' - end - wait_for_requests - click_button 'Commit changes' - - expect(page).to have_content('New Merge Request From auto-deploy into master') - end - end - end - - context 'when user configured kubernetes from Integration > Kubernetes' do - before do - create :kubernetes_service, project: project - project.add_master(user) - sign_in user - end - - let(:trun_on) { project.deployment_platform.update!(active: true) } - let(:trun_off) { project.deployment_platform.update!(active: false) } - - it_behaves_like 'same behavior between KubernetesService and Platform::Kubernetes' - end - - context 'when user configured kubernetes from CI/CD > Clusters' do - before do - create(:cluster, :provided_by_gcp, projects: [project]) - project.add_master(user) - sign_in user - end - - let(:trun_on) { project.deployment_platform.cluster.update!(enabled: true) } - let(:trun_off) { project.deployment_platform.cluster.update!(enabled: false) } - - it_behaves_like 'same behavior between KubernetesService and Platform::Kubernetes' - end -end diff --git a/spec/features/projects/files/project_owner_sees_link_to_create_license_file_in_empty_project_spec.rb b/spec/features/projects/files/project_owner_sees_link_to_create_license_file_in_empty_project_spec.rb index 8ac9821b879..7f1d1934103 100644 --- a/spec/features/projects/files/project_owner_sees_link_to_create_license_file_in_empty_project_spec.rb +++ b/spec/features/projects/files/project_owner_sees_link_to_create_license_file_in_empty_project_spec.rb @@ -11,7 +11,7 @@ feature 'project owner sees a link to create a license file in empty project', : scenario 'project master creates a license file from a template' do visit project_path(project) - click_on 'LICENSE' + click_on 'Add License' expect(page).to have_content('New file') expect(current_path).to eq( diff --git a/spec/features/projects/new_project_spec.rb b/spec/features/projects/new_project_spec.rb index 6f097ad16c7..b5104747d00 100644 --- a/spec/features/projects/new_project_spec.rb +++ b/spec/features/projects/new_project_spec.rb @@ -140,7 +140,7 @@ feature 'New project' do find('#import-project-tab').click end - context 'from git repository url' do + context 'from git repository url, "Repo by URL"' do before do first('.import_git').click end @@ -157,6 +157,18 @@ feature 'New project' do expect(git_import_instructions).to be_visible expect(git_import_instructions).to have_content 'Git repository URL' end + + it 'keeps "Import project" tab open after form validation error' do + collision_project = create(:project, name: 'test-name-collision', namespace: user.namespace) + + fill_in 'project_import_url', with: collision_project.http_url_to_repo + fill_in 'project_path', with: collision_project.path + + click_on 'Create project' + + expect(page).to have_css('#import-project-pane.active') + expect(page).not_to have_css('.toggle-import-form.hide') + end end context 'from GitHub' do diff --git a/spec/features/projects/show_project_spec.rb b/spec/features/projects/show_project_spec.rb index 0b94c9eae5d..0a014e9f080 100644 --- a/spec/features/projects/show_project_spec.rb +++ b/spec/features/projects/show_project_spec.rb @@ -17,4 +17,321 @@ describe 'Project show page', :feature do expect(page).to have_content("This project was scheduled for deletion, but failed with the following message: #{project.delete_error}") end end + + describe 'stat button existence' do + # For "New file", "Add License" functionality, + # see spec/features/projects/files/project_owner_creates_license_file_spec.rb + # see spec/features/projects/files/project_owner_sees_link_to_create_license_file_in_empty_project_spec.rb + + let(:user) { create(:user) } + + describe 'empty project' do + let(:project) { create(:project, :public, :empty_repo) } + let(:presenter) { project.present(current_user: user) } + + describe 'as a normal user' do + before do + sign_in(user) + + visit project_path(project) + end + + it 'no Auto DevOps button if can not manage pipelines' do + page.within('.project-stats') do + expect(page).not_to have_link('Enable Auto DevOps') + expect(page).not_to have_link('Auto DevOps enabled') + end + end + + it '"Auto DevOps enabled" button not linked' do + project.create_auto_devops!(enabled: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_text('Auto DevOps enabled') + end + end + end + + describe 'as a master' do + before do + project.add_master(user) + sign_in(user) + + visit project_path(project) + end + + it '"New file" button linked to new file page' do + page.within('.project-stats') do + expect(page).to have_link('New file', href: project_new_blob_path(project, project.default_branch || 'master')) + end + end + + it '"Add Readme" button linked to new file populated for a readme' do + page.within('.project-stats') do + expect(page).to have_link('Add Readme', href: presenter.add_readme_path) + end + end + + it '"Add License" button linked to new file populated for a license' do + page.within('.project-stats') do + expect(page).to have_link('Add License', href: presenter.add_license_path) + end + end + + describe 'Auto DevOps button' do + it '"Enable Auto DevOps" button linked to settings page' do + page.within('.project-stats') do + expect(page).to have_link('Enable Auto DevOps', href: project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings')) + end + end + + it '"Auto DevOps enabled" anchor linked to settings page' do + project.create_auto_devops!(enabled: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_link('Auto DevOps enabled', href: project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings')) + end + end + end + + describe 'Kubernetes cluster button' do + it '"Add Kubernetes cluster" button linked to clusters page' do + page.within('.project-stats') do + expect(page).to have_link('Add Kubernetes cluster', href: new_project_cluster_path(project)) + end + end + + it '"Kubernetes cluster" anchor linked to cluster page' do + cluster = create(:cluster, :provided_by_gcp, projects: [project]) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_link('Kubernetes configured', href: project_cluster_path(project, cluster)) + end + end + end + end + end + + describe 'populated project' do + let(:project) { create(:project, :public, :repository) } + let(:presenter) { project.present(current_user: user) } + + describe 'as a normal user' do + before do + sign_in(user) + + visit project_path(project) + end + + it 'no Auto DevOps button if can not manage pipelines' do + page.within('.project-stats') do + expect(page).not_to have_link('Enable Auto DevOps') + expect(page).not_to have_link('Auto DevOps enabled') + end + end + + it '"Auto DevOps enabled" button not linked' do + project.create_auto_devops!(enabled: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_text('Auto DevOps enabled') + end + end + + it 'no Kubernetes cluster button if can not manage clusters' do + page.within('.project-stats') do + expect(page).not_to have_link('Add Kubernetes cluster') + expect(page).not_to have_link('Kubernetes configured') + end + end + end + + describe 'as a master' do + before do + allow_any_instance_of(AutoDevopsHelper).to receive(:show_auto_devops_callout?).and_return(false) + project.add_master(user) + sign_in(user) + + visit project_path(project) + end + + it 'no "Add Changelog" button if the project already has a changelog' do + expect(project.repository.changelog).not_to be_nil + + page.within('.project-stats') do + expect(page).not_to have_link('Add Changelog') + end + end + + it 'no "Add License" button if the project already has a license' do + expect(project.repository.license_blob).not_to be_nil + + page.within('.project-stats') do + expect(page).not_to have_link('Add License') + end + end + + it 'no "Add Contribution guide" button if the project already has a contribution guide' do + expect(project.repository.contribution_guide).not_to be_nil + + page.within('.project-stats') do + expect(page).not_to have_link('Add Contribution guide') + end + end + + describe 'GitLab CI configuration button' do + it '"Set up CI/CD" button linked to new file populated for a .gitlab-ci.yml' do + expect(project.repository.gitlab_ci_yml).to be_nil + + page.within('.project-stats') do + expect(page).to have_link('Set up CI/CD', href: presenter.add_ci_yml_path) + end + end + + it 'no "Set up CI/CD" button if the project already has a .gitlab-ci.yml' do + Files::CreateService.new( + project, + project.creator, + start_branch: 'master', + branch_name: 'master', + commit_message: "Add .gitlab-ci.yml", + file_path: '.gitlab-ci.yml', + file_content: File.read(Rails.root.join('spec/support/gitlab_stubs/gitlab_ci.yml')) + ).execute + + expect(project.repository.gitlab_ci_yml).not_to be_nil + + visit project_path(project) + + page.within('.project-stats') do + expect(page).not_to have_link('Set up CI/CD') + end + end + + it 'no "Set up CI/CD" button if the project has Auto DevOps enabled' do + project.create_auto_devops!(enabled: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).not_to have_link('Set up CI/CD') + end + end + end + + describe 'Auto DevOps button' do + it '"Enable Auto DevOps" button linked to settings page' do + page.within('.project-stats') do + expect(page).to have_link('Enable Auto DevOps', href: project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings')) + end + end + + it '"Enable Auto DevOps" button linked to settings page' do + project.create_auto_devops!(enabled: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_link('Auto DevOps enabled', href: project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings')) + end + end + + it 'no Auto DevOps button if Auto DevOps callout is shown' do + allow_any_instance_of(AutoDevopsHelper).to receive(:show_auto_devops_callout?).and_return(true) + + visit project_path(project) + + expect(page).to have_selector('.js-autodevops-banner') + + page.within('.project-stats') do + expect(page).not_to have_link('Enable Auto DevOps') + expect(page).not_to have_link('Auto DevOps enabled') + end + end + + it 'no "Enable Auto DevOps" button when .gitlab-ci.yml already exists' do + Files::CreateService.new( + project, + project.creator, + start_branch: 'master', + branch_name: 'master', + commit_message: "Add .gitlab-ci.yml", + file_path: '.gitlab-ci.yml', + file_content: File.read(Rails.root.join('spec/support/gitlab_stubs/gitlab_ci.yml')) + ).execute + + expect(project.repository.gitlab_ci_yml).not_to be_nil + + visit project_path(project) + + page.within('.project-stats') do + expect(page).not_to have_link('Enable Auto DevOps') + expect(page).not_to have_link('Auto DevOps enabled') + end + end + end + + describe 'Kubernetes cluster button' do + it '"Add Kubernetes cluster" button linked to clusters page' do + page.within('.project-stats') do + expect(page).to have_link('Add Kubernetes cluster', href: new_project_cluster_path(project)) + end + end + + it '"Kubernetes cluster" button linked to cluster page' do + cluster = create(:cluster, :provided_by_gcp, projects: [project]) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_link('Kubernetes configured', href: project_cluster_path(project, cluster)) + end + end + end + + describe '"Set up Koding" button' do + it 'no "Set up Koding" button if Koding disabled' do + stub_application_setting(koding_enabled?: false) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).not_to have_link('Set up Koding') + end + end + + it 'no "Set up Koding" button if the project already has a .koding.yml' do + stub_application_setting(koding_enabled?: true) + allow(Gitlab::CurrentSettings.current_application_settings).to receive(:koding_url).and_return('http://koding.example.com') + expect(project.repository.changelog).not_to be_nil + allow_any_instance_of(Repository).to receive(:koding_yml).and_return(project.repository.changelog) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).not_to have_link('Set up Koding') + end + end + + it '"Set up Koding" button linked to new file populated for a .koding.yml' do + stub_application_setting(koding_enabled?: true) + + visit project_path(project) + + page.within('.project-stats') do + expect(page).to have_link('Set up Koding', href: presenter.add_koding_stack_path) + end + end + end + end + end + end end diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb index b66a7dea598..645d12da09f 100644 --- a/spec/features/projects_spec.rb +++ b/spec/features/projects_spec.rb @@ -25,6 +25,24 @@ feature 'Project' do end end + describe 'shows tip about push to create git command' do + let(:user) { create(:user) } + + before do + sign_in user + visit new_project_path + end + + it 'shows the command in a popover', :js do + page.within '.profile-settings-sidebar' do + click_link 'Show command' + end + + expect(page).to have_css('.popover .push-to-create-popover #push_to_create_tip') + expect(page).to have_content 'Private projects can be created in your personal namespace with:' + end + end + describe 'description' do let(:project) { create(:project, :repository) } let(:path) { project_path(project) } diff --git a/spec/features/signup_spec.rb b/spec/features/signup_spec.rb deleted file mode 100644 index 917fad74ef1..00000000000 --- a/spec/features/signup_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -require 'spec_helper' - -feature 'Signup' do - describe 'signup with no errors' do - context "when sending confirmation email" do - before do - stub_application_setting(send_user_confirmation_email: true) - end - - it 'creates the user account and sends a confirmation email' do - user = build(:user) - - visit root_path - - fill_in 'new_user_name', with: user.name - fill_in 'new_user_username', with: user.username - fill_in 'new_user_email', with: user.email - fill_in 'new_user_email_confirmation', with: user.email - fill_in 'new_user_password', with: user.password - click_button "Register" - - expect(current_path).to eq users_almost_there_path - expect(page).to have_content("Please check your email to confirm your account") - end - end - - context "when sigining up with different cased emails" do - it "creates the user successfully" do - user = build(:user) - - visit root_path - - fill_in 'new_user_name', with: user.name - fill_in 'new_user_username', with: user.username - fill_in 'new_user_email', with: user.email - fill_in 'new_user_email_confirmation', with: user.email.capitalize - fill_in 'new_user_password', with: user.password - click_button "Register" - - expect(current_path).to eq dashboard_projects_path - expect(page).to have_content("Welcome! You have signed up successfully.") - end - end - - context "when not sending confirmation email" do - before do - stub_application_setting(send_user_confirmation_email: false) - end - - it 'creates the user account and goes to dashboard' do - user = build(:user) - - visit root_path - - fill_in 'new_user_name', with: user.name - fill_in 'new_user_username', with: user.username - fill_in 'new_user_email', with: user.email - fill_in 'new_user_email_confirmation', with: user.email - fill_in 'new_user_password', with: user.password - click_button "Register" - - expect(current_path).to eq dashboard_projects_path - expect(page).to have_content("Welcome! You have signed up successfully.") - end - end - end - - describe 'signup with errors' do - it "displays the errors" do - existing_user = create(:user) - user = build(:user) - - visit root_path - - fill_in 'new_user_name', with: user.name - fill_in 'new_user_username', with: user.username - fill_in 'new_user_email', with: existing_user.email - fill_in 'new_user_password', with: user.password - click_button "Register" - - expect(current_path).to eq user_registration_path - expect(page).to have_content("errors prohibited this user from being saved") - expect(page).to have_content("Email has already been taken") - expect(page).to have_content("Email confirmation doesn't match") - end - - it 'does not redisplay the password' do - existing_user = create(:user) - user = build(:user) - - visit root_path - - fill_in 'new_user_name', with: user.name - fill_in 'new_user_username', with: user.username - fill_in 'new_user_email', with: existing_user.email - fill_in 'new_user_password', with: user.password - click_button "Register" - - expect(current_path).to eq user_registration_path - expect(page.body).not_to match(/#{user.password}/) - end - end -end diff --git a/spec/features/tags/master_views_tags_spec.rb b/spec/features/tags/master_views_tags_spec.rb index 4662367d843..b625e7065cc 100644 --- a/spec/features/tags/master_views_tags_spec.rb +++ b/spec/features/tags/master_views_tags_spec.rb @@ -13,7 +13,7 @@ feature 'Master views tags' do before do visit project_path(project) - click_on 'README' + click_on 'Add Readme' fill_in :commit_message, with: 'Add a README file', visible: true click_button 'Commit changes' visit project_tags_path(project) diff --git a/spec/features/login_spec.rb b/spec/features/users/login_spec.rb index 6dfabcc7225..6ef235cf870 100644 --- a/spec/features/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -1,6 +1,26 @@ require 'spec_helper' feature 'Login' do + scenario 'Successful user signin invalidates password reset token' do + user = create(:user) + + expect(user.reset_password_token).to be_nil + + visit new_user_password_path + fill_in 'user_email', with: user.email + click_button 'Reset password' + + user.reload + expect(user.reset_password_token).not_to be_nil + + find('a[href="#login-pane"]').click + gitlab_sign_in(user) + expect(current_path).to eq root_path + + user.reload + expect(user.reset_password_token).to be_nil + end + describe 'initial login after setup' do it 'allows the initial admin to create a password' do # This behavior is dependent on there only being one user diff --git a/spec/features/logout_spec.rb b/spec/features/users/logout_spec.rb index 635729efa53..635729efa53 100644 --- a/spec/features/logout_spec.rb +++ b/spec/features/users/logout_spec.rb diff --git a/spec/features/users/projects_spec.rb b/spec/features/users/projects_spec.rb deleted file mode 100644 index f079771cee1..00000000000 --- a/spec/features/users/projects_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'spec_helper' - -describe 'Projects tab on a user profile', :js do - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace) } - let!(:project2) { create(:project, namespace: user.namespace) } - - before do - allow(Project).to receive(:default_per_page).and_return(1) - - sign_in(user) - - visit user_path(user) - - page.within('.user-profile-nav') do - click_link('Personal projects') - end - - wait_for_requests - end - - it 'paginates results' do - expect(page).to have_content(project2.name) - - click_link('Next') - - expect(page).to have_content(project.name) - end -end diff --git a/spec/features/users/show_spec.rb b/spec/features/users/show_spec.rb new file mode 100644 index 00000000000..b5bbb2c0ea5 --- /dev/null +++ b/spec/features/users/show_spec.rb @@ -0,0 +1,17 @@ +require 'spec_helper' + +describe 'User page' do + let(:user) { create(:user) } + + it 'shows all the tabs' do + visit(user_path(user)) + + page.within '.nav-links' do + expect(page).to have_link('Activity') + expect(page).to have_link('Groups') + expect(page).to have_link('Contributed projects') + expect(page).to have_link('Personal projects') + expect(page).to have_link('Snippets') + end + end +end diff --git a/spec/features/users/signup_spec.rb b/spec/features/users/signup_spec.rb new file mode 100644 index 00000000000..5d539f0ccbe --- /dev/null +++ b/spec/features/users/signup_spec.rb @@ -0,0 +1,135 @@ +require 'spec_helper' + +describe 'Signup' do + let(:new_user) { build_stubbed(:user) } + + describe 'username validation', :js do + before do + visit root_path + click_link 'Register' + end + + it 'does not show an error border if the username is available' do + fill_in 'new_user_username', with: 'new-user' + wait_for_requests + + expect(find('.username')).not_to have_css '.gl-field-error-outline' + end + + it 'does not show an error border if the username contains dots (.)' do + fill_in 'new_user_username', with: 'new.user.username' + wait_for_requests + + expect(find('.username')).not_to have_css '.gl-field-error-outline' + end + + it 'shows an error border if the username already exists' do + existing_user = create(:user) + + fill_in 'new_user_username', with: existing_user.username + wait_for_requests + + expect(find('.username')).to have_css '.gl-field-error-outline' + end + + it 'shows an error border if the username contains special characters' do + fill_in 'new_user_username', with: 'new$user!username' + wait_for_requests + + expect(find('.username')).to have_css '.gl-field-error-outline' + end + end + + context 'with no errors' do + context "when sending confirmation email" do + before do + stub_application_setting(send_user_confirmation_email: true) + end + + it 'creates the user account and sends a confirmation email' do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email + fill_in 'new_user_password', with: new_user.password + + expect { click_button 'Register' }.to change { User.count }.by(1) + + expect(current_path).to eq users_almost_there_path + expect(page).to have_content("Please check your email to confirm your account") + end + end + + context "when sigining up with different cased emails" do + it "creates the user successfully" do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email.capitalize + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq dashboard_projects_path + expect(page).to have_content("Welcome! You have signed up successfully.") + end + end + + context "when not sending confirmation email" do + before do + stub_application_setting(send_user_confirmation_email: false) + end + + it 'creates the user account and goes to dashboard' do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq dashboard_projects_path + expect(page).to have_content("Welcome! You have signed up successfully.") + end + end + end + + context 'with errors' do + it "displays the errors" do + existing_user = create(:user) + + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: existing_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq user_registration_path + expect(page).to have_content("errors prohibited this user from being saved") + expect(page).to have_content("Email has already been taken") + expect(page).to have_content("Email confirmation doesn't match") + end + + it 'does not redisplay the password' do + existing_user = create(:user) + + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: existing_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq user_registration_path + expect(page.body).not_to match(/#{new_user.password}/) + end + end +end diff --git a/spec/features/user_page_spec.rb b/spec/features/users/user_browses_projects_on_user_page_spec.rb index 19c587e53c8..a70637c8370 100644 --- a/spec/features/user_page_spec.rb +++ b/spec/features/users/user_browses_projects_on_user_page_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe 'User page', :js do +describe 'Users > User browses projects on user page', :js do let!(:user) { create :user } let!(:private_project) do create :project, :private, name: 'private', namespace: user.namespace do |project| @@ -26,6 +26,28 @@ describe 'User page', :js do end end + it 'paginates projects', :js do + project = create(:project, namespace: user.namespace) + project2 = create(:project, namespace: user.namespace) + allow(Project).to receive(:default_per_page).and_return(1) + + sign_in(user) + + visit user_path(user) + + page.within('.user-profile-nav') do + click_link('Personal projects') + end + + wait_for_requests + + expect(page).to have_content(project2.name) + + click_link('Next') + + expect(page).to have_content(project.name) + end + context 'when not signed in' do it 'renders user public project' do visit user_path(user) diff --git a/spec/features/users_spec.rb b/spec/features/users_spec.rb deleted file mode 100644 index a9973cdf214..00000000000 --- a/spec/features/users_spec.rb +++ /dev/null @@ -1,114 +0,0 @@ -require 'spec_helper' - -feature 'Users', :js do - let(:user) { create(:user, username: 'user1', name: 'User 1', email: 'user1@gitlab.com') } - - scenario 'GET /users/sign_in creates a new user account' do - visit new_user_session_path - click_link 'Register' - fill_in 'new_user_name', with: 'Name Surname' - fill_in 'new_user_username', with: 'Great' - fill_in 'new_user_email', with: 'name@mail.com' - fill_in 'new_user_email_confirmation', with: 'name@mail.com' - fill_in 'new_user_password', with: 'password1234' - expect { click_button 'Register' }.to change { User.count }.by(1) - end - - scenario 'Successful user signin invalidates password reset token' do - expect(user.reset_password_token).to be_nil - - visit new_user_password_path - fill_in 'user_email', with: user.email - click_button 'Reset password' - - user.reload - expect(user.reset_password_token).not_to be_nil - - find('a[href="#login-pane"]').click - gitlab_sign_in(user) - expect(current_path).to eq root_path - - user.reload - expect(user.reset_password_token).to be_nil - end - - scenario 'Should show one error if email is already taken' do - visit new_user_session_path - click_link 'Register' - fill_in 'new_user_name', with: 'Another user name' - fill_in 'new_user_username', with: 'anotheruser' - fill_in 'new_user_email', with: user.email - fill_in 'new_user_email_confirmation', with: user.email - fill_in 'new_user_password', with: '12341234' - expect { click_button 'Register' }.to change { User.count }.by(0) - expect(page).to have_text('Email has already been taken') - expect(number_of_errors_on_page(page)).to be(1), 'errors on page:\n #{errors_on_page page}' - end - - describe 'redirect alias routes' do - before do - expect(user).to be_persisted - end - - scenario '/u/user1 redirects to user page' do - visit '/u/user1' - - expect(current_path).to eq user_path(user) - expect(page).to have_text(user.name) - end - - scenario '/u/user1/groups redirects to user groups page' do - visit '/u/user1/groups' - - expect(current_path).to eq user_groups_path(user) - end - - scenario '/u/user1/projects redirects to user projects page' do - visit '/u/user1/projects' - - expect(current_path).to eq user_projects_path(user) - end - end - - feature 'username validation' do - let(:loading_icon) { '.fa.fa-spinner' } - let(:username_input) { 'new_user_username' } - - before do - visit new_user_session_path - click_link 'Register' - end - - scenario 'doesn\'t show an error border if the username is available' do - fill_in username_input, with: 'new-user' - wait_for_requests - expect(find('.username')).not_to have_css '.gl-field-error-outline' - end - - scenario 'does not show an error border if the username contains dots (.)' do - fill_in username_input, with: 'new.user.username' - wait_for_requests - expect(find('.username')).not_to have_css '.gl-field-error-outline' - end - - scenario 'shows an error border if the username already exists' do - fill_in username_input, with: user.username - wait_for_requests - expect(find('.username')).to have_css '.gl-field-error-outline' - end - - scenario 'shows an error border if the username contains special characters' do - fill_in username_input, with: 'new$user!username' - wait_for_requests - expect(find('.username')).to have_css '.gl-field-error-outline' - end - end - - def errors_on_page(page) - page.find('#error_explanation').find('ul').all('li').map { |item| item.text }.join("\n") - end - - def number_of_errors_on_page(page) - page.find('#error_explanation').find('ul').all('li').count - end -end diff --git a/spec/finders/concerns/finder_methods_spec.rb b/spec/finders/concerns/finder_methods_spec.rb new file mode 100644 index 00000000000..a4ad331f613 --- /dev/null +++ b/spec/finders/concerns/finder_methods_spec.rb @@ -0,0 +1,70 @@ +require 'spec_helper' + +describe FinderMethods do + let(:finder_class) do + Class.new do + include FinderMethods + + attr_reader :current_user + + def initialize(user) + @current_user = user + end + + def execute + Project.all + end + end + end + + let(:user) { create(:user) } + let(:finder) { finder_class.new(user) } + let(:authorized_project) { create(:project) } + let(:unauthorized_project) { create(:project) } + + before do + authorized_project.add_developer(user) + end + + describe '#find_by!' do + it 'returns the project if the user has access' do + expect(finder.find_by!(id: authorized_project.id)).to eq(authorized_project) + end + + it 'raises not found when the project is not found' do + expect { finder.find_by!(id: 0) }.to raise_error(ActiveRecord::RecordNotFound) + end + + it 'raises not found the user does not have access' do + expect { finder.find_by!(id: unauthorized_project.id) }.to raise_error(ActiveRecord::RecordNotFound) + end + end + + describe '#find' do + it 'returns the project if the user has access' do + expect(finder.find(authorized_project.id)).to eq(authorized_project) + end + + it 'raises not found when the project is not found' do + expect { finder.find(0) }.to raise_error(ActiveRecord::RecordNotFound) + end + + it 'raises not found the user does not have access' do + expect { finder.find(unauthorized_project.id) }.to raise_error(ActiveRecord::RecordNotFound) + end + end + + describe '#find_by' do + it 'returns the project if the user has access' do + expect(finder.find_by(id: authorized_project.id)).to eq(authorized_project) + end + + it 'returns nil when the project is not found' do + expect(finder.find_by(id: 0)).to be_nil + end + + it 'returns nil when the user does not have access' do + expect(finder.find_by(id: unauthorized_project.id)).to be_nil + end + end +end diff --git a/spec/finders/concerns/finder_with_cross_project_access_spec.rb b/spec/finders/concerns/finder_with_cross_project_access_spec.rb new file mode 100644 index 00000000000..c784fb87972 --- /dev/null +++ b/spec/finders/concerns/finder_with_cross_project_access_spec.rb @@ -0,0 +1,118 @@ +require 'spec_helper' + +describe FinderWithCrossProjectAccess do + let(:finder_class) do + Class.new do + prepend FinderWithCrossProjectAccess + include FinderMethods + + requires_cross_project_access if: -> { requires_access? } + + attr_reader :current_user + + def initialize(user) + @current_user = user + end + + def execute + Issue.all + end + end + end + + let(:user) { create(:user) } + subject(:finder) { finder_class.new(user) } + let!(:result) { create(:issue) } + + before do + result.project.add_master(user) + end + + def expect_access_check_on_result + expect(finder).not_to receive(:requires_access?) + expect(Ability).to receive(:allowed?).with(user, :read_issue, result).and_call_original + end + + context 'when the user cannot read cross project' do + before do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) + .and_return(false) + end + + describe '#execute' do + it 'returns a issue if the check is disabled' do + expect(finder).to receive(:requires_access?).and_return(false) + + expect(finder.execute).to include(result) + end + + it 'returns an empty relation when the check is enabled' do + expect(finder).to receive(:requires_access?).and_return(true) + + expect(finder.execute).to be_empty + end + + it 'only queries once when check is enabled' do + expect(finder).to receive(:requires_access?).and_return(true) + + expect { finder.execute }.not_to exceed_query_limit(1) + end + + it 'only queries once when check is disabled' do + expect(finder).to receive(:requires_access?).and_return(false) + + expect { finder.execute }.not_to exceed_query_limit(1) + end + end + + describe '#find' do + it 'checks the accessibility of the subject directly' do + expect_access_check_on_result + + finder.find(result.id) + end + + it 'returns the issue' do + expect(finder.find(result.id)).to eq(result) + end + end + + describe '#find_by' do + it 'checks the accessibility of the subject directly' do + expect_access_check_on_result + + finder.find_by(id: result.id) + end + end + + describe '#find_by!' do + it 'checks the accessibility of the subject directly' do + expect_access_check_on_result + + finder.find_by!(id: result.id) + end + + it 're-enables the check after the find failed' do + finder.find_by!(id: 9999) rescue ActiveRecord::RecordNotFound + + expect(finder.instance_variable_get(:@should_skip_cross_project_check)) + .to eq(false) + end + end + end + + context 'when the user can read cross project' do + before do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) + .and_return(true) + end + + it 'returns the result' do + expect(finder).not_to receive(:requires_access?) + + expect(finder.execute).to include(result) + end + end +end diff --git a/spec/finders/events_finder_spec.rb b/spec/finders/events_finder_spec.rb index 18d6c0cfd74..62968e83292 100644 --- a/spec/finders/events_finder_spec.rb +++ b/spec/finders/events_finder_spec.rb @@ -26,6 +26,14 @@ describe EventsFinder do expect(events).not_to include(opened_merge_request_event) end + + it 'returns nothing when the current user cannot read cross project' do + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + events = described_class.new(source: user, current_user: user).execute + + expect(events).to be_empty + end end context 'when targeting a project' do diff --git a/spec/finders/milestones_finder_spec.rb b/spec/finders/milestones_finder_spec.rb index 0b3cf7ece5f..656d120311a 100644 --- a/spec/finders/milestones_finder_spec.rb +++ b/spec/finders/milestones_finder_spec.rb @@ -70,4 +70,12 @@ describe MilestonesFinder do expect(result.to_a).to contain_exactly(milestone_1) end end + + describe '#find_by' do + it 'finds a single milestone' do + finder = described_class.new(project_ids: [project_1.id], state: 'all') + + expect(finder.find_by(iid: milestone_3.iid)).to eq(milestone_3) + end + end end diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb index 54a07eccaba..1ae0bd988f2 100644 --- a/spec/finders/snippets_finder_spec.rb +++ b/spec/finders/snippets_finder_spec.rb @@ -162,8 +162,26 @@ describe SnippetsFinder do end end - describe "#execute" do - # Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb - include_examples 'snippet visibility', described_class + describe '#execute' do + let(:project) { create(:project, :public) } + let!(:project_snippet) { create(:project_snippet, :public, project: project) } + let!(:personal_snippet) { create(:personal_snippet, :public) } + let(:user) { create(:user) } + subject(:finder) { described_class.new(user) } + + it 'returns project- and personal snippets' do + expect(finder.execute).to contain_exactly(project_snippet, personal_snippet) + end + + context 'when the user cannot read cross project' do + before do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + end + + it 'returns only personal snippets when the user cannot read cross project' do + expect(finder.execute).to contain_exactly(personal_snippet) + end + end end end diff --git a/spec/finders/user_recent_events_finder_spec.rb b/spec/finders/user_recent_events_finder_spec.rb new file mode 100644 index 00000000000..3ca0f7c3c89 --- /dev/null +++ b/spec/finders/user_recent_events_finder_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +describe UserRecentEventsFinder do + let(:user) { create(:user) } + let(:project) { create(:project) } + let(:project_owner) { project.creator } + let!(:event) { create(:event, project: project, author: project_owner) } + + subject(:finder) { described_class.new(user, project_owner) } + + describe '#execute' do + it 'does not include the event when a user does not have access to the project' do + expect(finder.execute).to be_empty + end + + context 'when the user has access to a project' do + before do + project.add_developer(user) + end + + it 'includes the event' do + expect(finder.execute).to include(event) + end + + it 'does not include the event if the user cannot read cross project' do + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + expect(finder.execute).to be_empty + end + end + end +end diff --git a/spec/helpers/dashboard_helper_spec.rb b/spec/helpers/dashboard_helper_spec.rb new file mode 100644 index 00000000000..7ba24ba2956 --- /dev/null +++ b/spec/helpers/dashboard_helper_spec.rb @@ -0,0 +1,24 @@ +require 'spec_helper' + +describe DashboardHelper do + let(:user) { build(:user) } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?) { true } + end + + describe '#dashboard_nav_links' do + it 'has all the expected links by default' do + menu_items = [:projects, :groups, :activity, :milestones, :snippets] + + expect(helper.dashboard_nav_links).to contain_exactly(*menu_items) + end + + it 'does not contain cross project elements when the user cannot read cross project' do + expect(helper).to receive(:can?).with(user, :read_cross_project) { false } + + expect(helper.dashboard_nav_links).not_to include(:activity, :milestones) + end + end +end diff --git a/spec/helpers/explore_helper_spec.rb b/spec/helpers/explore_helper_spec.rb new file mode 100644 index 00000000000..12651d80e36 --- /dev/null +++ b/spec/helpers/explore_helper_spec.rb @@ -0,0 +1,18 @@ +require 'spec_helper' + +describe ExploreHelper do + let(:user) { build(:user) } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?) { true } + end + + describe '#explore_nav_links' do + it 'has all the expected links by default' do + menu_items = [:projects, :groups, :snippets] + + expect(helper.explore_nav_links).to contain_exactly(*menu_items) + end + end +end diff --git a/spec/helpers/groups_helper_spec.rb b/spec/helpers/groups_helper_spec.rb index 5f608fe18d9..b48c252acd3 100644 --- a/spec/helpers/groups_helper_spec.rb +++ b/spec/helpers/groups_helper_spec.rb @@ -201,4 +201,39 @@ describe GroupsHelper do end end end + + describe '#group_sidebar_links' do + let(:group) { create(:group, :public) } + let(:user) { create(:user) } + before do + allow(helper).to receive(:current_user) { user } + allow(helper).to receive(:can?) { true } + helper.instance_variable_set(:@group, group) + end + + it 'returns all the expected links' do + links = [ + :overview, :activity, :issues, :labels, :milestones, :merge_requests, + :group_members, :settings + ] + + expect(helper.group_sidebar_links).to include(*links) + end + + it 'includes settings when the user can admin the group' do + expect(helper).to receive(:current_user) { user } + expect(helper).to receive(:can?).with(user, :admin_group, group) { false } + + expect(helper.group_sidebar_links).not_to include(:settings) + end + + it 'excludes cross project features when the user cannot read cross project' do + cross_project_features = [:activity, :issues, :labels, :milestones, + :merge_requests] + + expect(helper).to receive(:can?).with(user, :read_cross_project) { false } + + expect(helper.group_sidebar_links).not_to include(*cross_project_features) + end + end end diff --git a/spec/helpers/issues_helper_spec.rb b/spec/helpers/issues_helper_spec.rb index ddf881a7b6f..aeef5352333 100644 --- a/spec/helpers/issues_helper_spec.rb +++ b/spec/helpers/issues_helper_spec.rb @@ -113,21 +113,6 @@ describe IssuesHelper do end end - describe "milestone_options" do - it "gets closed milestone from current issue" do - closed_milestone = create(:closed_milestone, project: project) - milestone1 = create(:milestone, project: project) - milestone2 = create(:milestone, project: project) - issue.update_attributes(milestone_id: closed_milestone.id) - - options = milestone_options(issue) - - expect(options).to have_selector('option[selected]', text: closed_milestone.title) - expect(options).to have_selector('option', text: milestone1.title) - expect(options).to have_selector('option', text: milestone2.title) - end - end - describe "#link_to_discussions_to_resolve" do describe "passing only a merge request" do let(:merge_request) { create(:merge_request) } diff --git a/spec/helpers/nav_helper_spec.rb b/spec/helpers/nav_helper_spec.rb new file mode 100644 index 00000000000..e840c927d59 --- /dev/null +++ b/spec/helpers/nav_helper_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe NavHelper do + describe '#header_links' do + before do + allow(helper).to receive(:session) { {} } + end + + context 'when the user is logged in' do + let(:user) { build(:user) } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?) { true } + end + + it 'has all the expected links by default' do + menu_items = [:user_dropdown, :search, :issues, :merge_requests, :todos] + + expect(helper.header_links).to contain_exactly(*menu_items) + end + + it 'contains the impersonation link while impersonating' do + expect(helper).to receive(:session) { { impersonator_id: 1 } } + + expect(helper.header_links).to include(:admin_impersonation) + end + + context 'when the user cannot read cross project' do + before do + allow(helper).to receive(:can?).with(user, :read_cross_project) { false } + end + + it 'does not contain cross project elements when the user cannot read cross project' do + expect(helper.header_links).not_to include(:issues, :merge_requests, :todos, :search) + end + + it 'shows the search box when the user cannot read cross project and he is visiting a project' do + helper.instance_variable_set(:@project, create(:project)) + + expect(helper.header_links).to include(:search) + end + end + end + + it 'returns only the sign in and search when the user is not logged in' do + allow(helper).to receive(:current_user).and_return(nil) + allow(helper).to receive(:can?).with(nil, :read_cross_project) { true } + + expect(helper.header_links).to contain_exactly(:sign_in, :search) + end + end +end diff --git a/spec/helpers/preferences_helper_spec.rb b/spec/helpers/preferences_helper_spec.rb index 749aa25e632..e2a0c4322ff 100644 --- a/spec/helpers/preferences_helper_spec.rb +++ b/spec/helpers/preferences_helper_spec.rb @@ -77,103 +77,6 @@ describe PreferencesHelper do end end - describe '#default_project_view' do - context 'user not signed in' do - before do - helper.instance_variable_set(:@project, project) - stub_user - end - - context 'when repository is empty' do - let(:project) { create(:project_empty_repo, :public) } - - it 'returns activity if user has repository access' do - allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true) - - expect(helper.default_project_view).to eq('activity') - end - - it 'returns activity if user does not have repository access' do - allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false) - - expect(helper.default_project_view).to eq('activity') - end - end - - context 'when repository is not empty' do - let(:project) { create(:project, :public, :repository) } - - it 'returns files and readme if user has repository access' do - allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true) - - expect(helper.default_project_view).to eq('files') - end - - it 'returns activity if user does not have repository access' do - allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false) - - expect(helper.default_project_view).to eq('activity') - end - end - end - - context 'user signed in' do - let(:user) { create(:user, :readme) } - let(:project) { create(:project, :public, :repository) } - - before do - helper.instance_variable_set(:@project, project) - allow(helper).to receive(:current_user).and_return(user) - end - - context 'when the user is allowed to see the code' do - it 'returns the project view' do - allow(helper).to receive(:can?).with(user, :download_code, project).and_return(true) - - expect(helper.default_project_view).to eq('readme') - end - end - - context 'with wikis enabled and the right policy for the user' do - before do - project.project_feature.update_attribute(:issues_access_level, 0) - allow(helper).to receive(:can?).with(user, :download_code, project).and_return(false) - end - - it 'returns wiki if the user has the right policy' do - allow(helper).to receive(:can?).with(user, :read_wiki, project).and_return(true) - - expect(helper.default_project_view).to eq('wiki') - end - - it 'returns customize_workflow if the user does not have the right policy' do - allow(helper).to receive(:can?).with(user, :read_wiki, project).and_return(false) - - expect(helper.default_project_view).to eq('customize_workflow') - end - end - - context 'with issues as a feature available' do - it 'return issues' do - allow(helper).to receive(:can?).with(user, :download_code, project).and_return(false) - allow(helper).to receive(:can?).with(user, :read_wiki, project).and_return(false) - - expect(helper.default_project_view).to eq('projects/issues/issues') - end - end - - context 'with no activity, no wikies and no issues' do - it 'returns customize_workflow as default' do - project.project_feature.update_attribute(:issues_access_level, 0) - allow(helper).to receive(:can?).with(user, :download_code, project).and_return(false) - allow(helper).to receive(:can?).with(user, :read_wiki, project).and_return(false) - - expect(helper.default_project_view).to eq('customize_workflow') - end - end - end - end - def stub_user(messages = {}) if messages.empty? allow(helper).to receive(:current_user).and_return(nil) diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb index b67fee2fcc0..ce96e90e2d7 100644 --- a/spec/helpers/projects_helper_spec.rb +++ b/spec/helpers/projects_helper_spec.rb @@ -75,6 +75,12 @@ describe ProjectsHelper do describe "#project_list_cache_key", :clean_gitlab_redis_shared_state do let(:project) { create(:project, :repository) } + let(:user) { create(:user) } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?).with(user, :read_cross_project) { true } + end it "includes the route" do expect(helper.project_list_cache_key(project)).to include(project.route.cache_key) @@ -106,6 +112,10 @@ describe ProjectsHelper do expect(helper.project_list_cache_key(project).last).to start_with('v') end + it 'includes wether or not the user can read cross project' do + expect(helper.project_list_cache_key(project)).to include('cross-project:true') + end + it "includes the pipeline status when there is a status" do create(:ci_pipeline, :success, project: project, sha: project.commit.sha) @@ -264,32 +274,6 @@ describe ProjectsHelper do end end - describe '#license_short_name' do - let(:project) { create(:project) } - - context 'when project.repository has a license_key' do - it 'returns the nickname of the license if present' do - allow(project.repository).to receive(:license_key).and_return('agpl-3.0') - - expect(helper.license_short_name(project)).to eq('GNU AGPLv3') - end - - it 'returns the name of the license if nickname is not present' do - allow(project.repository).to receive(:license_key).and_return('mit') - - expect(helper.license_short_name(project)).to eq('MIT License') - end - end - - context 'when project.repository has no license_key but a license_blob' do - it 'returns LICENSE' do - allow(project.repository).to receive(:license_key).and_return(nil) - - expect(helper.license_short_name(project)).to eq('LICENSE') - end - end - end - describe '#sanitized_import_error' do let(:project) { create(:project, :repository) } @@ -462,6 +446,22 @@ describe ProjectsHelper do end end + describe('#push_to_create_project_command') do + let(:user) { create(:user, username: 'john') } + + it 'returns the command to push to create project over HTTP' do + allow(Gitlab::CurrentSettings.current_application_settings).to receive(:enabled_git_access_protocol) { 'http' } + + expect(helper.push_to_create_project_command(user)).to eq('git push --set-upstream http://test.host/john/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD)') + end + + it 'returns the command to push to create project over SSH' do + allow(Gitlab::CurrentSettings.current_application_settings).to receive(:enabled_git_access_protocol) { 'ssh' } + + expect(helper.push_to_create_project_command(user)).to eq('git push --set-upstream git@localhost:john/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD)') + end + end + describe '#any_projects?' do let!(:project) { create(:project) } diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb index 03f78de8e91..6332217b920 100644 --- a/spec/helpers/users_helper_spec.rb +++ b/spec/helpers/users_helper_spec.rb @@ -14,4 +14,17 @@ describe UsersHelper do is_expected.to include("title=\"#{user.email}\"") end end + + describe '#profile_tabs' do + subject(:tabs) { helper.profile_tabs } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?).and_return(true) + end + + it 'includes all the expected tabs' do + expect(tabs).to include(:activity, :groups, :contributed, :projects, :snippets) + end + end end diff --git a/spec/lib/banzai/commit_renderer_spec.rb b/spec/lib/banzai/commit_renderer_spec.rb index 84adaebdcbe..e7ebb2a332f 100644 --- a/spec/lib/banzai/commit_renderer_spec.rb +++ b/spec/lib/banzai/commit_renderer_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe Banzai::CommitRenderer do describe '.render' do it 'renders a commit description and title' do - user = double(:user) + user = build(:user) project = create(:project, :repository) expect(Banzai::ObjectRenderer).to receive(:new).with(project, user).and_call_original diff --git a/spec/lib/banzai/filter/issuable_state_filter_spec.rb b/spec/lib/banzai/filter/issuable_state_filter_spec.rb index cacb33d3372..17347768a49 100644 --- a/spec/lib/banzai/filter/issuable_state_filter_spec.rb +++ b/spec/lib/banzai/filter/issuable_state_filter_spec.rb @@ -77,6 +77,14 @@ describe Banzai::Filter::IssuableStateFilter do expect(doc.css('a').last.text).to eq("#{closed_issue.to_reference(other_project)} (closed)") end + it 'skips cross project references if the user cannot read cross project' do + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + link = create_link(closed_issue.to_reference(other_project), issue: closed_issue.id, reference_type: 'issue') + doc = filter(link, context.merge(project: other_project)) + + expect(doc.css('a').last.text).to eq("#{closed_issue.to_reference(other_project)}") + end + it 'does not append state when filter is not enabled' do link = create_link('text', issue: closed_issue.id, reference_type: 'issue') context = { current_user: user } diff --git a/spec/lib/banzai/filter/redactor_filter_spec.rb b/spec/lib/banzai/filter/redactor_filter_spec.rb index 5a7858e77f3..9a2e521fdcf 100644 --- a/spec/lib/banzai/filter/redactor_filter_spec.rb +++ b/spec/lib/banzai/filter/redactor_filter_spec.rb @@ -6,7 +6,7 @@ describe Banzai::Filter::RedactorFilter do it 'ignores non-GFM links' do html = %(See <a href="https://google.com/">Google</a>) - doc = filter(html, current_user: double) + doc = filter(html, current_user: build(:user)) expect(doc.css('a').length).to eq 1 end diff --git a/spec/lib/banzai/redactor_spec.rb b/spec/lib/banzai/redactor_spec.rb index 2424c3fdc66..1fa89137972 100644 --- a/spec/lib/banzai/redactor_spec.rb +++ b/spec/lib/banzai/redactor_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe Banzai::Redactor do - let(:user) { build(:user) } + let(:user) { create(:user) } let(:project) { build(:project) } let(:redactor) { described_class.new(project, user) } @@ -88,6 +88,55 @@ describe Banzai::Redactor do end end + context 'when the user cannot read cross project' do + include ActionView::Helpers::UrlHelper + let(:project) { create(:project) } + let(:other_project) { create(:project, :public) } + + def create_link(issuable) + type = issuable.class.name.underscore.downcase + link_to(issuable.to_reference, '', + class: 'gfm has-tooltip', + title: issuable.title, + data: { + reference_type: type, + "#{type}": issuable.id + }) + end + + before do + project.add_developer(user) + + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global) { false } + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + end + + it 'skips links to issues within the same project' do + issue = create(:issue, project: project) + link = create_link(issue) + doc = Nokogiri::HTML.fragment(link) + + redactor.redact([doc]) + result = doc.css('a').last + + expect(result['class']).to include('has-tooltip') + expect(result['title']).to eq(issue.title) + end + + it 'removes info from a cross project reference' do + issue = create(:issue, project: other_project) + link = create_link(issue) + doc = Nokogiri::HTML.fragment(link) + + redactor.redact([doc]) + result = doc.css('a').last + + expect(result['class']).not_to include('has-tooltip') + expect(result['title']).to be_empty + end + end + describe '#redact_nodes' do it 'redacts an Array of nodes' do doc = Nokogiri::HTML.fragment('<a href="foo">foo</a>') diff --git a/spec/lib/banzai/reference_parser/issue_parser_spec.rb b/spec/lib/banzai/reference_parser/issue_parser_spec.rb index 4cef3bdb24b..0a63567ee40 100644 --- a/spec/lib/banzai/reference_parser/issue_parser_spec.rb +++ b/spec/lib/banzai/reference_parser/issue_parser_spec.rb @@ -19,19 +19,58 @@ describe Banzai::ReferenceParser::IssueParser do it 'returns the nodes when the user can read the issue' do expect(Ability).to receive(:issues_readable_by_user) - .with([issue], user) - .and_return([issue]) + .with([issue], user) + .and_return([issue]) expect(subject.nodes_visible_to_user(user, [link])).to eq([link]) end it 'returns an empty Array when the user can not read the issue' do expect(Ability).to receive(:issues_readable_by_user) - .with([issue], user) - .and_return([]) + .with([issue], user) + .and_return([]) expect(subject.nodes_visible_to_user(user, [link])).to eq([]) end + + context 'when the user cannot read cross project' do + let(:issue) { create(:issue) } + + before do + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global) { false } + end + + it 'returns the nodes when the user can read the issue' do + expect(Ability).to receive(:allowed?) + .with(user, :read_issue_iid, issue) + .and_return(true) + + expect(subject.nodes_visible_to_user(user, [link])).to eq([link]) + end + + it 'returns an empty Array when the user can not read the issue' do + expect(Ability).to receive(:allowed?) + .with(user, :read_issue_iid, issue) + .and_return(false) + + expect(subject.nodes_visible_to_user(user, [link])).to eq([]) + end + + context 'when the issue is not cross project' do + let(:issue) { create(:issue, project: project) } + + it 'does not check `can_read_reference` if the issue is not cross project' do + expect(Ability).to receive(:issues_readable_by_user) + .with([issue], user) + .and_return([]) + + expect(subject).not_to receive(:can_read_reference?).with(user, issue) + + expect(subject.nodes_visible_to_user(user, [link])).to eq([]) + end + end + end end context 'when the link does not have a data-issue attribute' do diff --git a/spec/lib/gitlab/contributions_calendar_spec.rb b/spec/lib/gitlab/contributions_calendar_spec.rb index f1655854486..49a179ba875 100644 --- a/spec/lib/gitlab/contributions_calendar_spec.rb +++ b/spec/lib/gitlab/contributions_calendar_spec.rb @@ -118,6 +118,19 @@ describe Gitlab::ContributionsCalendar do expect(calendar.events_by_date(today)).to contain_exactly(e1) expect(calendar(contributor).events_by_date(today)).to contain_exactly(e1, e2, e3) end + + context 'when the user cannot read read cross project' do + before do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + end + + it 'does not return any events' do + create_event(public_project, today) + + expect(calendar(user).events_by_date(today)).to be_empty + end + end end describe '#starting_year' do diff --git a/spec/lib/gitlab/cross_project_access/check_collection_spec.rb b/spec/lib/gitlab/cross_project_access/check_collection_spec.rb new file mode 100644 index 00000000000..a9e7575240e --- /dev/null +++ b/spec/lib/gitlab/cross_project_access/check_collection_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' + +describe Gitlab::CrossProjectAccess::CheckCollection do + subject(:collection) { described_class.new } + + describe '#add_collection' do + it 'merges the checks of 2 collections' do + initial_check = double('check') + collection.add_check(initial_check) + + other_collection = described_class.new + other_check = double('other_check') + other_collection.add_check(other_check) + + shared_check = double('shared check') + other_collection.add_check(shared_check) + collection.add_check(shared_check) + + collection.add_collection(other_collection) + + expect(collection.checks).to contain_exactly(initial_check, shared_check, other_check) + end + end + + describe '#should_run?' do + def fake_check(run, skip) + check = double("Check: run=#{run} - skip={skip}") + allow(check).to receive(:should_run?).and_return(run) + allow(check).to receive(:should_skip?).and_return(skip) + allow(check).to receive(:skip).and_return(skip) + + check + end + + it 'returns true if one of the check says it should run' do + check = fake_check(true, false) + other_check = fake_check(false, false) + + collection.add_check(check) + collection.add_check(other_check) + + expect(collection.should_run?(double)).to be_truthy + end + + it 'returns false if one of the check says it should be skipped' do + check = fake_check(true, false) + other_check = fake_check(false, true) + + collection.add_check(check) + collection.add_check(other_check) + + expect(collection.should_run?(double)).to be_falsey + end + end +end diff --git a/spec/lib/gitlab/cross_project_access/check_info_spec.rb b/spec/lib/gitlab/cross_project_access/check_info_spec.rb new file mode 100644 index 00000000000..bc9dbf2bece --- /dev/null +++ b/spec/lib/gitlab/cross_project_access/check_info_spec.rb @@ -0,0 +1,111 @@ +require 'spec_helper' + +describe Gitlab::CrossProjectAccess::CheckInfo do + let(:dummy_controller) { double } + + before do + allow(dummy_controller).to receive(:action_name).and_return('index') + end + + describe '#should_run?' do + it 'runs when an action is defined' do + info = described_class.new({ index: true }, nil, nil, false) + + expect(info.should_run?(dummy_controller)).to be_truthy + end + + it 'runs when the action is missing' do + info = described_class.new({}, nil, nil, false) + + expect(info.should_run?(dummy_controller)).to be_truthy + end + + it 'does not run when the action is excluded' do + info = described_class.new({ index: false }, nil, nil, false) + + expect(info.should_run?(dummy_controller)).to be_falsy + end + + it 'runs when the `if` conditional is true' do + info = described_class.new({}, -> { true }, nil, false) + + expect(info.should_run?(dummy_controller)).to be_truthy + end + + it 'does not run when the if condition is false' do + info = described_class.new({}, -> { false }, nil, false) + + expect(info.should_run?(dummy_controller)).to be_falsy + end + + it 'does not run when the `unless` check is true' do + info = described_class.new({}, nil, -> { true }, false) + + expect(info.should_run?(dummy_controller)).to be_falsy + end + + it 'runs when the `unless` check is false' do + info = described_class.new({}, nil, -> { false }, false) + + expect(info.should_run?(dummy_controller)).to be_truthy + end + + it 'returns the the oposite of #should_skip? when the check is a skip' do + info = described_class.new({}, nil, nil, true) + + expect(info).to receive(:should_skip?).with(dummy_controller).and_return(false) + expect(info.should_run?(dummy_controller)).to be_truthy + end + end + + describe '#should_skip?' do + it 'skips when an action is defined' do + info = described_class.new({ index: true }, nil, nil, true) + + expect(info.should_skip?(dummy_controller)).to be_truthy + end + + it 'does not skip when the action is not defined' do + info = described_class.new({}, nil, nil, true) + + expect(info.should_skip?(dummy_controller)).to be_falsy + end + + it 'does not skip when the action is excluded' do + info = described_class.new({ index: false }, nil, nil, true) + + expect(info.should_skip?(dummy_controller)).to be_falsy + end + + it 'skips when the `if` conditional is true' do + info = described_class.new({ index: true }, -> { true }, nil, true) + + expect(info.should_skip?(dummy_controller)).to be_truthy + end + + it 'does not skip the `if` conditional is false' do + info = described_class.new({ index: true }, -> { false }, nil, true) + + expect(info.should_skip?(dummy_controller)).to be_falsy + end + + it 'does not skip when the `unless` check is true' do + info = described_class.new({ index: true }, nil, -> { true }, true) + + expect(info.should_skip?(dummy_controller)).to be_falsy + end + + it 'skips when `unless` check is false' do + info = described_class.new({ index: true }, nil, -> { false }, true) + + expect(info.should_skip?(dummy_controller)).to be_truthy + end + + it 'returns the the oposite of #should_run? when the check is not a skip' do + info = described_class.new({}, nil, nil, false) + + expect(info).to receive(:should_run?).with(dummy_controller).and_return(false) + expect(info.should_skip?(dummy_controller)).to be_truthy + end + end +end diff --git a/spec/lib/gitlab/cross_project_access/class_methods_spec.rb b/spec/lib/gitlab/cross_project_access/class_methods_spec.rb new file mode 100644 index 00000000000..5349685e633 --- /dev/null +++ b/spec/lib/gitlab/cross_project_access/class_methods_spec.rb @@ -0,0 +1,46 @@ +require 'spec_helper' + +describe Gitlab::CrossProjectAccess::ClassMethods do + let(:dummy_class) do + Class.new do + extend Gitlab::CrossProjectAccess::ClassMethods + end + end + let(:dummy_proc) { lambda { false } } + + describe '#requires_cross_project_access' do + it 'creates a correct check when a hash is passed' do + expect(Gitlab::CrossProjectAccess) + .to receive(:add_check).with(dummy_class, + actions: { hello: true, world: false }, + positive_condition: dummy_proc, + negative_condition: dummy_proc) + + dummy_class.requires_cross_project_access( + hello: true, world: false, if: dummy_proc, unless: dummy_proc + ) + end + + it 'creates a correct check when an array is passed' do + expect(Gitlab::CrossProjectAccess) + .to receive(:add_check).with(dummy_class, + actions: { hello: true, world: true }, + positive_condition: nil, + negative_condition: nil) + + dummy_class.requires_cross_project_access(:hello, :world) + end + + it 'creates a correct check when an array and a hash is passed' do + expect(Gitlab::CrossProjectAccess) + .to receive(:add_check).with(dummy_class, + actions: { hello: true, world: true }, + positive_condition: dummy_proc, + negative_condition: dummy_proc) + + dummy_class.requires_cross_project_access( + :hello, :world, if: dummy_proc, unless: dummy_proc + ) + end + end +end diff --git a/spec/lib/gitlab/cross_project_access_spec.rb b/spec/lib/gitlab/cross_project_access_spec.rb new file mode 100644 index 00000000000..614b0473c7e --- /dev/null +++ b/spec/lib/gitlab/cross_project_access_spec.rb @@ -0,0 +1,84 @@ +require 'spec_helper' + +describe Gitlab::CrossProjectAccess do + let(:super_class) { Class.new } + let(:descendant_class) { Class.new(super_class) } + let(:current_instance) { described_class.new } + + before do + allow(described_class).to receive(:instance).and_return(current_instance) + end + + describe '#add_check' do + it 'keeps track of the properties to check' do + expect do + described_class.add_check(super_class, + actions: { index: true }, + positive_condition: -> { true }, + negative_condition: -> { false }) + end.to change { described_class.checks.size }.by(1) + end + + it 'builds the check correctly' do + check_collection = described_class.add_check(super_class, + actions: { index: true }, + positive_condition: -> { 'positive' }, + negative_condition: -> { 'negative' }) + + check = check_collection.checks.first + + expect(check.actions).to eq(index: true) + expect(check.positive_condition.call).to eq('positive') + expect(check.negative_condition.call).to eq('negative') + end + + it 'merges the checks of a parent class into existing checks of a subclass' do + subclass_collection = described_class.add_check(descendant_class) + + expect(subclass_collection).to receive(:add_collection).and_call_original + + described_class.add_check(super_class) + end + + it 'merges the existing checks of a superclass into the checks of a subclass' do + super_collection = described_class.add_check(super_class) + descendant_collection = described_class.add_check(descendant_class) + + expect(descendant_collection.checks).to include(*super_collection.checks) + end + end + + describe '#find_check' do + it 'returns a check when it was defined for a superclass' do + expected_check = described_class.add_check(super_class, + actions: { index: true }, + positive_condition: -> { 'positive' }, + negative_condition: -> { 'negative' }) + + expect(described_class.find_check(descendant_class.new)) + .to eq(expected_check) + end + + it 'caches the result for a subclass' do + described_class.add_check(super_class, + actions: { index: true }, + positive_condition: -> { 'positive' }, + negative_condition: -> { 'negative' }) + + expect(described_class.instance).to receive(:closest_parent).once.and_call_original + + 2.times { described_class.find_check(descendant_class.new) } + end + + it 'returns the checks for the closest class if there are more checks available' do + described_class.add_check(super_class, + actions: { index: true }) + expected_check = described_class.add_check(descendant_class, + actions: { index: true, show: false }) + + check = described_class.find_check(descendant_class.new) + + expect(check).to eq(expected_check) + end + end +end diff --git a/spec/lib/gitlab/diff/highlight_spec.rb b/spec/lib/gitlab/diff/highlight_spec.rb index cd602ccab8e..73d60c021c8 100644 --- a/spec/lib/gitlab/diff/highlight_spec.rb +++ b/spec/lib/gitlab/diff/highlight_spec.rb @@ -72,6 +72,28 @@ describe Gitlab::Diff::Highlight do expect(subject[5].text).to eq(code) expect(subject[5].text).to be_html_safe end + + context 'when the inline diff marker has an invalid range' do + before do + allow_any_instance_of(Gitlab::Diff::InlineDiffMarker).to receive(:mark).and_raise(RangeError) + end + + it 'keeps the original rich line' do + code = %q{+ raise RuntimeError, "System commands must be given as an array of strings"} + + expect(subject[5].text).to eq(code) + expect(subject[5].text).not_to be_html_safe + end + + it 'reports to Sentry if configured' do + allow(Gitlab::Sentry).to receive(:enabled?).and_return(true) + + expect(Gitlab::Sentry).to receive(:context) + expect(Raven).to receive(:capture_exception) + + subject + end + end end end end diff --git a/spec/lib/google_api/cloud_platform/client_spec.rb b/spec/lib/google_api/cloud_platform/client_spec.rb index f65e41dfea3..db9d9158b29 100644 --- a/spec/lib/google_api/cloud_platform/client_spec.rb +++ b/spec/lib/google_api/cloud_platform/client_spec.rb @@ -115,6 +115,9 @@ describe GoogleApi::CloudPlatform::Client do "initial_node_count": cluster_size, "node_config": { "machine_type": machine_type + }, + "legacy_abac": { + "enabled": true } } } ) diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 38fb98d4f50..cd175dba6da 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -204,6 +204,78 @@ describe Ability do end end + describe '.merge_requests_readable_by_user' do + context 'with an admin' do + it 'returns all merge requests' do + user = build(:user, admin: true) + merge_request = build(:merge_request) + + expect(described_class.merge_requests_readable_by_user([merge_request], user)) + .to eq([merge_request]) + end + end + + context 'without a user' do + it 'returns merge_requests that are publicly visible' do + hidden_merge_request = build(:merge_request) + visible_merge_request = build(:merge_request, source_project: build(:project, :public)) + + merge_requests = described_class + .merge_requests_readable_by_user([hidden_merge_request, visible_merge_request]) + + expect(merge_requests).to eq([visible_merge_request]) + end + end + + context 'with a user' do + let(:user) { create(:user) } + let(:project) { create(:project) } + let(:merge_request) { create(:merge_request, source_project: project) } + let(:cross_project_merge_request) do + create(:merge_request, source_project: create(:project, :public)) + end + let(:other_merge_request) { create(:merge_request) } + let(:all_merge_requests) do + [merge_request, cross_project_merge_request, other_merge_request] + end + + subject(:readable_merge_requests) do + described_class.merge_requests_readable_by_user(all_merge_requests, user) + end + + before do + project.add_developer(user) + end + + it 'returns projects visible to the user' do + expect(readable_merge_requests).to contain_exactly(merge_request, cross_project_merge_request) + end + + context 'when a user cannot read cross project and a filter is passed' do + before do + allow(described_class).to receive(:allowed?).and_call_original + expect(described_class).to receive(:allowed?).with(user, :read_cross_project) { false } + end + + subject(:readable_merge_requests) do + read_cross_project_filter = -> (merge_requests) do + merge_requests.select { |mr| mr.source_project == project } + end + described_class.merge_requests_readable_by_user( + all_merge_requests, user, + filters: { read_cross_project: read_cross_project_filter } + ) + end + + it 'returns only MRs of the specified project without checking access on others' do + expect(described_class).not_to receive(:allowed?).with(user, :read_merge_request, cross_project_merge_request) + + expect(readable_merge_requests).to contain_exactly(merge_request) + end + end + end + end + describe '.issues_readable_by_user' do context 'with an admin user' do it 'returns all given issues' do @@ -250,6 +322,29 @@ describe Ability do expect(issues).to eq([visible_issue]) end end + + context 'when the user cannot read cross project' do + let(:user) { create(:user) } + let(:issue) { create(:issue) } + let(:other_project_issue) { create(:issue) } + let(:project) { issue.project } + + before do + project.add_developer(user) + + allow(described_class).to receive(:allowed?).and_call_original + allow(described_class).to receive(:allowed?).with(user, :read_cross_project, any_args) { false } + end + + it 'excludes issues from other projects whithout checking separatly when passing a scope' do + expect(described_class).not_to receive(:allowed?).with(user, :read_issue, other_project_issue) + + filters = { read_cross_project: -> (issues) { issues.where(project: project) } } + result = described_class.issues_readable_by_user(Issue.all, user, filters: filters) + + expect(result).to contain_exactly(issue) + end + end end describe '.project_disabled_features_rules' do diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index 2b6b6a61182..c27313ed88b 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -277,7 +277,7 @@ describe Ci::Build do allow_any_instance_of(Project).to receive(:jobs_cache_index).and_return(1) end - it { is_expected.to be_an(Array).and all(include(key: "key_1")) } + it { is_expected.to be_an(Array).and all(include(key: "key-1")) } end context 'when project does not have jobs_cache_index' do diff --git a/spec/models/concerns/protected_ref_access_spec.rb b/spec/models/concerns/protected_ref_access_spec.rb new file mode 100644 index 00000000000..a62ca391e25 --- /dev/null +++ b/spec/models/concerns/protected_ref_access_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +describe ProtectedRefAccess do + subject(:protected_ref_access) do + create(:protected_branch, :masters_can_push).push_access_levels.first + end + + let(:project) { protected_ref_access.project } + + describe '#check_access' do + it 'is always true for admins' do + admin = create(:admin) + + expect(protected_ref_access.check_access(admin)).to be_truthy + end + + it 'is true for masters' do + master = create(:user) + project.add_master(master) + + expect(protected_ref_access.check_access(master)).to be_truthy + end + + it 'is for developers of the project' do + developer = create(:user) + project.add_developer(developer) + + expect(protected_ref_access.check_access(developer)).to be_falsy + end + end +end diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index f5c9f551e65..feed7968f09 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -221,27 +221,55 @@ describe Issue do end describe '#referenced_merge_requests' do - it 'returns the referenced merge requests' do - project = create(:project, :public) - - mr1 = create(:merge_request, - source_project: project, - source_branch: 'master', - target_branch: 'feature') + let(:project) { create(:project, :public) } + let(:issue) do + create(:issue, description: merge_request.to_reference, project: project) + end + let!(:merge_request) do + create(:merge_request, + source_project: project, + source_branch: 'master', + target_branch: 'feature') + end + it 'returns the referenced merge requests' do mr2 = create(:merge_request, source_project: project, source_branch: 'feature', target_branch: 'master') - issue = create(:issue, description: mr1.to_reference, project: project) - create(:note_on_issue, noteable: issue, note: mr2.to_reference, project_id: project.id) - expect(issue.referenced_merge_requests).to eq([mr1, mr2]) + expect(issue.referenced_merge_requests).to eq([merge_request, mr2]) + end + + it 'returns cross project referenced merge requests' do + other_project = create(:project, :public) + cross_project_merge_request = create(:merge_request, source_project: other_project) + create(:note_on_issue, + noteable: issue, + note: cross_project_merge_request.to_reference(issue.project), + project_id: issue.project.id) + + expect(issue.referenced_merge_requests).to eq([merge_request, cross_project_merge_request]) + end + + it 'excludes cross project references if the user cannot read cross project' do + user = create(:user) + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + other_project = create(:project, :public) + cross_project_merge_request = create(:merge_request, source_project: other_project) + create(:note_on_issue, + noteable: issue, + note: cross_project_merge_request.to_reference(issue.project), + project_id: issue.project.id) + + expect(issue.referenced_merge_requests(user)).to eq([merge_request]) end end @@ -309,7 +337,7 @@ describe Issue do end describe '#related_branches' do - let(:user) { build(:admin) } + let(:user) { create(:admin) } before do allow(subject.project.repository).to receive(:branch_names) diff --git a/spec/models/notification_recipient_spec.rb b/spec/models/notification_recipient_spec.rb new file mode 100644 index 00000000000..eda0e1da835 --- /dev/null +++ b/spec/models/notification_recipient_spec.rb @@ -0,0 +1,16 @@ +require 'spec_helper' + +describe NotificationRecipient do + let(:user) { create(:user) } + let(:project) { create(:project, namespace: user.namespace) } + let(:target) { create(:issue, project: project) } + + subject(:recipient) { described_class.new(user, :watch, target: target, project: project) } + + it 'denies access to a target when cross project access is denied' do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(false) + + expect(recipient.has_access?).to be_falsy + end +end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index ee04d74d848..56c2d7b953e 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -1473,6 +1473,13 @@ describe Project do expect(project.user_can_push_to_empty_repo?(user)).to be_truthy end + + it 'returns false when the repo is not empty' do + project.add_master(user) + expect(project).to receive(:empty_repo?).and_return(false) + + expect(project.user_can_push_to_empty_repo?(user)).to be_falsey + end end describe '#container_registry_url' do diff --git a/spec/policies/issuable_policy_spec.rb b/spec/policies/issuable_policy_spec.rb index 2cf669e8191..d1bf98995e7 100644 --- a/spec/policies/issuable_policy_spec.rb +++ b/spec/policies/issuable_policy_spec.rb @@ -1,12 +1,14 @@ require 'spec_helper' describe IssuablePolicy, models: true do + let(:user) { create(:user) } + let(:project) { create(:project, :public) } + let(:issue) { create(:issue, project: project) } + let(:policies) { described_class.new(user, issue) } + describe '#rules' do context 'when discussion is locked for the issuable' do - let(:user) { create(:user) } - let(:project) { create(:project, :public) } let(:issue) { create(:issue, project: project, discussion_locked: true) } - let(:policies) { described_class.new(user, issue) } context 'when the user is not a project member' do it 'can not create a note' do diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb index a4af9361ea6..793b724bfca 100644 --- a/spec/policies/issue_policy_spec.rb +++ b/spec/policies/issue_policy_spec.rb @@ -30,41 +30,41 @@ describe IssuePolicy do end it 'does not allow non-members to read issues' do - expect(permissions(non_member, issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(non_member, issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(non_member, issue)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(non_member, issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows guests to read issues' do - expect(permissions(guest, issue)).to be_allowed(:read_issue) + expect(permissions(guest, issue)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue) - expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end it 'allows reporters to read, update, and admin issues' do - expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporters from group links to read, update, and admin issues' do - expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue authors to read and update their issues' do - expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(author, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(author, issue)).to be_disallowed(:admin_issue) - expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end it 'allows issue assignees to read and update their issues' do - expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(assignee, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(assignee, issue)).to be_disallowed(:admin_issue) - expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end @@ -73,37 +73,37 @@ describe IssuePolicy do let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) } it 'does not allow non-members to read confidential issues' do - expect(permissions(non_member, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(non_member, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(non_member, confidential_issue)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(non_member, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'does not allow guests to read confidential issues' do - expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporters to read, update, and admin confidential issues' do - expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporters from group links to read, update, and admin confidential issues' do - expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue authors to read and update their confidential issues' do - expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue) - expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue assignees to read and update their confidential issues' do - expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue) - expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end end end @@ -123,36 +123,36 @@ describe IssuePolicy do end it 'allows guests to read issues' do - expect(permissions(guest, issue)).to be_allowed(:read_issue) + expect(permissions(guest, issue)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue) - expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end it 'allows reporters to read, update, and admin issues' do - expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporters from group links to read, update, and admin issues' do - expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue authors to read and update their issues' do - expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(author, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(author, issue)).to be_disallowed(:admin_issue) - expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end it 'allows issue assignees to read and update their issues' do - expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(assignee, issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(assignee, issue)).to be_disallowed(:admin_issue) - expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue) + expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue) end @@ -161,32 +161,32 @@ describe IssuePolicy do let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) } it 'does not allow guests to read confidential issues' do - expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporters to read, update, and admin confidential issues' do - expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows reporter from group links to read, update, and admin confidential issues' do - expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue) - expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) + expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue authors to read and update their confidential issues' do - expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue) - expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end it 'allows issue assignees to read and update their confidential issues' do - expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue) + expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :read_issue_iid, :update_issue) expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue) - expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue) + expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue) end end end diff --git a/spec/presenters/project_presenter_spec.rb b/spec/presenters/project_presenter_spec.rb new file mode 100644 index 00000000000..f8c93d91ec5 --- /dev/null +++ b/spec/presenters/project_presenter_spec.rb @@ -0,0 +1,397 @@ +require 'spec_helper' + +describe ProjectPresenter do + let(:user) { create(:user) } + + describe '#license_short_name' do + let(:project) { create(:project) } + let(:presenter) { described_class.new(project, current_user: user) } + + context 'when project.repository has a license_key' do + it 'returns the nickname of the license if present' do + allow(project.repository).to receive(:license_key).and_return('agpl-3.0') + + expect(presenter.license_short_name).to eq('GNU AGPLv3') + end + + it 'returns the name of the license if nickname is not present' do + allow(project.repository).to receive(:license_key).and_return('mit') + + expect(presenter.license_short_name).to eq('MIT License') + end + end + + context 'when project.repository has no license_key but a license_blob' do + it 'returns LICENSE' do + allow(project.repository).to receive(:license_key).and_return(nil) + + expect(presenter.license_short_name).to eq('LICENSE') + end + end + end + + describe '#default_view' do + let(:presenter) { described_class.new(project, current_user: user) } + + context 'user not signed in' do + let(:user) { nil } + + context 'when repository is empty' do + let(:project) { create(:project_empty_repo, :public) } + + it 'returns activity if user has repository access' do + allow(presenter).to receive(:can?).with(nil, :download_code, project).and_return(true) + + expect(presenter.default_view).to eq('activity') + end + + it 'returns activity if user does not have repository access' do + allow(project).to receive(:can?).with(nil, :download_code, project).and_return(false) + + expect(presenter.default_view).to eq('activity') + end + end + + context 'when repository is not empty' do + let(:project) { create(:project, :public, :repository) } + + it 'returns files and readme if user has repository access' do + allow(presenter).to receive(:can?).with(nil, :download_code, project).and_return(true) + + expect(presenter.default_view).to eq('files') + end + + it 'returns activity if user does not have repository access' do + allow(presenter).to receive(:can?).with(nil, :download_code, project).and_return(false) + + expect(presenter.default_view).to eq('activity') + end + end + end + + context 'user signed in' do + let(:user) { create(:user, :readme) } + let(:project) { create(:project, :public, :repository) } + + context 'when the user is allowed to see the code' do + it 'returns the project view' do + allow(presenter).to receive(:can?).with(user, :download_code, project).and_return(true) + + expect(presenter.default_view).to eq('readme') + end + end + + context 'with wikis enabled and the right policy for the user' do + before do + project.project_feature.update_attribute(:issues_access_level, 0) + allow(presenter).to receive(:can?).with(user, :download_code, project).and_return(false) + end + + it 'returns wiki if the user has the right policy' do + allow(presenter).to receive(:can?).with(user, :read_wiki, project).and_return(true) + + expect(presenter.default_view).to eq('wiki') + end + + it 'returns customize_workflow if the user does not have the right policy' do + allow(presenter).to receive(:can?).with(user, :read_wiki, project).and_return(false) + + expect(presenter.default_view).to eq('customize_workflow') + end + end + + context 'with issues as a feature available' do + it 'return issues' do + allow(presenter).to receive(:can?).with(user, :download_code, project).and_return(false) + allow(presenter).to receive(:can?).with(user, :read_wiki, project).and_return(false) + + expect(presenter.default_view).to eq('projects/issues/issues') + end + end + + context 'with no activity, no wikies and no issues' do + it 'returns customize_workflow as default' do + project.project_feature.update_attribute(:issues_access_level, 0) + allow(presenter).to receive(:can?).with(user, :download_code, project).and_return(false) + allow(presenter).to receive(:can?).with(user, :read_wiki, project).and_return(false) + + expect(presenter.default_view).to eq('customize_workflow') + end + end + end + end + + describe '#can_current_user_push_code?' do + let(:project) { create(:project, :repository) } + let(:presenter) { described_class.new(project, current_user: user) } + + context 'empty repo' do + let(:project) { create(:project) } + + it 'returns true if user can push_code' do + project.add_developer(user) + + expect(presenter.can_current_user_push_code?).to be(true) + end + + it 'returns false if user cannot push_code' do + project.add_reporter(user) + + expect(presenter.can_current_user_push_code?).to be(false) + end + end + + context 'not empty repo' do + let(:project) { create(:project, :repository) } + + it 'returns true if user can push to default branch' do + project.add_developer(user) + + expect(presenter.can_current_user_push_code?).to be(true) + end + + it 'returns false if default branch is protected' do + project.add_developer(user) + create(:protected_branch, project: project, name: project.default_branch) + + expect(presenter.can_current_user_push_code?).to be(false) + end + end + end + + context 'statistics anchors' do + let(:project) { create(:project, :repository) } + let(:presenter) { described_class.new(project, current_user: user) } + + describe '#files_anchor_data' do + it 'returns files data' do + expect(presenter.files_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Files (0 Bytes)', + link: presenter.project_tree_path(project))) + end + end + + describe '#commits_anchor_data' do + it 'returns commits data' do + expect(presenter.commits_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Commits (0)', + link: presenter.project_commits_path(project, project.repository.root_ref))) + end + end + + describe '#branches_anchor_data' do + it 'returns branches data' do + expect(presenter.branches_anchor_data).to eq(OpenStruct.new(enabled: true, + label: "Branches (#{project.repository.branches.size})", + link: presenter.project_branches_path(project))) + end + end + + describe '#tags_anchor_data' do + it 'returns tags data' do + expect(presenter.tags_anchor_data).to eq(OpenStruct.new(enabled: true, + label: "Tags (#{project.repository.tags.size})", + link: presenter.project_tags_path(project))) + end + end + + describe '#new_file_anchor_data' do + it 'returns new file data if user can push' do + project.add_developer(user) + + expect(presenter.new_file_anchor_data).to eq(OpenStruct.new(enabled: false, + label: "New file", + link: presenter.project_new_blob_path(project, 'master'), + class_modifier: 'new')) + end + + it 'returns nil if user cannot push' do + expect(presenter.new_file_anchor_data).to be_nil + end + end + + describe '#readme_anchor_data' do + context 'when user can push and README does not exists' do + it 'returns anchor data' do + project.add_developer(user) + allow(project.repository).to receive(:readme).and_return(nil) + + expect(presenter.readme_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Add Readme', + link: presenter.add_readme_path)) + end + end + + context 'when README exists' do + it 'returns anchor data' do + allow(project.repository).to receive(:readme).and_return(double(name: 'readme')) + + expect(presenter.readme_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Readme', + link: presenter.readme_path)) + end + end + end + + describe '#changelog_anchor_data' do + context 'when user can push and CHANGELOG does not exists' do + it 'returns anchor data' do + project.add_developer(user) + allow(project.repository).to receive(:changelog).and_return(nil) + + expect(presenter.changelog_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Add Changelog', + link: presenter.add_changelog_path)) + end + end + + context 'when CHANGELOG exists' do + it 'returns anchor data' do + allow(project.repository).to receive(:changelog).and_return(double(name: 'foo')) + + expect(presenter.changelog_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Changelog', + link: presenter.changelog_path)) + end + end + end + + describe '#license_anchor_data' do + context 'when user can push and LICENSE does not exists' do + it 'returns anchor data' do + project.add_developer(user) + allow(project.repository).to receive(:license_blob).and_return(nil) + + expect(presenter.license_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Add License', + link: presenter.add_license_path)) + end + end + + context 'when LICENSE exists' do + it 'returns anchor data' do + allow(project.repository).to receive(:license_blob).and_return(double(name: 'foo')) + + expect(presenter.license_anchor_data).to eq(OpenStruct.new(enabled: true, + label: presenter.license_short_name, + link: presenter.license_path)) + end + end + end + + describe '#contribution_guide_anchor_data' do + context 'when user can push and CONTRIBUTING does not exists' do + it 'returns anchor data' do + project.add_developer(user) + allow(project.repository).to receive(:contribution_guide).and_return(nil) + + expect(presenter.contribution_guide_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Add Contribution guide', + link: presenter.add_contribution_guide_path)) + end + end + + context 'when CONTRIBUTING exists' do + it 'returns anchor data' do + allow(project.repository).to receive(:contribution_guide).and_return(double(name: 'foo')) + + expect(presenter.contribution_guide_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Contribution guide', + link: presenter.contribution_guide_path)) + end + end + end + + describe '#autodevops_anchor_data' do + context 'when Auto Devops is enabled' do + it 'returns anchor data' do + allow(project).to receive(:auto_devops_enabled?).and_return(true) + + expect(presenter.autodevops_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Auto DevOps enabled', + link: nil)) + end + end + + context 'when user can admin pipeline and CI yml does not exists' do + it 'returns anchor data' do + project.add_master(user) + allow(project).to receive(:auto_devops_enabled?).and_return(false) + allow(project.repository).to receive(:gitlab_ci_yml).and_return(nil) + + expect(presenter.autodevops_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Enable Auto DevOps', + link: presenter.project_settings_ci_cd_path(project, anchor: 'js-general-pipeline-settings'))) + end + end + end + + describe '#kubernetes_cluster_anchor_data' do + context 'when user can create Kubernetes cluster' do + it 'returns link to cluster if only one exists' do + project.add_master(user) + cluster = create(:cluster, projects: [project]) + + expect(presenter.kubernetes_cluster_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Kubernetes configured', + link: presenter.project_cluster_path(project, cluster))) + end + + it 'returns link to clusters page if more than one exists' do + project.add_master(user) + create(:cluster, projects: [project]) + create(:cluster, projects: [project]) + + expect(presenter.kubernetes_cluster_anchor_data).to eq(OpenStruct.new(enabled: true, + label: 'Kubernetes configured', + link: presenter.project_clusters_path(project))) + end + + it 'returns link to create a cluster if no cluster exists' do + project.add_master(user) + + expect(presenter.kubernetes_cluster_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Add Kubernetes cluster', + link: presenter.new_project_cluster_path(project))) + end + end + + context 'when user cannot create Kubernetes cluster' do + it 'returns nil' do + expect(presenter.kubernetes_cluster_anchor_data).to be_nil + end + end + end + + describe '#koding_anchor_data' do + it 'returns link to setup Koding if user can push and no koding YML exists' do + project.add_developer(user) + allow(project.repository).to receive(:koding_yml).and_return(nil) + allow(Gitlab::CurrentSettings).to receive(:koding_enabled?).and_return(true) + + expect(presenter.koding_anchor_data).to eq(OpenStruct.new(enabled: false, + label: 'Set up Koding', + link: presenter.add_koding_stack_path)) + end + + it 'returns nil if user cannot push' do + expect(presenter.koding_anchor_data).to be_nil + end + + it 'returns nil if koding is not enabled' do + project.add_developer(user) + allow(Gitlab::CurrentSettings).to receive(:koding_enabled?).and_return(false) + + expect(presenter.koding_anchor_data).to be_nil + end + + it 'returns nil if koding YML already exists' do + project.add_developer(user) + allow(project.repository).to receive(:koding_yml).and_return(double) + allow(Gitlab::CurrentSettings).to receive(:koding_enabled?).and_return(true) + + expect(presenter.koding_anchor_data).to be_nil + end + end + end +end diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb index 91aefa84d0e..56d025f0176 100644 --- a/spec/routing/routing_spec.rb +++ b/spec/routing/routing_spec.rb @@ -37,6 +37,22 @@ describe UsersController, "routing" do it "to #calendar_activities" do expect(get("/users/User/calendar_activities")).to route_to('users#calendar_activities', username: 'User') end + + describe 'redirect alias routes' do + include RSpec::Rails::RequestExampleGroup + + it '/u/user1 redirects to /user1' do + expect(get("/u/user1")).to redirect_to('/user1') + end + + it '/u/user1/groups redirects to /user1/groups' do + expect(get("/u/user1/groups")).to redirect_to('/users/user1/groups') + end + + it '/u/user1/projects redirects to /user1/projects' do + expect(get("/u/user1/projects")).to redirect_to('/users/user1/projects') + end + end end # search GET /search(.:format) search#show diff --git a/spec/services/merge_requests/create_from_issue_service_spec.rb b/spec/services/merge_requests/create_from_issue_service_spec.rb index 75553afc033..38d84cf0ceb 100644 --- a/spec/services/merge_requests/create_from_issue_service_spec.rb +++ b/spec/services/merge_requests/create_from_issue_service_spec.rb @@ -24,7 +24,7 @@ describe MergeRequests::CreateFromIssueService do end it 'delegates issue search to IssuesFinder' do - expect_any_instance_of(IssuesFinder).to receive(:execute).once.and_call_original + expect_any_instance_of(IssuesFinder).to receive(:find_by).once.and_call_original described_class.new(project, user, issue_iid: -1).execute end diff --git a/spec/services/todo_service_spec.rb b/spec/services/todo_service_spec.rb index 5e6c24f5730..562b89e6767 100644 --- a/spec/services/todo_service_spec.rb +++ b/spec/services/todo_service_spec.rb @@ -943,7 +943,8 @@ describe TodoService do described_class.new.mark_todos_as_done_by_ids(todo, john_doe) - expect_any_instance_of(TodosFinder).not_to receive(:execute) + # Make sure no TodosFinder is inialized to perform counting + expect(TodosFinder).not_to receive(:new) expect(john_doe.todos_done_count).to eq(1) expect(john_doe.todos_pending_count).to eq(1) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 5600c9c6ad5..c0f3366fb52 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -185,6 +185,14 @@ RSpec.configure do |config| config.around(:each, :postgresql) do |example| example.run if Gitlab::Database.postgresql? end + + # This makes sure the `ApplicationController#can?` method is stubbed with the + # original implementation for all view specs. + config.before(:each, type: :view) do + allow(view).to receive(:can?) do |*args| + Ability.allowed?(*args) + end + end end # add simpler way to match asset paths containing digest strings diff --git a/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb b/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb index 7ce80c82439..ea7dbade171 100644 --- a/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb +++ b/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb @@ -89,6 +89,19 @@ shared_examples 'handle uploads' do end end + context "when neither the uploader nor the model exists" do + before do + allow_any_instance_of(Upload).to receive(:build_uploader).and_return(nil) + allow(controller).to receive(:find_model).and_return(nil) + end + + it "responds with status 404" do + show_upload + + expect(response).to have_gitlab_http_status(404) + end + end + context "when the file doesn't exist" do before do allow_any_instance_of(FileUploader).to receive(:exists?).and_return(false) diff --git a/spec/support/snippet_visibility.rb b/spec/support/snippet_visibility.rb index 1cb904823d2..3a7c69b7877 100644 --- a/spec/support/snippet_visibility.rb +++ b/spec/support/snippet_visibility.rb @@ -252,6 +252,15 @@ RSpec.shared_examples 'snippet visibility' do results = described_class.new(user).execute expect(results.include?(snippet)).to eq(outcome) end + + it 'returns no snippets when the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + snippets = described_class.new(user).execute + + expect(snippets).to be_empty + end end end end @@ -298,6 +307,15 @@ RSpec.shared_examples 'snippet visibility' do results = described_class.new(user).execute expect(results.include?(snippet)).to eq(outcome) end + + it 'should return personal snippets when the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + results = described_class.new(user).execute + + expect(results.include?(snippet)).to eq(outcome) + end end end end diff --git a/spec/views/shared/projects/_project.html.haml_spec.rb b/spec/views/shared/projects/_project.html.haml_spec.rb index f0a4f153699..3b14045e61f 100644 --- a/spec/views/shared/projects/_project.html.haml_spec.rb +++ b/spec/views/shared/projects/_project.html.haml_spec.rb @@ -5,6 +5,7 @@ describe 'shared/projects/_project.html.haml' do before do allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings) + allow(view).to receive(:can?) { true } end it 'should render creator avatar if project has a creator' do |
