diff options
author | Mike Greiling <mike@pixelcog.com> | 2018-02-06 13:28:13 -0600 |
---|---|---|
committer | Mike Greiling <mike@pixelcog.com> | 2018-02-06 13:28:13 -0600 |
commit | 47f2754a14549ccd18e4be8b3b6604b378450d6d (patch) | |
tree | f2235166a76bcf9e7761e1b613e63110961869da /app/controllers/concerns | |
parent | e71a27f082c49a8e132be632cb8fe97f810af987 (diff) | |
parent | e776096e84d01ab3d1d07a028b65e7430e195114 (diff) | |
download | gitlab-ce-47f2754a14549ccd18e4be8b3b6604b378450d6d.tar.gz |
Merge branch 'master' into pawel/connect_to_prometheus_through_proxy-30480
* master: (242 commits)
Validate user namespace before saving so that errors persist on model
Reset Project's column information in spec/lib/gitlab/background_migration/populate_merge_request_metrics_with_events_data_spec.rb
Explicitly set cwd in Sidekiq memory killer instead of depending on getcwd
Downgrade google-protobuf
Close low level rugged repository in project cache worker
File upload UI obeys LFS filters
Resolve "Add a link to documentation on how to get external ip in the Kubernetes cluster details page"
Upgrade GitLab Workhorse to v3.6.0
Add sorting options for /users API (admin only)
improvements from feedback
[ci-skip] add changelog
remove file after `Upload#destroy`
Fix a hardcoded pipeline ID in a spinach step
Override group sidebar links
Replace "cluster" with "Kubernetes cluster"
Reorder async/sync tasks in BuildFinishedWorker to read traces efficiently
Fix tests for Drop filename enforcement
Revert using expand_fixture_path in factory
Revert "Add FixtureHelpers for FactoryGirl"
Refactor :trace to :trace_live in spec
...
Diffstat (limited to 'app/controllers/concerns')
4 files changed, 55 insertions, 17 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index 688e8bd4a37..997af4ab9e9 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -20,13 +20,13 @@ module EnforcesTwoFactorAuthentication end def two_factor_authentication_required? - current_application_settings.require_two_factor_authentication? || + Gitlab::CurrentSettings.require_two_factor_authentication? || current_user.try(:require_two_factor_authentication_from_group?) end def two_factor_authentication_reason(global: -> {}, group: -> {}) if two_factor_authentication_required? - if current_application_settings.require_two_factor_authentication? + if Gitlab::CurrentSettings.require_two_factor_authentication? global.call else groups = current_user.expanded_groups_requiring_two_factor_authentication.reorder(name: :asc) @@ -36,7 +36,7 @@ module EnforcesTwoFactorAuthentication end def two_factor_grace_period - periods = [current_application_settings.two_factor_grace_period] + periods = [Gitlab::CurrentSettings.two_factor_grace_period] periods << current_user.two_factor_grace_period if current_user.try(:require_two_factor_authentication_from_group?) periods.min end diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 2fa0f98e344..0d7ee06deb6 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -94,6 +94,7 @@ module IssuableCollections @filter_params[:project_id] = @project.id elsif @group @filter_params[:group_id] = @group.id + @filter_params[:include_subgroups] = true else # TODO: this filter ignore issues/mr created in public or # internal repos where you are not a member. Enable this filter diff --git a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb index 0218ac83441..88d1b34bb06 100644 --- a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb +++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb @@ -1,8 +1,6 @@ module RequiresWhitelistedMonitoringClient extend ActiveSupport::Concern - include Gitlab::CurrentSettings - included do before_action :validate_ip_whitelisted_or_valid_token! end @@ -26,7 +24,7 @@ module RequiresWhitelistedMonitoringClient token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare( token, - current_application_settings.health_check_access_token + Gitlab::CurrentSettings.health_check_access_token ) end diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index a6fb1f40001..7ad79a1e56c 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -1,6 +1,8 @@ module UploadsActions include Gitlab::Utils::StrongMemoize + UPLOAD_MOUNTS = %w(avatar attachment file logo header_logo).freeze + def create link_to_file = UploadService.new(model, params[:file], uploader_class).execute @@ -17,34 +19,71 @@ module UploadsActions end end + # This should either + # - send the file directly + # - or redirect to its URL + # def show return render_404 unless uploader.exists? - disposition = uploader.image_or_video? ? 'inline' : 'attachment' - - expires_in 0.seconds, must_revalidate: true, private: true + if uploader.file_storage? + disposition = uploader.image_or_video? ? 'inline' : 'attachment' + expires_in 0.seconds, must_revalidate: true, private: true - send_file uploader.file.path, disposition: disposition + send_file uploader.file.path, disposition: disposition + else + redirect_to uploader.url + end end private + def uploader_class + raise NotImplementedError + end + + def upload_mount + mounted_as = params[:mounted_as] + mounted_as if UPLOAD_MOUNTS.include?(mounted_as) + end + + def uploader_mounted? + upload_model_class < CarrierWave::Mount::Extension && !upload_mount.nil? + end + def uploader strong_memoize(:uploader) do - return if show_model.nil? + if uploader_mounted? + model.public_send(upload_mount) # rubocop:disable GitlabSecurity/PublicSend + else + build_uploader_from_upload || build_uploader_from_params + end + end + end - file_uploader = FileUploader.new(show_model, params[:secret]) - file_uploader.retrieve_from_store!(params[:filename]) + def build_uploader_from_upload + return nil unless params[:secret] && params[:filename] - file_uploader - end + upload_path = uploader_class.upload_path(params[:secret], params[:filename]) + upload = Upload.find_by(uploader: uploader_class.to_s, path: upload_path) + upload&.build_uploader + end + + def build_uploader_from_params + uploader = uploader_class.new(model, secret: params[:secret]) + uploader.retrieve_from_store!(params[:filename]) + uploader end def image_or_video? uploader && uploader.exists? && uploader.image_or_video? end - def uploader_class - FileUploader + def find_model + nil + end + + def model + strong_memoize(:model) { find_model } end end |