diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
commit | 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch) | |
tree | 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /app/controllers/concerns | |
parent | 744144d28e3e7fddc117924fef88de5d9674fe4c (diff) | |
download | gitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz |
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'app/controllers/concerns')
8 files changed, 31 insertions, 12 deletions
diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb index 10122b4c77b..62585ab95af 100644 --- a/app/controllers/concerns/integrations/params.rb +++ b/app/controllers/concerns/integrations/params.rb @@ -77,18 +77,15 @@ module Integrations :webhook ].freeze - # Parameters to ignore if no value is specified - FILTER_BLANK_PARAMS = [:password].freeze - def integration_params - dynamic_params = @integration.event_channel_names + @integration.event_names # rubocop:disable Gitlab/ModuleWithInstanceVariables + dynamic_params = integration.event_channel_names + integration.event_names allowed = allowed_integration_params + dynamic_params return_value = params.permit(:id, integration: allowed, service: allowed) return_value[:integration] ||= return_value.delete(:service) param_values = return_value[:integration] if param_values.is_a?(ActionController::Parameters) - FILTER_BLANK_PARAMS.each do |param| + integration.password_fields.each do |param| param_values.delete(param) if param_values[param].blank? end end diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index d2d2e656af8..4841225de08 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -13,8 +13,16 @@ module IssuableCollections private + def show_alert_if_search_is_disabled + return if current_user || params[:search].blank? || !html_request? || Feature.disabled?(:disable_anonymous_search, type: :ops) + + flash.now[:notice] = _('You must sign in to search for specific terms.') + end + # rubocop:disable Gitlab/ModuleWithInstanceVariables def set_issuables_index + show_alert_if_search_is_disabled + @issuables = issuables_collection unless pagination_disabled? diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb index ca2979a5a29..b68db0e3f9f 100644 --- a/app/controllers/concerns/issuable_collections_action.rb +++ b/app/controllers/concerns/issuable_collections_action.rb @@ -7,6 +7,8 @@ module IssuableCollectionsAction # rubocop:disable Gitlab/ModuleWithInstanceVariables def issues + show_alert_if_search_is_disabled + @issues = issuables_collection .non_archived .page(params[:page]) @@ -20,6 +22,8 @@ module IssuableCollectionsAction end def merge_requests + show_alert_if_search_is_disabled + @merge_requests = issuables_collection.page(params[:page]) @issuable_meta_data = Gitlab::IssuableMetadata.new(current_user, @merge_requests).data diff --git a/app/controllers/concerns/oauth_applications.rb b/app/controllers/concerns/oauth_applications.rb index d97e22df472..d2c746db12d 100644 --- a/app/controllers/concerns/oauth_applications.rb +++ b/app/controllers/concerns/oauth_applications.rb @@ -18,4 +18,14 @@ module OauthApplications def load_scopes @scopes ||= Doorkeeper.configuration.scopes end + + def permitted_params + %i{name redirect_uri scopes confidential expire_access_tokens} + end + + def application_params + params + .require(:doorkeeper_application) + .permit(*permitted_params) + end end diff --git a/app/controllers/concerns/project_unauthorized.rb b/app/controllers/concerns/project_unauthorized.rb index b58f6589f9b..563d6b6273b 100644 --- a/app/controllers/concerns/project_unauthorized.rb +++ b/app/controllers/concerns/project_unauthorized.rb @@ -3,7 +3,7 @@ module ProjectUnauthorized module ControllerActions def self.on_routable_not_found - lambda do |routable, path_info| + lambda do |routable, full_path| return unless routable.is_a?(Project) label = routable.external_authorization_classification_label diff --git a/app/controllers/concerns/renders_projects_list.rb b/app/controllers/concerns/renders_projects_list.rb index be45c676ad6..05bd9972ee7 100644 --- a/app/controllers/concerns/renders_projects_list.rb +++ b/app/controllers/concerns/renders_projects_list.rb @@ -4,9 +4,10 @@ module RendersProjectsList def prepare_projects_for_rendering(projects) preload_max_member_access_for_collection(Project, projects) - # Call the forks count method on every project, so the BatchLoader would load them all at + # Call the count methods on every project, so the BatchLoader would load them all at # once when the entities are rendered projects.each(&:forks_count) + projects.each(&:open_issues_count) projects end diff --git a/app/controllers/concerns/routable_actions.rb b/app/controllers/concerns/routable_actions.rb index 57108369c64..e34d6b09c24 100644 --- a/app/controllers/concerns/routable_actions.rb +++ b/app/controllers/concerns/routable_actions.rb @@ -3,13 +3,13 @@ module RoutableActions extend ActiveSupport::Concern - def find_routable!(routable_klass, routable_full_path, path_info, extra_authorization_proc: nil) + def find_routable!(routable_klass, routable_full_path, full_path, extra_authorization_proc: nil) routable = routable_klass.find_by_full_path(routable_full_path, follow_redirects: request.get?) if routable_authorized?(routable, extra_authorization_proc) ensure_canonical_path(routable, routable_full_path) routable else - perform_not_found_actions(routable, not_found_actions, path_info) + perform_not_found_actions(routable, not_found_actions, full_path) route_not_found unless performed? @@ -21,11 +21,11 @@ module RoutableActions [ProjectUnauthorized::ControllerActions.on_routable_not_found] end - def perform_not_found_actions(routable, actions, path_info) + def perform_not_found_actions(routable, actions, full_path) actions.each do |action| break if performed? - instance_exec(routable, path_info, &action) + instance_exec(routable, full_path, &action) end end diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index 3c8a683439a..58e65ba20e2 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -8,7 +8,6 @@ module SessionlessAuthentication # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) user = request_authenticator.find_sessionless_user(request_format) - sessionless_sign_in(user) if user end |