diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 09:08:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 09:08:42 +0000 |
commit | b76ae638462ab0f673e5915986070518dd3f9ad3 (patch) | |
tree | bdab0533383b52873be0ec0eb4d3c66598ff8b91 /app/controllers/groups | |
parent | 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff) | |
download | gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz |
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'app/controllers/groups')
12 files changed, 114 insertions, 43 deletions
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb index 69081835c4d..aa0d49902c3 100644 --- a/app/controllers/groups/application_controller.rb +++ b/app/controllers/groups/application_controller.rb @@ -13,16 +13,8 @@ class Groups::ApplicationController < ApplicationController before_action :set_sorting requires_cross_project_access - helper_method :can_manage_members? - private - def can_manage_members?(group = @group) - strong_memoize(:can_manage_members) do - can?(current_user, :admin_group_member, group) - end - end - def group @group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info) end diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb index 04b4d8ea9a7..96a3b38669d 100644 --- a/app/controllers/groups/boards_controller.rb +++ b/app/controllers/groups/boards_controller.rb @@ -7,7 +7,7 @@ class Groups::BoardsController < Groups::ApplicationController before_action :assign_endpoint_vars before_action do - push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: false) + push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: :yaml) push_frontend_feature_flag(:issue_boards_filtered_search, group, default_enabled: :yaml) push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml) push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml) diff --git a/app/controllers/groups/clusters/applications_controller.rb b/app/controllers/groups/clusters/applications_controller.rb deleted file mode 100644 index ce6fda4143c..00000000000 --- a/app/controllers/groups/clusters/applications_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -# frozen_string_literal: true - -class Groups::Clusters::ApplicationsController < Clusters::ApplicationsController - include ControllerWithCrossProjectAccessCheck - - prepend_before_action :group - requires_cross_project_access - - private - - def clusterable - @clusterable ||= ClusterablePresenter.fabricate(group, current_user: current_user) - end - - def group - @group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info) - end -end diff --git a/app/controllers/groups/dependency_proxies_controller.rb b/app/controllers/groups/dependency_proxies_controller.rb index b896b240daf..b037aa52939 100644 --- a/app/controllers/groups/dependency_proxies_controller.rb +++ b/app/controllers/groups/dependency_proxies_controller.rb @@ -2,7 +2,7 @@ module Groups class DependencyProxiesController < Groups::ApplicationController - include DependencyProxy::GroupAccess + include ::DependencyProxy::GroupAccess before_action :authorize_admin_dependency_proxy!, only: :update before_action :dependency_proxy diff --git a/app/controllers/groups/dependency_proxy/application_controller.rb b/app/controllers/groups/dependency_proxy/application_controller.rb new file mode 100644 index 00000000000..fd9db41f748 --- /dev/null +++ b/app/controllers/groups/dependency_proxy/application_controller.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +module Groups + module DependencyProxy + class ApplicationController < ::ApplicationController + EMPTY_AUTH_RESULT = Gitlab::Auth::Result.new(nil, nil, nil, nil).freeze + + delegate :actor, to: :@authentication_result, allow_nil: true + + # This allows auth_user to be set in the base ApplicationController + alias_method :authenticated_user, :actor + + # We disable `authenticate_user!` since the `DependencyProxy::ApplicationController` performs auth using JWT token + skip_before_action :authenticate_user!, raise: false + + prepend_before_action :authenticate_user_from_jwt_token! + + def authenticate_user_from_jwt_token! + return unless dependency_proxy_for_private_groups? + + authenticate_with_http_token do |token, _| + @authentication_result = EMPTY_AUTH_RESULT + + found_user = user_from_token(token) + sign_in(found_user) if found_user.is_a?(User) + end + + request_bearer_token! unless authenticated_user + end + + private + + def dependency_proxy_for_private_groups? + Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true) + end + + def request_bearer_token! + # unfortunately, we cannot use https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html#method-i-authentication_request + response.headers['WWW-Authenticate'] = ::DependencyProxy::Registry.authenticate_header + render plain: '', status: :unauthorized + end + + def user_from_token(token) + token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token) + + if token_payload['user_id'] + token_user = User.find(token_payload['user_id']) + return unless token_user + + @authentication_result = Gitlab::Auth::Result.new(token_user, nil, :user, []) + return token_user + elsif token_payload['deploy_token'] + deploy_token = DeployToken.active.find_by_token(token_payload['deploy_token']) + return unless deploy_token + + @authentication_result = Gitlab::Auth::Result.new(deploy_token, nil, :deploy_token, []) + return deploy_token + end + + nil + rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature + nil + end + end + end +end diff --git a/app/controllers/groups/dependency_proxy_auth_controller.rb b/app/controllers/groups/dependency_proxy_auth_controller.rb index e3e9bd88e24..60b2371fa9a 100644 --- a/app/controllers/groups/dependency_proxy_auth_controller.rb +++ b/app/controllers/groups/dependency_proxy_auth_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true -class Groups::DependencyProxyAuthController < ApplicationController - include DependencyProxy::Auth - +class Groups::DependencyProxyAuthController < ::Groups::DependencyProxy::ApplicationController feature_category :dependency_proxy def authenticate diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb index e2c104f88a4..f7dc552bd3e 100644 --- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb +++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true -class Groups::DependencyProxyForContainersController < Groups::ApplicationController - include DependencyProxy::Auth +class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy::ApplicationController + include Gitlab::Utils::StrongMemoize include DependencyProxy::GroupAccess include SendFileUpload + include ::PackagesHelper # for event tracking + before_action :ensure_group before_action :ensure_token_granted! before_action :ensure_feature_enabled! @@ -22,6 +24,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro response.headers['Etag'] = "\"#{result[:manifest].digest}\"" content_type = result[:manifest].content_type + event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache]) + track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user) send_upload( result[:manifest].file, proxy: true, @@ -38,6 +42,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro .new(group, image, token, params[:sha]).execute if result[:status] == :success + event_name = tracking_event_name(object_type: :blob, from_cache: result[:from_cache]) + track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user) send_upload(result[:blob].file) else head result[:http_status] @@ -46,6 +52,12 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro private + def group + strong_memoize(:group) do + Group.find_by_full_path(params[:group_id], follow_redirects: request.get?) + end + end + def image params[:image] end @@ -54,11 +66,22 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro params[:tag] end + def tracking_event_name(object_type:, from_cache:) + event_name = "pull_#{object_type}" + event_name = "#{event_name}_from_cache" if from_cache + + event_name + end + def dependency_proxy @dependency_proxy ||= group.dependency_proxy_setting || group.create_dependency_proxy_setting end + def ensure_group + render_404 unless group + end + def ensure_feature_enabled! render_404 unless dependency_proxy.enabled end diff --git a/app/controllers/groups/email_campaigns_controller.rb b/app/controllers/groups/email_campaigns_controller.rb index d4c7b31c4b8..70c8a23d918 100644 --- a/app/controllers/groups/email_campaigns_controller.rb +++ b/app/controllers/groups/email_campaigns_controller.rb @@ -38,10 +38,12 @@ class Groups::EmailCampaignsController < Groups::ApplicationController create_track_url when :verify project_pipelines_url(group.projects.first) - when :trial + when :trial, :trial_short 'https://about.gitlab.com/free-trial/' - when :team + when :team, :team_short group_group_members_url(group) + when :admin_verify + project_settings_ci_cd_path(group.projects.first, ci_runner_templates: true, anchor: 'js-runners-settings') end end diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index d5e7653dea2..9b8d5cfe476 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -29,7 +29,7 @@ class Groups::GroupMembersController < Groups::ApplicationController .new(@group, current_user, params: filter_params) .execute(include_relations: requested_relations) - if can_manage_members? + if can?(current_user, :admin_group_member, @group) @skip_groups = @group.related_group_ids @invited_members = @members.invite diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index 1cff658dd52..dbbfdd76fe8 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -1,14 +1,21 @@ # frozen_string_literal: true class Groups::RunnersController < Groups::ApplicationController - # Proper policies should be implemented per - # https://gitlab.com/gitlab-org/gitlab-foss/issues/45894 + # TODO Proper policies, such as `read_group_runners, should be implemented per + # https://gitlab.com/gitlab-org/gitlab/-/issues/334802 before_action :authorize_admin_group! - + before_action :runner_list_group_view_vue_ui_enabled, only: [:index] before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] feature_category :runner + def index + end + + def runner_list_group_view_vue_ui_enabled + return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml) + end + def show end diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index 88c709e3f53..0f40c9bfd2c 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -60,6 +60,7 @@ module Groups def define_variables define_ci_variables + define_view_variables end def define_ci_variables @@ -69,6 +70,10 @@ module Groups .map { |variable| variable.present(current_user: current_user) } end + def define_view_variables + @content_class = 'limit-container-width' unless fluid_layout + end + def authorize_admin_group! return render_404 unless can?(current_user, :admin_group, group) end diff --git a/app/controllers/groups/settings/integrations_controller.rb b/app/controllers/groups/settings/integrations_controller.rb index 8e3b2cb5d1b..a7a1de03224 100644 --- a/app/controllers/groups/settings/integrations_controller.rb +++ b/app/controllers/groups/settings/integrations_controller.rb @@ -26,10 +26,6 @@ module Groups def find_or_initialize_non_project_specific_integration(name) Integration.find_or_initialize_non_project_specific_integration(name, group_id: group.id) end - - def scoped_edit_integration_path(integration) - edit_group_settings_integration_path(group, integration) - end end end end |