Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-19 09:08:42 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-19 09:08:42 +0000
commit: b76ae638462ab0f673e5915986070518dd3f9ad3 (patch)
tree: bdab0533383b52873be0ec0eb4d3c66598ff8b91 /app/controllers/groups
parent: 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff)
download: gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz
12 files changed, 114 insertions, 43 deletions
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index 69081835c4d..aa0d49902c3 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -13,16 +13,8 @@ class Groups::ApplicationController < ApplicationController
   before_action :set_sorting
   requires_cross_project_access
 
-  helper_method :can_manage_members?
-
   private
 
-  def can_manage_members?(group = @group)
-    strong_memoize(:can_manage_members) do
-      can?(current_user, :admin_group_member, group)
-    end
-  end
-
   def group
     @group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info)
   end
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 04b4d8ea9a7..96a3b38669d 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -7,7 +7,7 @@ class Groups::BoardsController < Groups::ApplicationController
 
   before_action :assign_endpoint_vars
   before_action do
-    push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: false)
+    push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: :yaml)
     push_frontend_feature_flag(:issue_boards_filtered_search, group, default_enabled: :yaml)
     push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml)
     push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
diff --git a/app/controllers/groups/clusters/applications_controller.rb b/app/controllers/groups/clusters/applications_controller.rb
deleted file mode 100644
index ce6fda4143c..00000000000
--- a/app/controllers/groups/clusters/applications_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-class Groups::Clusters::ApplicationsController < Clusters::ApplicationsController
-  include ControllerWithCrossProjectAccessCheck
-
-  prepend_before_action :group
-  requires_cross_project_access
-
-  private
-
-  def clusterable
-    @clusterable ||= ClusterablePresenter.fabricate(group, current_user: current_user)
-  end
-
-  def group
-    @group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info)
-  end
-end
diff --git a/app/controllers/groups/dependency_proxies_controller.rb b/app/controllers/groups/dependency_proxies_controller.rb
index b896b240daf..b037aa52939 100644
--- a/app/controllers/groups/dependency_proxies_controller.rb
+++ b/app/controllers/groups/dependency_proxies_controller.rb
@@ -2,7 +2,7 @@
 
 module Groups
   class DependencyProxiesController < Groups::ApplicationController
-    include DependencyProxy::GroupAccess
+    include ::DependencyProxy::GroupAccess
 
     before_action :authorize_admin_dependency_proxy!, only: :update
     before_action :dependency_proxy
diff --git a/app/controllers/groups/dependency_proxy/application_controller.rb b/app/controllers/groups/dependency_proxy/application_controller.rb
new file mode 100644
index 00000000000..fd9db41f748
--- /dev/null
+++ b/app/controllers/groups/dependency_proxy/application_controller.rb
@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Groups
+  module DependencyProxy
+    class ApplicationController < ::ApplicationController
+      EMPTY_AUTH_RESULT = Gitlab::Auth::Result.new(nil, nil, nil, nil).freeze
+
+      delegate :actor, to: :@authentication_result, allow_nil: true
+
+      # This allows auth_user to be set in the base ApplicationController
+      alias_method :authenticated_user, :actor
+
+      # We disable `authenticate_user!` since the `DependencyProxy::ApplicationController` performs auth using JWT token
+      skip_before_action :authenticate_user!, raise: false
+
+      prepend_before_action :authenticate_user_from_jwt_token!
+
+      def authenticate_user_from_jwt_token!
+        return unless dependency_proxy_for_private_groups?
+
+        authenticate_with_http_token do |token, _|
+          @authentication_result = EMPTY_AUTH_RESULT
+
+          found_user = user_from_token(token)
+          sign_in(found_user) if found_user.is_a?(User)
+        end
+
+        request_bearer_token! unless authenticated_user
+      end
+
+      private
+
+      def dependency_proxy_for_private_groups?
+        Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true)
+      end
+
+      def request_bearer_token!
+        # unfortunately, we cannot use https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html#method-i-authentication_request
+        response.headers['WWW-Authenticate'] = ::DependencyProxy::Registry.authenticate_header
+        render plain: '', status: :unauthorized
+      end
+
+      def user_from_token(token)
+        token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token)
+
+        if token_payload['user_id']
+          token_user = User.find(token_payload['user_id'])
+          return unless token_user
+
+          @authentication_result = Gitlab::Auth::Result.new(token_user, nil, :user, [])
+          return token_user
+        elsif token_payload['deploy_token']
+          deploy_token = DeployToken.active.find_by_token(token_payload['deploy_token'])
+          return unless deploy_token
+
+          @authentication_result = Gitlab::Auth::Result.new(deploy_token, nil, :deploy_token, [])
+          return deploy_token
+        end
+
+        nil
+      rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
+        nil
+      end
+    end
+  end
+end
diff --git a/app/controllers/groups/dependency_proxy_auth_controller.rb b/app/controllers/groups/dependency_proxy_auth_controller.rb
index e3e9bd88e24..60b2371fa9a 100644
--- a/app/controllers/groups/dependency_proxy_auth_controller.rb
+++ b/app/controllers/groups/dependency_proxy_auth_controller.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class Groups::DependencyProxyAuthController < ApplicationController
-  include DependencyProxy::Auth
-
+class Groups::DependencyProxyAuthController < ::Groups::DependencyProxy::ApplicationController
   feature_category :dependency_proxy
 
   def authenticate
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index e2c104f88a4..f7dc552bd3e 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
-class Groups::DependencyProxyForContainersController < Groups::ApplicationController
-  include DependencyProxy::Auth
+class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy::ApplicationController
+  include Gitlab::Utils::StrongMemoize
   include DependencyProxy::GroupAccess
   include SendFileUpload
+  include ::PackagesHelper # for event tracking
 
+  before_action :ensure_group
   before_action :ensure_token_granted!
   before_action :ensure_feature_enabled!
 
@@ -22,6 +24,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
       response.headers['Etag'] = "\"#{result[:manifest].digest}\""
       content_type = result[:manifest].content_type
 
+      event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache])
+      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
       send_upload(
         result[:manifest].file,
         proxy: true,
@@ -38,6 +42,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
       .new(group, image, token, params[:sha]).execute
 
     if result[:status] == :success
+      event_name = tracking_event_name(object_type: :blob, from_cache: result[:from_cache])
+      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
       send_upload(result[:blob].file)
     else
       head result[:http_status]
@@ -46,6 +52,12 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
 
   private
 
+  def group
+    strong_memoize(:group) do
+      Group.find_by_full_path(params[:group_id], follow_redirects: request.get?)
+    end
+  end
+
   def image
     params[:image]
   end
@@ -54,11 +66,22 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
     params[:tag]
   end
 
+  def tracking_event_name(object_type:, from_cache:)
+    event_name = "pull_#{object_type}"
+    event_name = "#{event_name}_from_cache" if from_cache
+
+    event_name
+  end
+
   def dependency_proxy
     @dependency_proxy ||=
       group.dependency_proxy_setting || group.create_dependency_proxy_setting
   end
 
+  def ensure_group
+    render_404 unless group
+  end
+
   def ensure_feature_enabled!
     render_404 unless dependency_proxy.enabled
   end
diff --git a/app/controllers/groups/email_campaigns_controller.rb b/app/controllers/groups/email_campaigns_controller.rb
index d4c7b31c4b8..70c8a23d918 100644
--- a/app/controllers/groups/email_campaigns_controller.rb
+++ b/app/controllers/groups/email_campaigns_controller.rb
@@ -38,10 +38,12 @@ class Groups::EmailCampaignsController < Groups::ApplicationController
       create_track_url
     when :verify
       project_pipelines_url(group.projects.first)
-    when :trial
+    when :trial, :trial_short
       'https://about.gitlab.com/free-trial/'
-    when :team
+    when :team, :team_short
       group_group_members_url(group)
+    when :admin_verify
+      project_settings_ci_cd_path(group.projects.first, ci_runner_templates: true, anchor: 'js-runners-settings')
     end
   end
 
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index d5e7653dea2..9b8d5cfe476 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -29,7 +29,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
       .new(@group, current_user, params: filter_params)
       .execute(include_relations: requested_relations)
 
-    if can_manage_members?
+    if can?(current_user, :admin_group_member, @group)
       @skip_groups = @group.related_group_ids
 
       @invited_members = @members.invite
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index 1cff658dd52..dbbfdd76fe8 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -1,14 +1,21 @@
 # frozen_string_literal: true
 
 class Groups::RunnersController < Groups::ApplicationController
-  # Proper policies should be implemented per
-  # https://gitlab.com/gitlab-org/gitlab-foss/issues/45894
+  # TODO Proper policies, such as `read_group_runners, should be implemented per
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/334802
   before_action :authorize_admin_group!
-
+  before_action :runner_list_group_view_vue_ui_enabled, only: [:index]
   before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
 
   feature_category :runner
 
+  def index
+  end
+
+  def runner_list_group_view_vue_ui_enabled
+    return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml)
+  end
+
   def show
   end
 
diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb
index 88c709e3f53..0f40c9bfd2c 100644
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -60,6 +60,7 @@ module Groups
 
       def define_variables
         define_ci_variables
+        define_view_variables
       end
 
       def define_ci_variables
@@ -69,6 +70,10 @@ module Groups
           .map { |variable| variable.present(current_user: current_user) }
       end
 
+      def define_view_variables
+        @content_class = 'limit-container-width' unless fluid_layout
+      end
+
       def authorize_admin_group!
         return render_404 unless can?(current_user, :admin_group, group)
       end
diff --git a/app/controllers/groups/settings/integrations_controller.rb b/app/controllers/groups/settings/integrations_controller.rb
index 8e3b2cb5d1b..a7a1de03224 100644
--- a/app/controllers/groups/settings/integrations_controller.rb
+++ b/app/controllers/groups/settings/integrations_controller.rb
@@ -26,10 +26,6 @@ module Groups
       def find_or_initialize_non_project_specific_integration(name)
         Integration.find_or_initialize_non_project_specific_integration(name, group_id: group.id)
       end
-
-      def scoped_edit_integration_path(integration)
-        edit_group_settings_integration_path(group, integration)
-      end
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-19 09:08:42 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-19 09:08:42 +0000
commit	b76ae638462ab0f673e5915986070518dd3f9ad3 (patch)
tree	bdab0533383b52873be0ec0eb4d3c66598ff8b91 /app/controllers/groups
parent	434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff)
download	gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz