diff options
author | DJ Mountney <david@twkie.net> | 2018-10-29 14:37:19 -0700 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2018-10-29 14:37:19 -0700 |
commit | 06b6daacb15b92b04e05538b37aadfdb04fc5a4b (patch) | |
tree | 0500cf47f7d8d2e6bc7ed53cbf9ad957f07fb31a /app/controllers | |
parent | c847f172d25efc211045c363f4e55402ad250c09 (diff) | |
parent | 45b61a9ece48550f51432c8cca7de7e1a298ca08 (diff) | |
download | gitlab-ce-06b6daacb15b92b04e05538b37aadfdb04fc5a4b.tar.gz |
Merge remote-tracking branch 'origin/master' into dev-master
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/concerns/boards_responses.rb | 5 | ||||
-rw-r--r-- | app/controllers/concerns/creates_commit.rb | 2 | ||||
-rw-r--r-- | app/controllers/dashboard/milestones_controller.rb | 7 | ||||
-rw-r--r-- | app/controllers/groups/boards_controller.rb | 18 | ||||
-rw-r--r-- | app/controllers/groups/milestones_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/boards_controller.rb | 20 | ||||
-rw-r--r-- | app/controllers/projects/git_http_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/projects/issues_controller.rb | 19 | ||||
-rw-r--r-- | app/controllers/projects/merge_requests/creations_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/merge_requests_controller.rb | 26 | ||||
-rw-r--r-- | app/controllers/projects/mirrors_controller.rb | 16 |
11 files changed, 110 insertions, 12 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb index b7e4f9b81f1..3cdf4ddf8bb 100644 --- a/app/controllers/concerns/boards_responses.rb +++ b/app/controllers/concerns/boards_responses.rb @@ -50,7 +50,10 @@ module BoardsResponses end def authorize_create_issue - authorize_action_for!(project, :admin_issue) + list = List.find(issue_params[:list_id]) + action = list.backlog? ? :create_issue : :admin_issue + + authorize_action_for!(project, action) end def authorize_admin_list diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb index b3777fd2b0f..f644702cbdb 100644 --- a/app/controllers/concerns/creates_commit.rb +++ b/app/controllers/concerns/creates_commit.rb @@ -86,10 +86,10 @@ module CreatesCommit def new_merge_request_path project_new_merge_request_path( @project_to_commit_into, + merge_request_source_branch: @branch_name, merge_request: { source_project_id: @project_to_commit_into.id, target_project_id: @project.id, - source_branch: @branch_name, target_branch: @start_branch } ) diff --git a/app/controllers/dashboard/milestones_controller.rb b/app/controllers/dashboard/milestones_controller.rb index 6e17bc212e4..3802aa5f40f 100644 --- a/app/controllers/dashboard/milestones_controller.rb +++ b/app/controllers/dashboard/milestones_controller.rb @@ -4,12 +4,13 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController include MilestoneActions before_action :projects + before_action :groups, only: :index before_action :milestone, only: [:show, :merge_requests, :participants, :labels] def index respond_to do |format| format.html do - @milestone_states = GlobalMilestone.states_count(@projects) + @milestone_states = Milestone.states_count(@projects.select(:id), @groups.select(:id)) @milestones = Kaminari.paginate_array(milestones).page(params[:page]) end format.json do @@ -42,4 +43,8 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController @milestone = DashboardMilestone.build(@projects, params[:title]) render_404 unless @milestone end + + def groups + @groups ||= GroupsFinder.new(current_user, state_all: true).execute + end end diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb index 8d259b4052e..cdc6f53df8e 100644 --- a/app/controllers/groups/boards_controller.rb +++ b/app/controllers/groups/boards_controller.rb @@ -5,6 +5,7 @@ class Groups::BoardsController < Groups::ApplicationController before_action :assign_endpoint_vars before_action :boards, only: :index + before_action :redirect_to_recent_board, only: :index def index respond_with_boards @@ -13,6 +14,9 @@ class Groups::BoardsController < Groups::ApplicationController def show @board = boards.find(params[:id]) + # add/update the board in the recent visited table + Boards::Visits::CreateService.new(@board.group, current_user).execute(@board) if request.format.html? + respond_with_board end @@ -31,4 +35,18 @@ class Groups::BoardsController < Groups::ApplicationController def serialize_as_json(resource) resource.as_json(only: [:id]) end + + def includes_board?(board_id) + boards.any? { |board| board.id == board_id } + end + + def redirect_to_recent_board + return if request.format.json? + + recently_visited = Boards::Visits::LatestService.new(group, current_user).execute + + if recently_visited && includes_board?(recently_visited.board_id) + redirect_to(group_board_path(id: recently_visited.board_id), status: :found) + end + end end diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb index a7cee426cf1..b42116b0f36 100644 --- a/app/controllers/groups/milestones_controller.rb +++ b/app/controllers/groups/milestones_controller.rb @@ -10,7 +10,7 @@ class Groups::MilestonesController < Groups::ApplicationController def index respond_to do |format| format.html do - @milestone_states = GlobalMilestone.states_count(group_projects, group) + @milestone_states = Milestone.states_count(group_projects, [group]) @milestones = Kaminari.paginate_array(milestones).page(params[:page]) end format.json do diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb index 77b818347c7..8189b5d182a 100644 --- a/app/controllers/projects/boards_controller.rb +++ b/app/controllers/projects/boards_controller.rb @@ -8,6 +8,7 @@ class Projects::BoardsController < Projects::ApplicationController before_action :authorize_read_board!, only: [:index, :show] before_action :boards, only: :index before_action :assign_endpoint_vars + before_action :redirect_to_recent_board, only: :index def index respond_with_boards @@ -16,6 +17,9 @@ class Projects::BoardsController < Projects::ApplicationController def show @board = boards.find(params[:id]) + # add/update the board in the recent visited table + Boards::Visits::CreateService.new(@board.project, current_user).execute(@board) if request.format.html? + respond_with_board end @@ -33,10 +37,24 @@ class Projects::BoardsController < Projects::ApplicationController end def authorize_read_board! - return access_denied! unless can?(current_user, :read_board, project) + access_denied! unless can?(current_user, :read_board, project) end def serialize_as_json(resource) resource.as_json(only: [:id]) end + + def includes_board?(board_id) + boards.any? { |board| board.id == board_id } + end + + def redirect_to_recent_board + return if request.format.json? + + recently_visited = Boards::Visits::LatestService.new(project, current_user).execute + + if recently_visited && includes_board?(recently_visited.board_id) + redirect_to(namespace_project_board_path(id: recently_visited.board_id), status: :found) + end + end end diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index be708835e30..c0aa39d87c6 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -8,6 +8,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController rescue_from Gitlab::GitAccess::UnauthorizedError, with: :render_403 rescue_from Gitlab::GitAccess::NotFoundError, with: :render_404 rescue_from Gitlab::GitAccess::ProjectCreationError, with: :render_422 + rescue_from Gitlab::GitAccess::TimeoutError, with: :render_503 # GET /foo/bar.git/info/refs?service=git-upload-pack (git pull) # GET /foo/bar.git/info/refs?service=git-receive-pack (git push) @@ -62,6 +63,10 @@ class Projects::GitHttpController < Projects::GitHttpClientController render plain: exception.message, status: :unprocessable_entity end + def render_503(exception) + render plain: exception.message, status: :service_unavailable + end + def access @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index b06a6f3bb0d..308f666394c 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -9,12 +9,25 @@ class Projects::IssuesController < Projects::ApplicationController include IssuesCalendar include SpammableActions - prepend_before_action :authenticate_user!, only: [:new] + def self.authenticate_user_only_actions + %i[new] + end + + def self.issue_except_actions + %i[index calendar new create bulk_update] + end + + def self.set_issuables_index_only_actions + %i[index calendar] + end + + prepend_before_action :authenticate_user!, only: authenticate_user_only_actions before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update] before_action :check_issues_available! - before_action :issue, except: [:index, :calendar, :new, :create, :bulk_update] - before_action :set_issuables_index, only: [:index, :calendar] + before_action :issue, except: issue_except_actions + + before_action :set_issuables_index, only: set_issuables_index_only_actions # Allow write(create) issue before_action :authorize_create_issue!, only: [:new, :create] diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb index 5639402a1e9..bbf662a63c8 100644 --- a/app/controllers/projects/merge_requests/creations_controller.rb +++ b/app/controllers/projects/merge_requests/creations_controller.rb @@ -89,6 +89,8 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap def build_merge_request params[:merge_request] ||= ActionController::Parameters.new(source_project: @project) + params[:merge_request][:source_branch] ||= params[:merge_request_source_branch].presence + @merge_request = ::MergeRequests::BuildService.new(project, current_user, merge_request_params.merge(diff_options: diff_options)).execute end diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 757b03d0b0e..27b83da4f54 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -168,7 +168,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def merge - return access_denied! unless @merge_request.can_be_merged_by?(current_user) + access_check_result = merge_access_check + + return access_check_result if access_check_result status = merge! @@ -201,9 +203,11 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def ci_environments_status - environments = @merge_request.environments_for(current_user).map do |environment| - EnvironmentStatus.new(environment, @merge_request) - end + environments = if ci_environments_status_on_merge_result? + EnvironmentStatus.after_merge_request(@merge_request, current_user) + else + EnvironmentStatus.for_merge_request(@merge_request, current_user) + end render json: EnvironmentStatusSerializer.new(current_user: current_user).represent(environments) end @@ -241,6 +245,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo private + def ci_environments_status_on_merge_result? + params[:environment_target] == 'merge_commit' + end + def target_branch_missing? @merge_request.has_no_commits? && !@merge_request.target_branch_exists? end @@ -256,6 +264,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo return :failed end + merge_service = ::MergeRequests::MergeService.new(@project, current_user, merge_params) + + unless merge_service.hooks_validation_pass?(@merge_request) + return :hook_validation_error + end + return :sha_mismatch if params[:sha] != @merge_request.diff_head_sha @merge_request.update(merge_error: nil, squash: merge_params.fetch(:squash, false)) @@ -318,6 +332,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo access_denied! unless access_check end + def merge_access_check + access_denied! unless @merge_request.can_be_merged_by?(current_user) + end + def whitelist_query_limiting # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42441 Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42438') diff --git a/app/controllers/projects/mirrors_controller.rb b/app/controllers/projects/mirrors_controller.rb index 78d5faf2326..53176978416 100644 --- a/app/controllers/projects/mirrors_controller.rb +++ b/app/controllers/projects/mirrors_controller.rb @@ -44,6 +44,22 @@ class Projects::MirrorsController < Projects::ApplicationController redirect_to_repository_settings(project, anchor: 'js-push-remote-settings') end + def ssh_host_keys + lookup = SshHostKey.new(project: project, url: params[:ssh_url], compare_host_keys: params[:compare_host_keys]) + + if lookup.error.present? + # Failed to read keys + render json: { message: lookup.error }, status: :bad_request + elsif lookup.known_hosts.nil? + # Still working, come back later + render body: nil, status: :no_content + else + render json: lookup + end + rescue ArgumentError => err + render json: { message: err.message }, status: :bad_request + end + private def remote_mirror |