summaryrefslogtreecommitdiff
path: root/app/services
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-04-14 15:09:44 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-04-14 15:09:44 +0000
commit874ead9c3a50de4c4ca4551eaf5b7eb976d26b50 (patch)
tree637ee9f2da5e251bc08ebf3e972209d51966bf7c /app/services
parent2e4c4055181eec9186458dd5dd3219c937032ec7 (diff)
downloadgitlab-ce-874ead9c3a50de4c4ca4551eaf5b7eb976d26b50.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
-rw-r--r--app/services/clusters/create_service.rb7
-rw-r--r--app/services/clusters/management/validate_management_project_permissions_service.rb54
-rw-r--r--app/services/clusters/update_service.rb41
-rw-r--r--app/services/environments/auto_stop_service.rb2
-rw-r--r--app/services/notification_service.rb6
-rw-r--r--app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb2
6 files changed, 72 insertions, 40 deletions
diff --git a/app/services/clusters/create_service.rb b/app/services/clusters/create_service.rb
index 5c26c611e00..7b5bf6b32c2 100644
--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -23,6 +23,8 @@ module Clusters
cluster.errors.add(:base, _('Instance does not support multiple Kubernetes clusters'))
end
+ validate_management_project_permissions(cluster)
+
return cluster if cluster.errors.present?
cluster.tap do |cluster|
@@ -57,6 +59,11 @@ module Clusters
def can_create_cluster?
clusterable.clusters.empty?
end
+
+ def validate_management_project_permissions(cluster)
+ Clusters::Management::ValidateManagementProjectPermissionsService.new(current_user)
+ .execute(cluster, params[:management_project_id])
+ end
end
end
diff --git a/app/services/clusters/management/validate_management_project_permissions_service.rb b/app/services/clusters/management/validate_management_project_permissions_service.rb
new file mode 100644
index 00000000000..e89a0afe6d2
--- /dev/null
+++ b/app/services/clusters/management/validate_management_project_permissions_service.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Clusters
+ module Management
+ class ValidateManagementProjectPermissionsService
+ attr_reader :current_user
+
+ def initialize(user = nil)
+ @current_user = user
+ end
+
+ def execute(cluster, management_project_id)
+ if management_project_id.present?
+ management_project = management_project_scope(cluster).find_by_id(management_project_id)
+
+ unless management_project && can_admin_pipeline_for_project?(management_project)
+ cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
+
+ return false
+ end
+ end
+
+ true
+ end
+
+ private
+
+ def can_admin_pipeline_for_project?(project)
+ Ability.allowed?(current_user, :admin_pipeline, project)
+ end
+
+ def management_project_scope(cluster)
+ return ::Project.all if cluster.instance_type?
+
+ group =
+ if cluster.group_type?
+ cluster.first_group
+ elsif cluster.project_type?
+ cluster.first_project&.namespace
+ end
+
+ # Prevent users from selecting nested projects until
+ # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved
+ include_subgroups = cluster.group_type?
+
+ ::GroupProjectsFinder.new(
+ group: group,
+ current_user: current_user,
+ options: { only_owned: true, include_subgroups: include_subgroups }
+ ).execute
+ end
+ end
+ end
+end
diff --git a/app/services/clusters/update_service.rb b/app/services/clusters/update_service.rb
index 8cb77040b14..2315df612a1 100644
--- a/app/services/clusters/update_service.rb
+++ b/app/services/clusters/update_service.rb
@@ -18,46 +18,9 @@ module Clusters
private
- def can_admin_pipeline_for_project?(project)
- Ability.allowed?(current_user, :admin_pipeline, project)
- end
-
def validate_params(cluster)
- if params[:management_project_id].present?
- management_project = management_project_scope(cluster).find_by_id(params[:management_project_id])
-
- unless management_project
- cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
-
- return false
- end
-
- unless can_admin_pipeline_for_project?(management_project)
- # Use same message as not found to prevent enumeration
- cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
-
- return false
- end
- end
-
- true
- end
-
- def management_project_scope(cluster)
- return ::Project.all if cluster.instance_type?
-
- group =
- if cluster.group_type?
- cluster.first_group
- elsif cluster.project_type?
- cluster.first_project&.namespace
- end
-
- # Prevent users from selecting nested projects until
- # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved
- include_subgroups = cluster.group_type?
-
- ::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute
+ ::Clusters::Management::ValidateManagementProjectPermissionsService.new(current_user)
+ .execute(cluster, params[:management_project_id])
end
end
end
diff --git a/app/services/environments/auto_stop_service.rb b/app/services/environments/auto_stop_service.rb
index ee7f25a4d76..bde598abf66 100644
--- a/app/services/environments/auto_stop_service.rb
+++ b/app/services/environments/auto_stop_service.rb
@@ -30,7 +30,7 @@ module Environments
def stop_in_batch
environments = Environment.auto_stoppable(BATCH_SIZE)
- return false unless environments.exists? && Feature.enabled?(:auto_stop_environments, default_enabled: true)
+ return false unless environments.exists?
Ci::StopEnvironmentsService.execute_in_batch(environments)
end
diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb
index 62827f20929..91e19d190bd 100644
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -489,6 +489,12 @@ class NotificationService
end
end
+ def pages_domain_auto_ssl_failed(domain)
+ project_maintainers_recipients(domain, action: 'disabled').each do |recipient|
+ mailer.pages_domain_auto_ssl_failed_email(domain, recipient.user).deliver_later
+ end
+ end
+
def issue_due(issue)
recipients = NotificationRecipients::BuildService.build_recipients(
issue,
diff --git a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
index 93445dd4ddd..1c03641469e 100644
--- a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
+++ b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
@@ -57,6 +57,8 @@ module PagesDomains
pages_domain.save!(validate: false)
acme_order.destroy!
+
+ NotificationService.new.pages_domain_auto_ssl_failed(pages_domain)
end
def log_error(api_order)