diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 15:09:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 15:09:44 +0000 |
commit | 874ead9c3a50de4c4ca4551eaf5b7eb976d26b50 (patch) | |
tree | 637ee9f2da5e251bc08ebf3e972209d51966bf7c /app/services | |
parent | 2e4c4055181eec9186458dd5dd3219c937032ec7 (diff) | |
download | gitlab-ce-874ead9c3a50de4c4ca4551eaf5b7eb976d26b50.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
6 files changed, 72 insertions, 40 deletions
diff --git a/app/services/clusters/create_service.rb b/app/services/clusters/create_service.rb index 5c26c611e00..7b5bf6b32c2 100644 --- a/app/services/clusters/create_service.rb +++ b/app/services/clusters/create_service.rb @@ -23,6 +23,8 @@ module Clusters cluster.errors.add(:base, _('Instance does not support multiple Kubernetes clusters')) end + validate_management_project_permissions(cluster) + return cluster if cluster.errors.present? cluster.tap do |cluster| @@ -57,6 +59,11 @@ module Clusters def can_create_cluster? clusterable.clusters.empty? end + + def validate_management_project_permissions(cluster) + Clusters::Management::ValidateManagementProjectPermissionsService.new(current_user) + .execute(cluster, params[:management_project_id]) + end end end diff --git a/app/services/clusters/management/validate_management_project_permissions_service.rb b/app/services/clusters/management/validate_management_project_permissions_service.rb new file mode 100644 index 00000000000..e89a0afe6d2 --- /dev/null +++ b/app/services/clusters/management/validate_management_project_permissions_service.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +module Clusters + module Management + class ValidateManagementProjectPermissionsService + attr_reader :current_user + + def initialize(user = nil) + @current_user = user + end + + def execute(cluster, management_project_id) + if management_project_id.present? + management_project = management_project_scope(cluster).find_by_id(management_project_id) + + unless management_project && can_admin_pipeline_for_project?(management_project) + cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action')) + + return false + end + end + + true + end + + private + + def can_admin_pipeline_for_project?(project) + Ability.allowed?(current_user, :admin_pipeline, project) + end + + def management_project_scope(cluster) + return ::Project.all if cluster.instance_type? + + group = + if cluster.group_type? + cluster.first_group + elsif cluster.project_type? + cluster.first_project&.namespace + end + + # Prevent users from selecting nested projects until + # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved + include_subgroups = cluster.group_type? + + ::GroupProjectsFinder.new( + group: group, + current_user: current_user, + options: { only_owned: true, include_subgroups: include_subgroups } + ).execute + end + end + end +end diff --git a/app/services/clusters/update_service.rb b/app/services/clusters/update_service.rb index 8cb77040b14..2315df612a1 100644 --- a/app/services/clusters/update_service.rb +++ b/app/services/clusters/update_service.rb @@ -18,46 +18,9 @@ module Clusters private - def can_admin_pipeline_for_project?(project) - Ability.allowed?(current_user, :admin_pipeline, project) - end - def validate_params(cluster) - if params[:management_project_id].present? - management_project = management_project_scope(cluster).find_by_id(params[:management_project_id]) - - unless management_project - cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action')) - - return false - end - - unless can_admin_pipeline_for_project?(management_project) - # Use same message as not found to prevent enumeration - cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action')) - - return false - end - end - - true - end - - def management_project_scope(cluster) - return ::Project.all if cluster.instance_type? - - group = - if cluster.group_type? - cluster.first_group - elsif cluster.project_type? - cluster.first_project&.namespace - end - - # Prevent users from selecting nested projects until - # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved - include_subgroups = cluster.group_type? - - ::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute + ::Clusters::Management::ValidateManagementProjectPermissionsService.new(current_user) + .execute(cluster, params[:management_project_id]) end end end diff --git a/app/services/environments/auto_stop_service.rb b/app/services/environments/auto_stop_service.rb index ee7f25a4d76..bde598abf66 100644 --- a/app/services/environments/auto_stop_service.rb +++ b/app/services/environments/auto_stop_service.rb @@ -30,7 +30,7 @@ module Environments def stop_in_batch environments = Environment.auto_stoppable(BATCH_SIZE) - return false unless environments.exists? && Feature.enabled?(:auto_stop_environments, default_enabled: true) + return false unless environments.exists? Ci::StopEnvironmentsService.execute_in_batch(environments) end diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index 62827f20929..91e19d190bd 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -489,6 +489,12 @@ class NotificationService end end + def pages_domain_auto_ssl_failed(domain) + project_maintainers_recipients(domain, action: 'disabled').each do |recipient| + mailer.pages_domain_auto_ssl_failed_email(domain, recipient.user).deliver_later + end + end + def issue_due(issue) recipients = NotificationRecipients::BuildService.build_recipients( issue, diff --git a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb index 93445dd4ddd..1c03641469e 100644 --- a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb +++ b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb @@ -57,6 +57,8 @@ module PagesDomains pages_domain.save!(validate: false) acme_order.destroy! + + NotificationService.new.pages_domain_auto_ssl_failed(pages_domain) end def log_error(api_order) |