diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-10-07 11:01:21 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-10-07 11:01:21 +0000 |
| commit | 546b18b90317c0c9c0163ddcc5c54798a0bed841 (patch) | |
| tree | ff10c1965e629113b25be892a72c0f181f1b8671 /app | |
| parent | 3cb798357fbfb8b3230b60130fc1c6b328ae84b7 (diff) | |
| parent | d13669716ab0c31ce9039ae9f7f073e33a4dc40f (diff) | |
| download | gitlab-ce-546b18b90317c0c9c0163ddcc5c54798a0bed841.tar.gz | |
Merge branch 'tc-geo-read-only-idea' into 'master'
Create idea of read-only database
Closes #37534
See merge request gitlab-org/gitlab-ce!14688
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/admin/application_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/boards/issues_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects/lfs_api_controller.rb | 18 | ||||
| -rw-r--r-- | app/controllers/projects/merge_requests/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 37 | ||||
| -rw-r--r-- | app/models/concerns/cache_markdown_field.rb | 14 | ||||
| -rw-r--r-- | app/models/concerns/routable.rb | 2 | ||||
| -rw-r--r-- | app/models/concerns/token_authenticatable.rb | 4 | ||||
| -rw-r--r-- | app/models/merge_request.rb | 2 | ||||
| -rw-r--r-- | app/models/project.rb | 4 | ||||
| -rw-r--r-- | app/models/user.rb | 8 | ||||
| -rw-r--r-- | app/services/keys/last_used_service.rb | 2 | ||||
| -rw-r--r-- | app/services/users/activity_service.rb | 2 |
13 files changed, 85 insertions, 26 deletions
diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb index a4648b33cfa..c27f2ee3c09 100644 --- a/app/controllers/admin/application_controller.rb +++ b/app/controllers/admin/application_controller.rb @@ -3,9 +3,23 @@ # Automatically sets the layout and ensures an administrator is logged in class Admin::ApplicationController < ApplicationController before_action :authenticate_admin! + before_action :display_read_only_information layout 'admin' def authenticate_admin! render_404 unless current_user.admin? end + + def display_read_only_information + return unless Gitlab::Database.read_only? + + flash.now[:notice] = read_only_message + end + + private + + # Overridden in EE + def read_only_message + _('You are on a read-only GitLab instance.') + end end diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb index 0d74078645a..737656b3dcc 100644 --- a/app/controllers/boards/issues_controller.rb +++ b/app/controllers/boards/issues_controller.rb @@ -10,7 +10,7 @@ module Boards def index issues = Boards::Issues::ListService.new(board_parent, current_user, filter_params).execute issues = issues.page(params[:page]).per(params[:per] || 20) - make_sure_position_is_set(issues) + make_sure_position_is_set(issues) if Gitlab::Database.read_write? issues = issues.preload(:project, :milestone, :assignees, diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb index 1b0d3aab3fa..536f908d2c5 100644 --- a/app/controllers/projects/lfs_api_controller.rb +++ b/app/controllers/projects/lfs_api_controller.rb @@ -2,6 +2,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController include LfsRequest skip_before_action :lfs_check_access!, only: [:deprecated] + before_action :lfs_check_batch_operation!, only: [:batch] def batch unless objects.present? @@ -90,4 +91,21 @@ class Projects::LfsApiController < Projects::GitHttpClientController } } end + + def lfs_check_batch_operation! + if upload_request? && Gitlab::Database.read_only? + render( + json: { + message: lfs_read_only_message + }, + content_type: 'application/vnd.git-lfs+json', + status: 403 + ) + end + end + + # Overridden in EE + def lfs_read_only_message + _('You cannot write to this read-only GitLab instance.') + end end diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index eb7d7bf374c..0e71977a58a 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -13,7 +13,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont # Make sure merge requests created before 8.0 # have head file in refs/merge-requests/ def ensure_ref_fetched - @merge_request.ensure_ref_fetched + @merge_request.ensure_ref_fetched if Gitlab::Database.read_write? end def merge_request_params diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index ada91694fd6..c01be42c3ee 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -8,8 +8,7 @@ class SessionsController < Devise::SessionsController prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] - prepend_before_action :store_redirect_path, only: [:new] - + prepend_before_action :store_redirect_uri, only: [:new] before_action :auto_sign_in_with_provider, only: [:new] before_action :load_recaptcha @@ -86,28 +85,36 @@ class SessionsController < Devise::SessionsController end end - def store_redirect_path - redirect_path = + def stored_redirect_uri + @redirect_to ||= stored_location_for(:redirect) + end + + def store_redirect_uri + redirect_uri = if request.referer.present? && (params['redirect_to_referer'] == 'yes') - referer_uri = URI(request.referer) - if referer_uri.host == Gitlab.config.gitlab.host - referer_uri.request_uri - else - request.fullpath - end + URI(request.referer) else - request.fullpath + URI(request.url) end # Prevent a 'you are already signed in' message directly after signing: # we should never redirect to '/users/sign_in' after signing in successfully. - unless URI(redirect_path).path == new_user_session_path - store_location_for(:redirect, redirect_path) - end + return true if redirect_uri.path == new_user_session_path + + redirect_to = redirect_uri.to_s if redirect_allowed_to?(redirect_uri) + + @redirect_to = redirect_to + store_location_for(:redirect, redirect_to) + end + + # Overridden in EE + def redirect_allowed_to?(uri) + uri.host == Gitlab.config.gitlab.host && + uri.port == Gitlab.config.gitlab.port end def two_factor_enabled? - find_user.try(:two_factor_enabled?) + find_user&.two_factor_enabled? end def auto_sign_in_with_provider diff --git a/app/models/concerns/cache_markdown_field.rb b/app/models/concerns/cache_markdown_field.rb index 193e459977a..9417033d1f6 100644 --- a/app/models/concerns/cache_markdown_field.rb +++ b/app/models/concerns/cache_markdown_field.rb @@ -59,7 +59,7 @@ module CacheMarkdownField # Update every column in a row if any one is invalidated, as we only store # one version per row - def refresh_markdown_cache!(do_update: false) + def refresh_markdown_cache options = { skip_project_check: skip_project_check? } updates = cached_markdown_fields.markdown_fields.map do |markdown_field| @@ -71,8 +71,14 @@ module CacheMarkdownField updates['cached_markdown_version'] = CacheMarkdownField::CACHE_VERSION updates.each {|html_field, data| write_attribute(html_field, data) } + end + + def refresh_markdown_cache! + updates = refresh_markdown_cache + + return unless persisted? && Gitlab::Database.read_write? - update_columns(updates) if persisted? && do_update + update_columns(updates) end def cached_html_up_to_date?(markdown_field) @@ -124,8 +130,8 @@ module CacheMarkdownField end # Using before_update here conflicts with elasticsearch-model somehow - before_create :refresh_markdown_cache!, if: :invalidated_markdown_cache? - before_update :refresh_markdown_cache!, if: :invalidated_markdown_cache? + before_create :refresh_markdown_cache, if: :invalidated_markdown_cache? + before_update :refresh_markdown_cache, if: :invalidated_markdown_cache? end class_methods do diff --git a/app/models/concerns/routable.rb b/app/models/concerns/routable.rb index 12e93be2104..22fde2eb134 100644 --- a/app/models/concerns/routable.rb +++ b/app/models/concerns/routable.rb @@ -156,6 +156,8 @@ module Routable end def update_route + return if Gitlab::Database.read_only? + prepare_route route.save end diff --git a/app/models/concerns/token_authenticatable.rb b/app/models/concerns/token_authenticatable.rb index a7d5de48c66..ec3543f7053 100644 --- a/app/models/concerns/token_authenticatable.rb +++ b/app/models/concerns/token_authenticatable.rb @@ -43,15 +43,17 @@ module TokenAuthenticatable write_attribute(token_field, token) if token end + # Returns a token, but only saves when the database is in read & write mode define_method("ensure_#{token_field}!") do send("reset_#{token_field}!") if read_attribute(token_field).blank? # rubocop:disable GitlabSecurity/PublicSend read_attribute(token_field) end + # Resets the token, but only saves when the database is in read & write mode define_method("reset_#{token_field}!") do write_new_token(token_field) - save! + save! if Gitlab::Database.read_write? end end end diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 9b312f7db6c..292122f779e 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -477,7 +477,7 @@ class MergeRequest < ActiveRecord::Base end def check_if_can_be_merged - return unless unchecked? + return unless unchecked? && Gitlab::Database.read_write? can_be_merged = !broken? && project.repository.can_be_merged?(diff_head_sha, target_branch) diff --git a/app/models/project.rb b/app/models/project.rb index ad1c339ae78..57e91ab3b88 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -824,7 +824,7 @@ class Project < ActiveRecord::Base end def cache_has_external_issue_tracker - update_column(:has_external_issue_tracker, services.external_issue_trackers.any?) + update_column(:has_external_issue_tracker, services.external_issue_trackers.any?) if Gitlab::Database.read_write? end def has_wiki? @@ -844,7 +844,7 @@ class Project < ActiveRecord::Base end def cache_has_external_wiki - update_column(:has_external_wiki, services.external_wikis.any?) + update_column(:has_external_wiki, services.external_wikis.any?) if Gitlab::Database.read_write? end def find_or_initialize_services(exceptions: []) diff --git a/app/models/user.rb b/app/models/user.rb index c3f115ca074..533a776bc65 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -459,6 +459,14 @@ class User < ActiveRecord::Base reset_password_sent_at.present? && reset_password_sent_at >= 1.minute.ago end + def remember_me! + super if ::Gitlab::Database.read_write? + end + + def forget_me! + super if ::Gitlab::Database.read_write? + end + def disable_two_factor! transaction do update_attributes( diff --git a/app/services/keys/last_used_service.rb b/app/services/keys/last_used_service.rb index 066f3246158..dbd79f7da55 100644 --- a/app/services/keys/last_used_service.rb +++ b/app/services/keys/last_used_service.rb @@ -16,6 +16,8 @@ module Keys end def update? + return false if ::Gitlab::Database.read_only? + last_used = key.last_used_at return false if last_used && (Time.zone.now - last_used) <= TIMEOUT diff --git a/app/services/users/activity_service.rb b/app/services/users/activity_service.rb index ab532a1fdcf..5803404c3c8 100644 --- a/app/services/users/activity_service.rb +++ b/app/services/users/activity_service.rb @@ -14,7 +14,7 @@ module Users private def record_activity - Gitlab::UserActivities.record(@author.id) + Gitlab::UserActivities.record(@author.id) if Gitlab::Database.read_write? Rails.logger.debug("Recorded activity: #{@activity} for User ID: #{@author.id} (username: #{@author.username})") end |