diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
commit | 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch) | |
tree | 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /app | |
parent | a325f3a104748ecc68df7c3d793940aa709a111f (diff) | |
download | gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 12 | ||||
-rw-r--r-- | app/controllers/graphql_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/groups_controller.rb | 3 | ||||
-rw-r--r-- | app/models/deployment.rb | 6 | ||||
-rw-r--r-- | app/models/environment.rb | 9 | ||||
-rw-r--r-- | app/models/namespace.rb | 4 | ||||
-rw-r--r-- | app/models/project.rb | 6 | ||||
-rw-r--r-- | app/models/protected_branch.rb | 10 | ||||
-rw-r--r-- | app/services/issues/import_csv_service.rb | 15 | ||||
-rw-r--r-- | app/services/projects/protect_default_branch_service.rb | 2 | ||||
-rw-r--r-- | app/views/admin/application_settings/_visibility_and_access.html.haml | 5 | ||||
-rw-r--r-- | app/views/groups/settings/_permissions.html.haml | 1 | ||||
-rw-r--r-- | app/views/shared/_default_branch_protection.html.haml | 3 |
14 files changed, 47 insertions, 35 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7cb629dee21..5a2eb2337aa 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -34,6 +34,7 @@ class ApplicationController < ActionController::Base before_action :check_impersonation_availability before_action :required_signup_info + around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? around_action :set_current_context around_action :set_locale around_action :set_session_storage diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index d5c26fca957..a9ef33bf3b9 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -5,12 +5,6 @@ # Controller concern to handle PAT, RSS, and static objects token authentication methods # module SessionlessAuthentication - extend ActiveSupport::Concern - - included do - before_action :enable_admin_mode!, if: :sessionless_user? - end - # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format) @@ -32,9 +26,9 @@ module SessionlessAuthentication end end - def enable_admin_mode! - return unless Feature.enabled?(:user_mode_in_session) + def sessionless_bypass_admin_mode!(&block) + return yield unless Feature.enabled?(:user_mode_in_session) - current_user_mode.enable_sessionless_admin_mode! + Gitlab::Auth::CurrentUserMode.bypass_session!(current_user.id, &block) end end diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index d7ff2ded5ae..522d171b5bf 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -15,6 +15,11 @@ class GraphqlController < ApplicationController before_action :authorize_access_api! before_action(only: [:execute]) { authenticate_sessionless_user!(:api) } + # Since we deactivate authentication from the main ApplicationController and + # defer it to :authorize_access_api!, we need to override the bypass session + # callback execution order here + around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? + def execute result = multiplex? ? execute_multiplex : execute_query diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 80c7a803392..7175eefcde7 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -195,7 +195,8 @@ class GroupsController < Groups::ApplicationController :require_two_factor_authentication, :two_factor_grace_period, :project_creation_level, - :subgroup_creation_level + :subgroup_creation_level, + :default_branch_protection ] end diff --git a/app/models/deployment.rb b/app/models/deployment.rb index fbb59173a3c..b118404b916 100644 --- a/app/models/deployment.rb +++ b/app/models/deployment.rb @@ -135,7 +135,7 @@ class Deployment < ApplicationRecord end def create_ref - project.repository.create_ref(ref, ref_path) + project.repository.create_ref(sha, ref_path) end def invalidate_cache @@ -280,12 +280,12 @@ class Deployment < ApplicationRecord errors.add(:ref, _('The branch or tag does not exist')) end - private - def ref_path File.join(environment.ref_path, 'deployments', iid.to_s) end + private + def legacy_finished_at self.created_at if success? && !read_attribute(:finished_at) end diff --git a/app/models/environment.rb b/app/models/environment.rb index 4224a32a6d7..0e2962b893a 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -193,15 +193,6 @@ class Environment < ApplicationRecord folder_name == "production" end - def first_deployment_for(commit_sha) - ref = project.repository.ref_name_for_sha(ref_path, commit_sha) - - return unless ref - - deployment_iid = ref.split('/').last - deployments.find_by(iid: deployment_iid) - end - def ref_path "refs/#{Repository::REF_ENVIRONMENTS}/#{slug}" end diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 99212d09b8e..f06e9da3b2a 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -139,6 +139,10 @@ class Namespace < ApplicationRecord end end + def default_branch_protection + super || Gitlab::CurrentSettings.default_branch_protection + end + def visibility_level_field :visibility_level end diff --git a/app/models/project.rb b/app/models/project.rb index f72e777c004..fdf7452d143 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2359,6 +2359,12 @@ class Project < ApplicationRecord Gitlab::Routing.url_helpers.revoke_project_deploy_token_path(self, token) end + def default_branch_protected? + branch_protection = Gitlab::Access::BranchProtection.new(self.namespace.default_branch_protection) + + branch_protection.fully_protected? || branch_protection.developer_can_merge? + end + private def closest_namespace_setting(name) diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb index 94c3b83564f..594c822c18f 100644 --- a/app/models/protected_branch.rb +++ b/app/models/protected_branch.rb @@ -11,7 +11,8 @@ class ProtectedBranch < ApplicationRecord def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil) # Maintainers, owners and admins are allowed to create the default branch - if default_branch_protected? && project.empty_repo? + + if project.empty_repo? && project.default_branch_protected? return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER end @@ -20,7 +21,7 @@ class ProtectedBranch < ApplicationRecord # Check if branch name is marked as protected in the system def self.protected?(project, ref_name) - return true if project.empty_repo? && default_branch_protected? + return true if project.empty_repo? && project.default_branch_protected? self.matching(ref_name, protected_refs: protected_refs(project)).present? end @@ -33,11 +34,6 @@ class ProtectedBranch < ApplicationRecord end end - def self.default_branch_protected? - Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL || - Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE - end - def self.protected_refs(project) project.protected_branches end diff --git a/app/services/issues/import_csv_service.rb b/app/services/issues/import_csv_service.rb index ef08fafa7cc..c01db5fcfe6 100644 --- a/app/services/issues/import_csv_service.rb +++ b/app/services/issues/import_csv_service.rb @@ -21,8 +21,19 @@ module Issues def process_csv csv_data = @csv_io.open(&:read).force_encoding(Encoding::UTF_8) - CSV.new(csv_data, col_sep: detect_col_sep(csv_data.lines.first), headers: true).each.with_index(2) do |row, line_no| - issue = Issues::CreateService.new(@project, @user, title: row[0], description: row[1]).execute + csv_parsing_params = { + col_sep: detect_col_sep(csv_data.lines.first), + headers: true, + header_converters: :symbol + } + + CSV.new(csv_data, csv_parsing_params).each.with_index(2) do |row, line_no| + issue_attributes = { + title: row[:title], + description: row[:description] + } + + issue = Issues::CreateService.new(@project, @user, issue_attributes).execute if issue.persisted? @results[:success] += 1 diff --git a/app/services/projects/protect_default_branch_service.rb b/app/services/projects/protect_default_branch_service.rb index 245490791bf..1d3fb523448 100644 --- a/app/services/projects/protect_default_branch_service.rb +++ b/app/services/projects/protect_default_branch_service.rb @@ -11,7 +11,7 @@ module Projects @project = project @default_branch_protection = Gitlab::Access::BranchProtection - .new(Gitlab::CurrentSettings.default_branch_protection) + .new(project.namespace.default_branch_protection) end def execute diff --git a/app/views/admin/application_settings/_visibility_and_access.html.haml b/app/views/admin/application_settings/_visibility_and_access.html.haml index ae90ffd9efc..a4acbe6c885 100644 --- a/app/views/admin/application_settings/_visibility_and_access.html.haml +++ b/app/views/admin/application_settings/_visibility_and_access.html.haml @@ -2,9 +2,8 @@ = form_errors(@application_setting) %fieldset - .form-group - = f.label :default_branch_protection, class: 'label-bold' - = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control' + = render 'shared/default_branch_protection', f: f, selected_level: @application_setting.default_branch_protection + .form-group = f.label s_('ProjectCreationLevel|Default project creation protection'), class: 'label-bold' = f.select :default_project_creation, options_for_select(Gitlab::Access.project_creation_options, @application_setting.default_project_creation), {}, class: 'form-control' diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 618cfe57be4..016a9c8e054 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -33,6 +33,7 @@ = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group = render 'groups/settings/lfs', f: f + = render 'shared/default_branch_protection', f: f, selected_level: @group.default_branch_protection = render 'groups/settings/project_creation_level', f: f, group: @group = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f diff --git a/app/views/shared/_default_branch_protection.html.haml b/app/views/shared/_default_branch_protection.html.haml new file mode 100644 index 00000000000..d7ae21debd8 --- /dev/null +++ b/app/views/shared/_default_branch_protection.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label :default_branch_protection, class: 'label-bold' + = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, selected_level), {}, class: 'form-control' |