summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-02 12:07:57 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-02 12:07:57 +0000
commit988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch)
tree9d93267209387e62d23ea7abf81ef9c0d64f2f0b /app
parenta325f3a104748ecc68df7c3d793940aa709a111f (diff)
downloadgitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r--app/controllers/application_controller.rb1
-rw-r--r--app/controllers/concerns/sessionless_authentication.rb12
-rw-r--r--app/controllers/graphql_controller.rb5
-rw-r--r--app/controllers/groups_controller.rb3
-rw-r--r--app/models/deployment.rb6
-rw-r--r--app/models/environment.rb9
-rw-r--r--app/models/namespace.rb4
-rw-r--r--app/models/project.rb6
-rw-r--r--app/models/protected_branch.rb10
-rw-r--r--app/services/issues/import_csv_service.rb15
-rw-r--r--app/services/projects/protect_default_branch_service.rb2
-rw-r--r--app/views/admin/application_settings/_visibility_and_access.html.haml5
-rw-r--r--app/views/groups/settings/_permissions.html.haml1
-rw-r--r--app/views/shared/_default_branch_protection.html.haml3
14 files changed, 47 insertions, 35 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7cb629dee21..5a2eb2337aa 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -34,6 +34,7 @@ class ApplicationController < ActionController::Base
before_action :check_impersonation_availability
before_action :required_signup_info
+ around_action :sessionless_bypass_admin_mode!, if: :sessionless_user?
around_action :set_current_context
around_action :set_locale
around_action :set_session_storage
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb
index d5c26fca957..a9ef33bf3b9 100644
--- a/app/controllers/concerns/sessionless_authentication.rb
+++ b/app/controllers/concerns/sessionless_authentication.rb
@@ -5,12 +5,6 @@
# Controller concern to handle PAT, RSS, and static objects token authentication methods
#
module SessionlessAuthentication
- extend ActiveSupport::Concern
-
- included do
- before_action :enable_admin_mode!, if: :sessionless_user?
- end
-
# This filter handles personal access tokens, atom requests with rss tokens, and static object tokens
def authenticate_sessionless_user!(request_format)
user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format)
@@ -32,9 +26,9 @@ module SessionlessAuthentication
end
end
- def enable_admin_mode!
- return unless Feature.enabled?(:user_mode_in_session)
+ def sessionless_bypass_admin_mode!(&block)
+ return yield unless Feature.enabled?(:user_mode_in_session)
- current_user_mode.enable_sessionless_admin_mode!
+ Gitlab::Auth::CurrentUserMode.bypass_session!(current_user.id, &block)
end
end
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index d7ff2ded5ae..522d171b5bf 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -15,6 +15,11 @@ class GraphqlController < ApplicationController
before_action :authorize_access_api!
before_action(only: [:execute]) { authenticate_sessionless_user!(:api) }
+ # Since we deactivate authentication from the main ApplicationController and
+ # defer it to :authorize_access_api!, we need to override the bypass session
+ # callback execution order here
+ around_action :sessionless_bypass_admin_mode!, if: :sessionless_user?
+
def execute
result = multiplex? ? execute_multiplex : execute_query
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 80c7a803392..7175eefcde7 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -195,7 +195,8 @@ class GroupsController < Groups::ApplicationController
:require_two_factor_authentication,
:two_factor_grace_period,
:project_creation_level,
- :subgroup_creation_level
+ :subgroup_creation_level,
+ :default_branch_protection
]
end
diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index fbb59173a3c..b118404b916 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -135,7 +135,7 @@ class Deployment < ApplicationRecord
end
def create_ref
- project.repository.create_ref(ref, ref_path)
+ project.repository.create_ref(sha, ref_path)
end
def invalidate_cache
@@ -280,12 +280,12 @@ class Deployment < ApplicationRecord
errors.add(:ref, _('The branch or tag does not exist'))
end
- private
-
def ref_path
File.join(environment.ref_path, 'deployments', iid.to_s)
end
+ private
+
def legacy_finished_at
self.created_at if success? && !read_attribute(:finished_at)
end
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 4224a32a6d7..0e2962b893a 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -193,15 +193,6 @@ class Environment < ApplicationRecord
folder_name == "production"
end
- def first_deployment_for(commit_sha)
- ref = project.repository.ref_name_for_sha(ref_path, commit_sha)
-
- return unless ref
-
- deployment_iid = ref.split('/').last
- deployments.find_by(iid: deployment_iid)
- end
-
def ref_path
"refs/#{Repository::REF_ENVIRONMENTS}/#{slug}"
end
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 99212d09b8e..f06e9da3b2a 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -139,6 +139,10 @@ class Namespace < ApplicationRecord
end
end
+ def default_branch_protection
+ super || Gitlab::CurrentSettings.default_branch_protection
+ end
+
def visibility_level_field
:visibility_level
end
diff --git a/app/models/project.rb b/app/models/project.rb
index f72e777c004..fdf7452d143 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2359,6 +2359,12 @@ class Project < ApplicationRecord
Gitlab::Routing.url_helpers.revoke_project_deploy_token_path(self, token)
end
+ def default_branch_protected?
+ branch_protection = Gitlab::Access::BranchProtection.new(self.namespace.default_branch_protection)
+
+ branch_protection.fully_protected? || branch_protection.developer_can_merge?
+ end
+
private
def closest_namespace_setting(name)
diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb
index 94c3b83564f..594c822c18f 100644
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -11,7 +11,8 @@ class ProtectedBranch < ApplicationRecord
def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
# Maintainers, owners and admins are allowed to create the default branch
- if default_branch_protected? && project.empty_repo?
+
+ if project.empty_repo? && project.default_branch_protected?
return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER
end
@@ -20,7 +21,7 @@ class ProtectedBranch < ApplicationRecord
# Check if branch name is marked as protected in the system
def self.protected?(project, ref_name)
- return true if project.empty_repo? && default_branch_protected?
+ return true if project.empty_repo? && project.default_branch_protected?
self.matching(ref_name, protected_refs: protected_refs(project)).present?
end
@@ -33,11 +34,6 @@ class ProtectedBranch < ApplicationRecord
end
end
- def self.default_branch_protected?
- Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL ||
- Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
- end
-
def self.protected_refs(project)
project.protected_branches
end
diff --git a/app/services/issues/import_csv_service.rb b/app/services/issues/import_csv_service.rb
index ef08fafa7cc..c01db5fcfe6 100644
--- a/app/services/issues/import_csv_service.rb
+++ b/app/services/issues/import_csv_service.rb
@@ -21,8 +21,19 @@ module Issues
def process_csv
csv_data = @csv_io.open(&:read).force_encoding(Encoding::UTF_8)
- CSV.new(csv_data, col_sep: detect_col_sep(csv_data.lines.first), headers: true).each.with_index(2) do |row, line_no|
- issue = Issues::CreateService.new(@project, @user, title: row[0], description: row[1]).execute
+ csv_parsing_params = {
+ col_sep: detect_col_sep(csv_data.lines.first),
+ headers: true,
+ header_converters: :symbol
+ }
+
+ CSV.new(csv_data, csv_parsing_params).each.with_index(2) do |row, line_no|
+ issue_attributes = {
+ title: row[:title],
+ description: row[:description]
+ }
+
+ issue = Issues::CreateService.new(@project, @user, issue_attributes).execute
if issue.persisted?
@results[:success] += 1
diff --git a/app/services/projects/protect_default_branch_service.rb b/app/services/projects/protect_default_branch_service.rb
index 245490791bf..1d3fb523448 100644
--- a/app/services/projects/protect_default_branch_service.rb
+++ b/app/services/projects/protect_default_branch_service.rb
@@ -11,7 +11,7 @@ module Projects
@project = project
@default_branch_protection = Gitlab::Access::BranchProtection
- .new(Gitlab::CurrentSettings.default_branch_protection)
+ .new(project.namespace.default_branch_protection)
end
def execute
diff --git a/app/views/admin/application_settings/_visibility_and_access.html.haml b/app/views/admin/application_settings/_visibility_and_access.html.haml
index ae90ffd9efc..a4acbe6c885 100644
--- a/app/views/admin/application_settings/_visibility_and_access.html.haml
+++ b/app/views/admin/application_settings/_visibility_and_access.html.haml
@@ -2,9 +2,8 @@
= form_errors(@application_setting)
%fieldset
- .form-group
- = f.label :default_branch_protection, class: 'label-bold'
- = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
+ = render 'shared/default_branch_protection', f: f, selected_level: @application_setting.default_branch_protection
+
.form-group
= f.label s_('ProjectCreationLevel|Default project creation protection'), class: 'label-bold'
= f.select :default_project_creation, options_for_select(Gitlab::Access.project_creation_options, @application_setting.default_project_creation), {}, class: 'form-control'
diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml
index 618cfe57be4..016a9c8e054 100644
--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -33,6 +33,7 @@
= render_if_exists 'groups/settings/ip_restriction', f: f, group: @group
= render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group
= render 'groups/settings/lfs', f: f
+ = render 'shared/default_branch_protection', f: f, selected_level: @group.default_branch_protection
= render 'groups/settings/project_creation_level', f: f, group: @group
= render 'groups/settings/subgroup_creation_level', f: f, group: @group
= render 'groups/settings/two_factor_auth', f: f
diff --git a/app/views/shared/_default_branch_protection.html.haml b/app/views/shared/_default_branch_protection.html.haml
new file mode 100644
index 00000000000..d7ae21debd8
--- /dev/null
+++ b/app/views/shared/_default_branch_protection.html.haml
@@ -0,0 +1,3 @@
+.form-group
+ = f.label :default_branch_protection, class: 'label-bold'
+ = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, selected_level), {}, class: 'form-control'