summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-01-23 12:08:38 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-01-23 12:08:38 +0000
commit5ad0cf26551baff8f08af8562a8d45e6ec14d71a (patch)
tree57f1a6bad31bcd11efacd3fdfb9cc92f88fb6a86 /app
parentf47c768fad17d4c876e96524f83f8306f071db66 (diff)
downloadgitlab-ce-5ad0cf26551baff8f08af8562a8d45e6ec14d71a.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r--app/assets/javascripts/groups/components/group_folder.vue2
-rw-r--r--app/assets/javascripts/groups/components/group_item.vue4
-rw-r--r--app/assets/javascripts/serverless/components/environment_row.vue2
-rw-r--r--app/assets/javascripts/serverless/components/function_row.vue2
-rw-r--r--app/assets/stylesheets/pages/groups.scss11
-rw-r--r--app/controllers/concerns/page_limiter.rb68
-rw-r--r--app/controllers/explore/projects_controller.rb33
-rw-r--r--app/controllers/projects/snippets_controller.rb24
-rw-r--r--app/controllers/snippets/notes_controller.rb2
-rw-r--r--app/controllers/snippets_controller.rb8
-rw-r--r--app/controllers/uploads_controller.rb2
-rw-r--r--app/graphql/mutations/snippets/create.rb4
-rw-r--r--app/graphql/types/permission_types/project.rb2
-rw-r--r--app/graphql/types/permission_types/user.rb2
-rw-r--r--app/helpers/markup_helper.rb29
-rw-r--r--app/helpers/projects_helper.rb4
-rw-r--r--app/mailers/emails/notes.rb16
-rw-r--r--app/models/ability.rb2
-rw-r--r--app/models/concerns/project_features_compatibility.rb4
-rw-r--r--app/models/event.rb6
-rw-r--r--app/models/note.rb2
-rw-r--r--app/models/project.rb4
-rw-r--r--app/models/snippet.rb6
-rw-r--r--app/policies/global_policy.rb4
-rw-r--r--app/policies/personal_snippet_policy.rb15
-rw-r--r--app/policies/project_policy.rb14
-rw-r--r--app/policies/project_snippet_policy.rb37
-rw-r--r--app/services/snippets/destroy_service.rb4
-rw-r--r--app/views/admin/application_settings/_account_and_limit.html.haml2
-rw-r--r--app/views/dashboard/_snippets_head.html.haml2
-rw-r--r--app/views/dashboard/snippets/index.html.haml2
-rw-r--r--app/views/explore/projects/page_out_of_bounds.html.haml21
-rw-r--r--app/views/layouts/header/_new_dropdown.haml4
-rw-r--r--app/views/notify/note_project_snippet_email.html.haml1
-rw-r--r--app/views/notify/note_project_snippet_email.text.erb1
-rw-r--r--app/views/notify/note_snippet_email.html.haml (renamed from app/views/notify/note_personal_snippet_email.html.haml)0
-rw-r--r--app/views/notify/note_snippet_email.text.erb (renamed from app/views/notify/note_personal_snippet_email.text.erb)0
-rw-r--r--app/views/projects/buttons/_dropdown.html.haml2
-rw-r--r--app/views/projects/snippets/_actions.html.haml14
-rw-r--r--app/views/projects/snippets/index.html.haml2
-rw-r--r--app/views/snippets/_actions.html.haml12
-rw-r--r--app/views/snippets/_snippets.html.haml2
42 files changed, 246 insertions, 132 deletions
diff --git a/app/assets/javascripts/groups/components/group_folder.vue b/app/assets/javascripts/groups/components/group_folder.vue
index e885b2b5f41..cf8c9bf74ec 100644
--- a/app/assets/javascripts/groups/components/group_folder.vue
+++ b/app/assets/javascripts/groups/components/group_folder.vue
@@ -44,7 +44,7 @@ export default {
:action="action"
/>
<li v-if="hasMoreChildren" class="group-row">
- <a :href="parentGroup.relativePath" class="group-row-contents has-more-items">
+ <a :href="parentGroup.relativePath" class="group-row-contents has-more-items py-2">
<i class="fa fa-external-link" aria-hidden="true"> </i> {{ moreChildrenStats }}
</a>
</li>
diff --git a/app/assets/javascripts/groups/components/group_item.vue b/app/assets/javascripts/groups/components/group_item.vue
index ede74d18ed4..af9399a37bd 100644
--- a/app/assets/javascripts/groups/components/group_item.vue
+++ b/app/assets/javascripts/groups/components/group_item.vue
@@ -91,7 +91,7 @@ export default {
<li :id="groupDomId" :class="rowClass" class="group-row" @click.stop="onClickRowGroup">
<div
:class="{ 'project-row-contents': !isGroup }"
- class="group-row-contents d-flex align-items-center"
+ class="group-row-contents d-flex align-items-center py-2"
>
<div class="folder-toggle-wrap append-right-4 d-flex align-items-center">
<item-caret :is-group-open="group.isOpen" />
@@ -104,7 +104,7 @@ export default {
/>
<div
:class="{ 'd-sm-flex': !group.isChildrenLoading }"
- class="avatar-container rect-avatar s40 d-none flex-grow-0 flex-shrink-0 "
+ class="avatar-container rect-avatar s32 d-none flex-grow-0 flex-shrink-0 "
>
<a :href="group.relativePath" class="no-expand">
<img v-if="hasAvatar" :src="group.avatarUrl" class="avatar s40" />
diff --git a/app/assets/javascripts/serverless/components/environment_row.vue b/app/assets/javascripts/serverless/components/environment_row.vue
index 4d18c5c4bdd..089e0550583 100644
--- a/app/assets/javascripts/serverless/components/environment_row.vue
+++ b/app/assets/javascripts/serverless/components/environment_row.vue
@@ -47,7 +47,7 @@ export default {
<template>
<li :id="envId" :class="isOpenClass" class="group-row has-children">
<div
- class="group-row-contents d-flex justify-content-end align-items-center"
+ class="group-row-contents d-flex justify-content-end align-items-center py-2"
role="button"
@click.stop="toggleOpen"
>
diff --git a/app/assets/javascripts/serverless/components/function_row.vue b/app/assets/javascripts/serverless/components/function_row.vue
index 4b3bb078eae..dca0e01b250 100644
--- a/app/assets/javascripts/serverless/components/function_row.vue
+++ b/app/assets/javascripts/serverless/components/function_row.vue
@@ -63,7 +63,7 @@ export default {
<template>
<li :id="name" class="group-row">
- <div class="group-row-contents" role="button" @click="openDetails">
+ <div class="group-row-contents py-2" role="button" @click="openDetails">
<p class="float-right text-right">
<span>{{ image }}</span
><br />
diff --git a/app/assets/stylesheets/pages/groups.scss b/app/assets/stylesheets/pages/groups.scss
index 1cf72c51ca7..3085f5e89b5 100644
--- a/app/assets/stylesheets/pages/groups.scss
+++ b/app/assets/stylesheets/pages/groups.scss
@@ -382,8 +382,6 @@ table.pipeline-project-metrics tr td {
}
.group-row-contents {
- padding: $gl-padding;
-
&:hover {
border-color: $blue-200;
background-color: $blue-50;
@@ -410,13 +408,7 @@ table.pipeline-project-metrics tr td {
.title {
margin-top: -$gl-padding-8; // negative margin required for flex-wrap
- font-size: $gl-font-size-large;
- }
-
- @include media-breakpoint-down(md) {
- .title {
- font-size: $gl-font-size;
- }
+ font-size: $gl-font-size;
}
&.has-more-items {
@@ -483,7 +475,6 @@ table.pipeline-project-metrics tr td {
.last-updated {
position: relative;
- right: 12px;
min-width: 250px;
text-align: right;
color: $gl-text-color-secondary;
diff --git a/app/controllers/concerns/page_limiter.rb b/app/controllers/concerns/page_limiter.rb
new file mode 100644
index 00000000000..5b078d80fca
--- /dev/null
+++ b/app/controllers/concerns/page_limiter.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# Include this in your controller and call `limit_pages` in order
+# to configure the limiter.
+#
+# Examples:
+# class MyController < ApplicationController
+# include PageLimiter
+#
+# before_action only: [:index] do
+# limit_pages(500)
+# end
+#
+# # You can override the default response
+# rescue_from PageOutOfBoundsError, with: :page_out_of_bounds
+#
+# def page_out_of_bounds(error)
+# # Page limit number is available as error.message
+# head :ok
+# end
+#
+
+module PageLimiter
+ extend ActiveSupport::Concern
+
+ PageLimiterError = Class.new(StandardError)
+ PageLimitNotANumberError = Class.new(PageLimiterError)
+ PageLimitNotSensibleError = Class.new(PageLimiterError)
+ PageOutOfBoundsError = Class.new(PageLimiterError)
+
+ included do
+ rescue_from PageOutOfBoundsError, with: :default_page_out_of_bounds_response
+ end
+
+ def limit_pages(max_page_number)
+ check_page_number!(max_page_number)
+ end
+
+ private
+
+ # If the page exceeds the defined maximum, raise a PageOutOfBoundsError
+ # If the page doesn't exceed the limit, it does nothing.
+ def check_page_number!(max_page_number)
+ raise PageLimitNotANumberError unless max_page_number.is_a?(Integer)
+ raise PageLimitNotSensibleError unless max_page_number > 0
+
+ if params[:page].present? && params[:page].to_i > max_page_number
+ record_page_limit_interception
+ raise PageOutOfBoundsError.new(max_page_number)
+ end
+ end
+
+ # By default just return a HTTP status code and an empty response
+ def default_page_out_of_bounds_response
+ head :bad_request
+ end
+
+ # Record the page limit being hit in Prometheus
+ def record_page_limit_interception
+ dd = DeviceDetector.new(request.user_agent)
+
+ Gitlab::Metrics.counter(:gitlab_page_out_of_bounds,
+ controller: params[:controller],
+ action: params[:action],
+ bot: dd.bot?
+ )
+ end
+end
diff --git a/app/controllers/explore/projects_controller.rb b/app/controllers/explore/projects_controller.rb
index 271f2b4b57d..a8a76b47bbe 100644
--- a/app/controllers/explore/projects_controller.rb
+++ b/app/controllers/explore/projects_controller.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
class Explore::ProjectsController < Explore::ApplicationController
+ include PageLimiter
include ParamsBackwardCompatibility
include RendersMemberAccess
include SortingHelper
@@ -9,6 +10,13 @@ class Explore::ProjectsController < Explore::ApplicationController
before_action :set_non_archived_param
before_action :set_sorting
+ # Limit taken from https://gitlab.com/gitlab-org/gitlab/issues/38357
+ before_action only: [:index, :trending, :starred] do
+ limit_pages(200)
+ end
+
+ rescue_from PageOutOfBoundsError, with: :page_out_of_bounds
+
def index
@projects = load_projects
@@ -53,10 +61,14 @@ class Explore::ProjectsController < Explore::ApplicationController
private
- # rubocop: disable CodeReuse/ActiveRecord
- def load_projects
+ def load_project_counts
@total_user_projects_count = ProjectsFinder.new(params: { non_public: true }, current_user: current_user).execute
@total_starred_projects_count = ProjectsFinder.new(params: { starred: true }, current_user: current_user).execute
+ end
+
+ # rubocop: disable CodeReuse/ActiveRecord
+ def load_projects
+ load_project_counts
projects = ProjectsFinder.new(current_user: current_user, params: params)
.execute
@@ -80,4 +92,21 @@ class Explore::ProjectsController < Explore::ApplicationController
def sorting_field
Project::SORTING_PREFERENCE_FIELD
end
+
+ def page_out_of_bounds(error)
+ load_project_counts
+ @max_page_number = error.message
+
+ respond_to do |format|
+ format.html do
+ render "page_out_of_bounds", status: :bad_request
+ end
+
+ format.json do
+ render json: {
+ html: view_to_html_string("explore/projects/page_out_of_bounds")
+ }, status: :bad_request
+ end
+ end
+ end
end
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index daddd9dd485..d7ae6d2cbb4 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -15,17 +15,17 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :check_snippets_available!
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam]
- # Allow read any snippet
- before_action :authorize_read_project_snippet!, except: [:new, :create, :index]
+ # Allow create snippet
+ before_action :authorize_create_snippet!, only: [:new, :create]
- # Allow write(create) snippet
- before_action :authorize_create_project_snippet!, only: [:new, :create]
+ # Allow read any snippet
+ before_action :authorize_read_snippet!, except: [:new, :create, :index]
# Allow modify snippet
- before_action :authorize_update_project_snippet!, only: [:edit, :update]
+ before_action :authorize_update_snippet!, only: [:edit, :update]
# Allow destroy snippet
- before_action :authorize_admin_project_snippet!, only: [:destroy]
+ before_action :authorize_admin_snippet!, only: [:destroy]
respond_to :html
@@ -115,16 +115,16 @@ class Projects::SnippetsController < Projects::ApplicationController
project_snippet_path(@project, @snippet)
end
- def authorize_read_project_snippet!
- return render_404 unless can?(current_user, :read_project_snippet, @snippet)
+ def authorize_read_snippet!
+ return render_404 unless can?(current_user, :read_snippet, @snippet)
end
- def authorize_update_project_snippet!
- return render_404 unless can?(current_user, :update_project_snippet, @snippet)
+ def authorize_update_snippet!
+ return render_404 unless can?(current_user, :update_snippet, @snippet)
end
- def authorize_admin_project_snippet!
- return render_404 unless can?(current_user, :admin_project_snippet, @snippet)
+ def authorize_admin_snippet!
+ return render_404 unless can?(current_user, :admin_snippet, @snippet)
end
def snippet_params
diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb
index 551b37cb3d3..a7e8ef0798b 100644
--- a/app/controllers/snippets/notes_controller.rb
+++ b/app/controllers/snippets/notes_controller.rb
@@ -33,7 +33,7 @@ class Snippets::NotesController < ApplicationController
end
def authorize_read_snippet!
- return render_404 unless can?(current_user, :read_personal_snippet, snippet)
+ return render_404 unless can?(current_user, :read_snippet, snippet)
end
def authorize_create_note!
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index fc073e47368..b6ad5fd02b0 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -126,7 +126,7 @@ class SnippetsController < ApplicationController
end
def authorize_read_snippet!
- return if can?(current_user, :read_personal_snippet, @snippet)
+ return if can?(current_user, :read_snippet, @snippet)
if current_user
render_404
@@ -136,15 +136,15 @@ class SnippetsController < ApplicationController
end
def authorize_update_snippet!
- return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
+ return render_404 unless can?(current_user, :update_snippet, @snippet)
end
def authorize_admin_snippet!
- return render_404 unless can?(current_user, :admin_personal_snippet, @snippet)
+ return render_404 unless can?(current_user, :admin_snippet, @snippet)
end
def authorize_create_snippet!
- return render_404 unless can?(current_user, :create_personal_snippet)
+ return render_404 unless can?(current_user, :create_snippet)
end
def snippet_params
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 67d33648470..0b092d2622b 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -41,6 +41,8 @@ class UploadsController < ApplicationController
case model
when Note
can?(current_user, :read_project, model.project)
+ when Snippet, ProjectSnippet
+ can?(current_user, :read_snippet, model)
when User
# We validate the current user has enough (writing)
# access to itself when a secret is given.
diff --git a/app/graphql/mutations/snippets/create.rb b/app/graphql/mutations/snippets/create.rb
index 4e0e65d09a9..266a123de82 100644
--- a/app/graphql/mutations/snippets/create.rb
+++ b/app/graphql/mutations/snippets/create.rb
@@ -67,11 +67,11 @@ module Mutations
end
def authorized_resource?(project)
- Ability.allowed?(context[:current_user], :create_project_snippet, project)
+ Ability.allowed?(context[:current_user], :create_snippet, project)
end
def can_create_personal_snippet?
- Ability.allowed?(context[:current_user], :create_personal_snippet)
+ Ability.allowed?(context[:current_user], :create_snippet)
end
end
end
diff --git a/app/graphql/types/permission_types/project.rb b/app/graphql/types/permission_types/project.rb
index 2879dbd2b5c..094c72fa812 100644
--- a/app/graphql/types/permission_types/project.rb
+++ b/app/graphql/types/permission_types/project.rb
@@ -21,7 +21,7 @@ module Types
permission_field :create_snippet
def create_snippet
- Ability.allowed?(context[:current_user], :create_project_snippet, object)
+ Ability.allowed?(context[:current_user], :create_snippet, object)
end
end
end
diff --git a/app/graphql/types/permission_types/user.rb b/app/graphql/types/permission_types/user.rb
index dba4de2dacc..93d9787d58e 100644
--- a/app/graphql/types/permission_types/user.rb
+++ b/app/graphql/types/permission_types/user.rb
@@ -8,7 +8,7 @@ module Types
permission_field :create_snippet
def create_snippet
- Ability.allowed?(context[:current_user], :create_personal_snippet)
+ Ability.allowed?(context[:current_user], :create_snippet)
end
end
end
diff --git a/app/helpers/markup_helper.rb b/app/helpers/markup_helper.rb
index d6e466d4678..e24d6a0e8db 100644
--- a/app/helpers/markup_helper.rb
+++ b/app/helpers/markup_helper.rb
@@ -76,13 +76,14 @@ module MarkupHelper
# +max_chars+ limit. If the length limit falls within a tag's contents, then
# the tag contents are truncated without removing the closing tag.
def first_line_in_markdown(object, attribute, max_chars = nil, options = {})
- md = markdown_field(object, attribute, options)
+ md = markdown_field(object, attribute, options.merge(post_process: false))
return unless md.present?
tags = %w(a gl-emoji b pre code p span)
tags << 'img' if options[:allow_images]
text = truncate_visible(md, max_chars || md.length)
+ text = prepare_for_rendering(text, markdown_field_render_context(object, attribute, options))
text = sanitize(
text,
tags: tags,
@@ -107,15 +108,12 @@ module MarkupHelper
def markdown_field(object, field, context = {})
object = object.for_display if object.respond_to?(:for_display)
- redacted_field_html = object.try(:"redacted_#{field}_html")
-
return '' unless object.present?
- return redacted_field_html if redacted_field_html
- html = Banzai.render_field(object, field, context)
- context.reverse_merge!(object.banzai_render_context(field)) if object.respond_to?(:banzai_render_context)
+ redacted_field_html = object.try(:"redacted_#{field}_html")
+ return redacted_field_html if redacted_field_html
- prepare_for_rendering(html, context)
+ render_markdown_field(object, field, context)
end
def markup(file_name, text, context = {})
@@ -277,6 +275,23 @@ module MarkupHelper
Gitlab::OtherMarkup.render(file_name, text, context)
end
+ def render_markdown_field(object, field, context = {})
+ post_process = context.delete(:post_process)
+ post_process = true if post_process.nil?
+
+ html = Banzai.render_field(object, field, context)
+
+ return html unless post_process
+
+ prepare_for_rendering(html, markdown_field_render_context(object, field, context))
+ end
+
+ def markdown_field_render_context(object, field, base_context = {})
+ return base_context unless object.respond_to?(:banzai_render_context)
+
+ base_context.reverse_merge(object.banzai_render_context(field))
+ end
+
def prepare_for_rendering(html, context = {})
return '' unless html.present?
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 63f1f24b611..339d68871ae 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -425,7 +425,7 @@ module ProjectsHelper
{
environments: :read_environment,
milestones: :read_milestone,
- snippets: :read_project_snippet,
+ snippets: :read_snippet,
settings: :admin_project,
builds: :read_build,
clusters: :read_cluster,
@@ -443,7 +443,7 @@ module ProjectsHelper
blobs: :download_code,
commits: :download_code,
merge_requests: :read_merge_request,
- notes: [:read_merge_request, :download_code, :read_issue, :read_project_snippet],
+ notes: [:read_merge_request, :download_code, :read_issue, :read_snippet],
members: :read_project_member
)
end
diff --git a/app/mailers/emails/notes.rb b/app/mailers/emails/notes.rb
index de70d0073b3..6dd4ccb510a 100644
--- a/app/mailers/emails/notes.rb
+++ b/app/mailers/emails/notes.rb
@@ -26,19 +26,17 @@ module Emails
mail_answer_note_thread(@merge_request, @note, note_thread_options(recipient_id, reason))
end
- def note_project_snippet_email(recipient_id, note_id, reason = nil)
+ def note_snippet_email(recipient_id, note_id, reason = nil)
setup_note_mail(note_id, recipient_id)
-
@snippet = @note.noteable
- @target_url = project_snippet_url(*note_target_url_options)
- mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason))
- end
- def note_personal_snippet_email(recipient_id, note_id, reason = nil)
- setup_note_mail(note_id, recipient_id)
+ case @snippet
+ when ProjectSnippet
+ @target_url = project_snippet_url(*note_target_url_options)
+ when Snippet
+ @target_url = gitlab_snippet_url(@note.noteable)
+ end
- @snippet = @note.noteable
- @target_url = gitlab_snippet_url(@note.noteable)
mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason))
end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 1466407d0d1..671a92632d5 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -24,7 +24,7 @@ class Ability
# read the given snippet.
def users_that_can_read_personal_snippet(users, snippet)
DeclarativePolicy.subject_scope do
- users.select { |u| allowed?(u, :read_personal_snippet, snippet) }
+ users.select { |u| allowed?(u, :read_snippet, snippet) }
end
end
diff --git a/app/models/concerns/project_features_compatibility.rb b/app/models/concerns/project_features_compatibility.rb
index eac676f30a5..76d26500267 100644
--- a/app/models/concerns/project_features_compatibility.rb
+++ b/app/models/concerns/project_features_compatibility.rb
@@ -62,6 +62,10 @@ module ProjectFeaturesCompatibility
write_feature_attribute_string(:snippets_access_level, value)
end
+ def pages_access_level=(value)
+ write_feature_attribute_string(:pages_access_level, value)
+ end
+
private
def write_feature_attribute_boolean(field, value)
diff --git a/app/models/event.rb b/app/models/event.rb
index 9611019adb8..35fb062311f 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -145,10 +145,8 @@ class Event < ApplicationRecord
Ability.allowed?(user, :read_issue, note? ? note_target : target)
elsif merge_request? || merge_request_note?
Ability.allowed?(user, :read_merge_request, note? ? note_target : target)
- elsif personal_snippet_note?
- Ability.allowed?(user, :read_personal_snippet, note_target)
- elsif project_snippet_note?
- Ability.allowed?(user, :read_project_snippet, note_target)
+ elsif personal_snippet_note? || project_snippet_note?
+ Ability.allowed?(user, :read_snippet, note_target)
elsif milestone?
Ability.allowed?(user, :read_milestone, project)
else
diff --git a/app/models/note.rb b/app/models/note.rb
index de9478ce68d..0434f0963d3 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -367,7 +367,7 @@ class Note < ApplicationRecord
end
def noteable_ability_name
- for_snippet? ? noteable.class.name.underscore : noteable_type.demodulize.underscore
+ for_snippet? ? 'snippet' : noteable_type.demodulize.underscore
end
def can_be_discussion_note?
diff --git a/app/models/project.rb b/app/models/project.rb
index a73ca7d5bbb..236111cba94 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -322,7 +322,7 @@ class Project < ApplicationRecord
:pages_enabled?, :public_pages?, :private_pages?,
:merge_requests_access_level, :forking_access_level, :issues_access_level,
:wiki_access_level, :snippets_access_level, :builds_access_level,
- :repository_access_level,
+ :repository_access_level, :pages_access_level,
to: :project_feature, allow_nil: true
delegate :scheduled?, :started?, :in_progress?, :failed?, :finished?,
prefix: :import, to: :import_state, allow_nil: true
@@ -2274,7 +2274,7 @@ class Project < ApplicationRecord
end
def snippets_visible?(user = nil)
- Ability.allowed?(user, :read_project_snippet, self)
+ Ability.allowed?(user, :read_snippet, self)
end
def max_attachment_size
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index b7f396681af..19685cdb78e 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -215,9 +215,7 @@ class Snippet < ApplicationRecord
end
def embeddable?
- ability = project_id? ? :read_project_snippet : :read_personal_snippet
-
- Ability.allowed?(nil, ability, self)
+ Ability.allowed?(nil, :read_snippet, self)
end
def notes_with_associations
@@ -240,7 +238,7 @@ class Snippet < ApplicationRecord
end
def to_ability_name
- model_name.singular
+ 'snippet'
end
def valid_secret_token?(token)
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index f212bb06bc9..764d61a9e22 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -75,7 +75,7 @@ class GlobalPolicy < BasePolicy
rule { ~anonymous }.policy do
enable :read_instance_metadata
- enable :create_personal_snippet
+ enable :create_snippet
end
rule { admin }.policy do
@@ -83,7 +83,7 @@ class GlobalPolicy < BasePolicy
enable :update_custom_attribute
end
- rule { external_user }.prevent :create_personal_snippet
+ rule { external_user }.prevent :create_snippet
end
GlobalPolicy.prepend_if_ee('EE::GlobalPolicy')
diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb
index c2fcf1a1010..bc60913563c 100644
--- a/app/policies/personal_snippet_policy.rb
+++ b/app/policies/personal_snippet_policy.rb
@@ -6,19 +6,19 @@ class PersonalSnippetPolicy < BasePolicy
condition(:internal_snippet, scope: :subject) { @subject.internal? }
rule { public_snippet }.policy do
- enable :read_personal_snippet
+ enable :read_snippet
enable :create_note
end
rule { is_author | admin }.policy do
- enable :read_personal_snippet
- enable :update_personal_snippet
- enable :admin_personal_snippet
+ enable :read_snippet
+ enable :update_snippet
+ enable :admin_snippet
enable :create_note
end
rule { internal_snippet & ~external_user }.policy do
- enable :read_personal_snippet
+ enable :read_snippet
enable :create_note
end
@@ -26,8 +26,5 @@ class PersonalSnippetPolicy < BasePolicy
rule { can?(:create_note) }.enable :award_emoji
- rule { can?(:read_all_resources) }.enable :read_personal_snippet
-
- # Aliasing the ability to ease GraphQL permissions check
- rule { can?(:read_personal_snippet) }.enable :read_snippet
+ rule { can?(:read_all_resources) }.enable :read_snippet
end
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 2789152e175..bbcb3c637a9 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -9,7 +9,7 @@ class ProjectPolicy < BasePolicy
merge_request
label
milestone
- project_snippet
+ snippet
wiki
note
pipeline
@@ -185,7 +185,7 @@ class ProjectPolicy < BasePolicy
enable :read_issue
enable :read_label
enable :read_milestone
- enable :read_project_snippet
+ enable :read_snippet
enable :read_project_member
enable :read_note
enable :create_project
@@ -208,7 +208,7 @@ class ProjectPolicy < BasePolicy
enable :download_code
enable :read_statistics
enable :download_wiki_code
- enable :create_project_snippet
+ enable :create_snippet
enable :update_issue
enable :reopen_issue
enable :admin_issue
@@ -286,8 +286,8 @@ class ProjectPolicy < BasePolicy
rule { can?(:maintainer_access) }.policy do
enable :admin_board
enable :push_to_delete_protected_branch
- enable :update_project_snippet
- enable :admin_project_snippet
+ enable :update_snippet
+ enable :admin_snippet
enable :admin_project_member
enable :admin_note
enable :admin_wiki
@@ -352,7 +352,7 @@ class ProjectPolicy < BasePolicy
end
rule { snippets_disabled }.policy do
- prevent(*create_read_update_admin_destroy(:project_snippet))
+ prevent(*create_read_update_admin_destroy(:snippet))
end
rule { wiki_disabled }.policy do
@@ -405,7 +405,7 @@ class ProjectPolicy < BasePolicy
enable :read_wiki
enable :read_label
enable :read_milestone
- enable :read_project_snippet
+ enable :read_snippet
enable :read_project_member
enable :read_merge_request
enable :read_note
diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb
index a9094fbd958..a38d9154102 100644
--- a/app/policies/project_snippet_policy.rb
+++ b/app/policies/project_snippet_policy.rb
@@ -14,44 +14,41 @@ class ProjectSnippetPolicy < BasePolicy
# We have to check both project feature visibility and a snippet visibility and take the stricter one
# This will be simplified - check https://gitlab.com/gitlab-org/gitlab-foss/issues/27573
rule { ~can?(:read_project) }.policy do
- prevent :read_project_snippet
- prevent :update_project_snippet
- prevent :admin_project_snippet
+ prevent :read_snippet
+ prevent :update_snippet
+ prevent :admin_snippet
end
- # we have to use this complicated prevent because the delegated project policy
- # is overly greedy in allowing :read_project_snippet, since it doesn't have any
- # information about the snippet. However, :read_project_snippet on the *project*
- # is used to hide/show various snippet-related controls, so we can't just move
- # all of the handling here.
+ # we have to use this complicated prevent because the delegated project
+ # policy is overly greedy in allowing :read_snippet, since it doesn't have
+ # any information about the snippet. However, :read_snippet on the *project*
+ # is used to hide/show various snippet-related controls, so we can't just
+ # move all of the handling here.
rule do
all?(private_snippet | (internal_snippet & external_user),
~project.guest,
~is_author,
~can?(:read_all_resources))
- end.prevent :read_project_snippet
+ end.prevent :read_snippet
rule { internal_snippet & ~is_author & ~admin }.policy do
- prevent :update_project_snippet
- prevent :admin_project_snippet
+ prevent :update_snippet
+ prevent :admin_snippet
end
- rule { public_snippet }.enable :read_project_snippet
+ rule { public_snippet }.enable :read_snippet
rule { is_author & ~project.reporter & ~admin }.policy do
- prevent :admin_project_snippet
+ prevent :admin_snippet
end
rule { is_author | admin }.policy do
- enable :read_project_snippet
- enable :update_project_snippet
- enable :admin_project_snippet
+ enable :read_snippet
+ enable :update_snippet
+ enable :admin_snippet
end
- rule { ~can?(:read_project_snippet) }.prevent :create_note
-
- # Aliasing the ability to ease GraphQL permissions check
- rule { can?(:read_project_snippet) }.enable :read_snippet
+ rule { ~can?(:read_snippet) }.prevent :create_note
end
ProjectSnippetPolicy.prepend_if_ee('EE::ProjectSnippetPolicy')
diff --git a/app/services/snippets/destroy_service.rb b/app/services/snippets/destroy_service.rb
index f253817d94f..c1e87e74aa4 100644
--- a/app/services/snippets/destroy_service.rb
+++ b/app/services/snippets/destroy_service.rb
@@ -36,9 +36,7 @@ module Snippets
attr_reader :snippet
def user_can_delete_snippet?
- return can?(current_user, :admin_project_snippet, snippet) if project
-
- can?(current_user, :admin_personal_snippet, snippet)
+ can?(current_user, :admin_snippet, snippet)
end
def service_response_error(message, http_status)
diff --git a/app/views/admin/application_settings/_account_and_limit.html.haml b/app/views/admin/application_settings/_account_and_limit.html.haml
index 80a53dba2aa..4ab0ec90735 100644
--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -22,7 +22,7 @@
.form-group
= f.label :session_expire_delay, _('Session duration (minutes)'), class: 'label-light'
= f.number_field :session_expire_delay, class: 'form-control'
- %span.form-text.text-muted#session_expire_delay_help_block= _('GitLab restart is required to apply changes')
+ %span.form-text.text-muted#session_expire_delay_help_block= _('GitLab restart is required to apply changes.')
= render_if_exists 'admin/application_settings/personal_access_token_expiration_policy', form: f
diff --git a/app/views/dashboard/_snippets_head.html.haml b/app/views/dashboard/_snippets_head.html.haml
index 4958cdc3745..d2fb4a3cd43 100644
--- a/app/views/dashboard/_snippets_head.html.haml
+++ b/app/views/dashboard/_snippets_head.html.haml
@@ -3,7 +3,7 @@
- if current_user && current_user.snippets.any? || @snippets.any?
.page-title-controls
- - if can?(current_user, :create_personal_snippet)
+ - if can?(current_user, :create_snippet)
= link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet")
.top-area
diff --git a/app/views/dashboard/snippets/index.html.haml b/app/views/dashboard/snippets/index.html.haml
index 44a9270971a..69155b6c04d 100644
--- a/app/views/dashboard/snippets/index.html.haml
+++ b/app/views/dashboard/snippets/index.html.haml
@@ -1,7 +1,7 @@
- @hide_top_links = true
- page_title "Snippets"
- header_title "Snippets", dashboard_snippets_path
-- button_path = new_snippet_path if can?(current_user, :create_personal_snippet)
+- button_path = new_snippet_path if can?(current_user, :create_snippet)
= render 'dashboard/snippets_head'
- if current_user.snippets.exists?
diff --git a/app/views/explore/projects/page_out_of_bounds.html.haml b/app/views/explore/projects/page_out_of_bounds.html.haml
new file mode 100644
index 00000000000..57114dd0752
--- /dev/null
+++ b/app/views/explore/projects/page_out_of_bounds.html.haml
@@ -0,0 +1,21 @@
+- @hide_top_links = true
+- page_title _("Projects")
+- header_title _("Projects"), dashboard_projects_path
+
+= render_dashboard_gold_trial(current_user)
+
+- if current_user
+ = render 'dashboard/projects_head', project_tab_filter: :explore
+- else
+ = render 'explore/head'
+
+= render 'explore/projects/nav' unless Feature.enabled?(:project_list_filter_bar) && current_user
+
+.nothing-here-block
+ .svg-content
+ = image_tag 'illustrations/profile-page/personal-project.svg', size: '75'
+ .text-content
+ %h5= _("Maximum page reached")
+ %p= _("Sorry, you have exceeded the maximum browsable page number. Please use the API to explore further.")
+
+ = link_to _("Back to page %{number}") % { number: @max_page_number }, request.params.merge(page: @max_page_number), class: 'btn btn-inverted'
diff --git a/app/views/layouts/header/_new_dropdown.haml b/app/views/layouts/header/_new_dropdown.haml
index 30109621515..3cbfb24a868 100644
--- a/app/views/layouts/header/_new_dropdown.haml
+++ b/app/views/layouts/header/_new_dropdown.haml
@@ -21,7 +21,7 @@
- if @project&.persisted?
- create_project_issue = show_new_issue_link?(@project)
- merge_project = merge_request_source_project_for_project(@project)
- - create_project_snippet = can?(current_user, :create_project_snippet, @project)
+ - create_project_snippet = can?(current_user, :create_snippet, @project)
- if create_project_issue || merge_project || create_project_snippet
%li.dropdown-bold-header
@@ -38,5 +38,5 @@
%li= link_to _('New project'), new_project_path, class: 'qa-global-new-project-link'
- if current_user.can_create_group?
%li= link_to _('New group'), new_group_path
- - if current_user.can?(:create_personal_snippet)
+ - if current_user.can?(:create_snippet)
%li= link_to _('New snippet'), new_snippet_path, class: 'qa-global-new-snippet-link'
diff --git a/app/views/notify/note_project_snippet_email.html.haml b/app/views/notify/note_project_snippet_email.html.haml
deleted file mode 100644
index 5e69f01a486..00000000000
--- a/app/views/notify/note_project_snippet_email.html.haml
+++ /dev/null
@@ -1 +0,0 @@
-= render 'note_email'
diff --git a/app/views/notify/note_project_snippet_email.text.erb b/app/views/notify/note_project_snippet_email.text.erb
deleted file mode 100644
index 413d9e6e9ac..00000000000
--- a/app/views/notify/note_project_snippet_email.text.erb
+++ /dev/null
@@ -1 +0,0 @@
-<%= render 'note_email' %>
diff --git a/app/views/notify/note_personal_snippet_email.html.haml b/app/views/notify/note_snippet_email.html.haml
index 5e69f01a486..5e69f01a486 100644
--- a/app/views/notify/note_personal_snippet_email.html.haml
+++ b/app/views/notify/note_snippet_email.html.haml
diff --git a/app/views/notify/note_personal_snippet_email.text.erb b/app/views/notify/note_snippet_email.text.erb
index 413d9e6e9ac..413d9e6e9ac 100644
--- a/app/views/notify/note_personal_snippet_email.text.erb
+++ b/app/views/notify/note_snippet_email.text.erb
diff --git a/app/views/projects/buttons/_dropdown.html.haml b/app/views/projects/buttons/_dropdown.html.haml
index f1a7528065a..33465953086 100644
--- a/app/views/projects/buttons/_dropdown.html.haml
+++ b/app/views/projects/buttons/_dropdown.html.haml
@@ -1,5 +1,5 @@
- can_create_issue = show_new_issue_link?(@project)
-- can_create_project_snippet = can?(current_user, :create_project_snippet, @project)
+- can_create_project_snippet = can?(current_user, :create_snippet, @project)
- can_push_code = can?(current_user, :push_code, @project)
- create_mr_from_new_fork = can?(current_user, :fork_project, @project) && can?(current_user, :create_merge_request_in, @project)
- merge_project = merge_request_source_project_for_project(@project)
diff --git a/app/views/projects/snippets/_actions.html.haml b/app/views/projects/snippets/_actions.html.haml
index 29bad50579c..41c9bac0102 100644
--- a/app/views/projects/snippets/_actions.html.haml
+++ b/app/views/projects/snippets/_actions.html.haml
@@ -1,33 +1,33 @@
- return unless current_user
.d-none.d-sm-block
- - if can?(current_user, :update_project_snippet, @snippet)
+ - if can?(current_user, :update_snippet, @snippet)
= link_to edit_project_snippet_path(@project, @snippet), class: "btn btn-grouped" do
= _('Edit')
- - if can?(current_user, :admin_project_snippet, @snippet)
+ - if can?(current_user, :admin_snippet, @snippet)
= link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do
= _('Delete')
- - if can?(current_user, :create_project_snippet, @project)
+ - if can?(current_user, :create_snippet, @project)
= link_to new_project_snippet_path(@project), class: 'btn btn-grouped btn-inverted btn-success', title: _("New snippet") do
= _('New snippet')
- if @snippet.submittable_as_spam_by?(current_user)
= link_to _('Submit as spam'), mark_as_spam_project_snippet_path(@project, @snippet), method: :post, class: 'btn btn-grouped btn-spam', title: _('Submit as spam')
-- if can?(current_user, :create_project_snippet, @project) || can?(current_user, :update_project_snippet, @snippet)
+- if can?(current_user, :create_snippet, @project) || can?(current_user, :update_snippet, @snippet)
.d-block.d-sm-none.dropdown
%button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } }
= _('Options')
= icon('caret-down')
.dropdown-menu.dropdown-menu-full-width
%ul
- - if can?(current_user, :create_project_snippet, @project)
+ - if can?(current_user, :create_snippet, @project)
%li
= link_to new_project_snippet_path(@project), title: _("New snippet") do
= _('New snippet')
- - if can?(current_user, :admin_project_snippet, @snippet)
+ - if can?(current_user, :admin_snippet, @snippet)
%li
= link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do
= _('Delete')
- - if can?(current_user, :update_project_snippet, @snippet)
+ - if can?(current_user, :update_snippet, @snippet)
%li
= link_to edit_project_snippet_path(@project, @snippet) do
= _('Edit')
diff --git a/app/views/projects/snippets/index.html.haml b/app/views/projects/snippets/index.html.haml
index 0ce18d83d57..65462647419 100644
--- a/app/views/projects/snippets/index.html.haml
+++ b/app/views/projects/snippets/index.html.haml
@@ -6,7 +6,7 @@
- include_private = @project.team.member?(current_user) || current_user.admin?
= render partial: 'snippets/snippets_scope_menu', locals: { subject: @project, include_private: include_private }
- - if can?(current_user, :create_project_snippet, @project)
+ - if can?(current_user, :create_snippet, @project)
.nav-controls
= link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet")
diff --git a/app/views/snippets/_actions.html.haml b/app/views/snippets/_actions.html.haml
index 5ee12a2f22a..979821a3846 100644
--- a/app/views/snippets/_actions.html.haml
+++ b/app/views/snippets/_actions.html.haml
@@ -1,13 +1,13 @@
- return unless current_user
.d-none.d-sm-block
- - if can?(current_user, :update_personal_snippet, @snippet)
+ - if can?(current_user, :update_snippet, @snippet)
= link_to edit_snippet_path(@snippet), class: "btn btn-grouped" do
= _("Edit")
- - if can?(current_user, :admin_personal_snippet, @snippet)
+ - if can?(current_user, :admin_snippet, @snippet)
= link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do
= _("Delete")
- - if can?(current_user, :create_personal_snippet)
+ - if can?(current_user, :create_snippet)
= link_to new_snippet_path, class: "btn btn-grouped btn-success btn-inverted", title: _("New snippet") do
= _("New snippet")
- if @snippet.submittable_as_spam_by?(current_user)
@@ -18,15 +18,15 @@
= icon('caret-down')
.dropdown-menu.dropdown-menu-full-width
%ul
- - if can?(current_user, :create_personal_snippet)
+ - if can?(current_user, :create_snippet)
%li
= link_to new_snippet_path, title: _("New snippet") do
= _("New snippet")
- - if can?(current_user, :admin_personal_snippet, @snippet)
+ - if can?(current_user, :admin_snippet, @snippet)
%li
= link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do
= _("Delete")
- - if can?(current_user, :update_personal_snippet, @snippet)
+ - if can?(current_user, :update_snippet, @snippet)
%li
= link_to edit_snippet_path(@snippet) do
= _("Edit")
diff --git a/app/views/snippets/_snippets.html.haml b/app/views/snippets/_snippets.html.haml
index 69b19c0def9..1d22575803b 100644
--- a/app/views/snippets/_snippets.html.haml
+++ b/app/views/snippets/_snippets.html.haml
@@ -3,7 +3,7 @@
- current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.')
- current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.')
- primary_button_label = _('New snippet')
-- primary_button_link = new_snippet_path if can?(current_user, :create_personal_snippet)
+- primary_button_link = new_snippet_path if can?(current_user, :create_snippet)
- visitor_empty_message = s_('UserProfile|No snippets found.')
.snippets-list-holder