diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-28 21:09:35 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-28 21:09:35 +0000 |
commit | 646f753b0bce6cefdebd59e68df624c8f9bef584 (patch) | |
tree | 48aa667e62e84d097fc30cec5df5a0cff72078ef /app | |
parent | 891529770382ed0591209570567f17605524ef39 (diff) | |
download | gitlab-ce-646f753b0bce6cefdebd59e68df624c8f9bef584.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/helpers/application_settings_helper.rb | 3 | ||||
-rw-r--r-- | app/models/application_setting.rb | 4 | ||||
-rw-r--r-- | app/models/application_setting_implementation.rb | 3 | ||||
-rw-r--r-- | app/policies/issuable_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/issue_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/note_policy.rb | 10 | ||||
-rw-r--r-- | app/policies/todo_policy.rb | 10 | ||||
-rw-r--r-- | app/serializers/issue_entity.rb | 2 | ||||
-rw-r--r-- | app/services/notes/build_service.rb | 2 |
9 files changed, 22 insertions, 16 deletions
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index 2b2ac262848..914120684d3 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -447,7 +447,8 @@ module ApplicationSettingsHelper :pipeline_limit_per_project_user_sha, :invitation_flow_enforcement, :can_create_group, - :bulk_import_enabled + :bulk_import_enabled, + :allow_runner_registration_token ].tap do |settings| next if Gitlab.com? diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 3fb1f58f3e0..fb62271e19b 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -694,6 +694,10 @@ class ApplicationSetting < ApplicationRecord allow_nil: false, inclusion: { in: [true, false], message: N_('must be a boolean value') } + validates :allow_runner_registration_token, + allow_nil: false, + inclusion: { in: [true, false], message: N_('must be a boolean value') } + before_validation :ensure_uuid! before_validation :coerce_repository_storages_weighted, if: :repository_storages_weighted_changed? before_validation :normalize_default_branch_name diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index 229c4e68d79..ab035bfab0b 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -245,7 +245,8 @@ module ApplicationSettingImplementation users_get_by_id_limit: 300, users_get_by_id_limit_allowlist: [], can_create_group: true, - bulk_import_enabled: false + bulk_import_enabled: false, + allow_runner_registration_token: true } end diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb index aa07bb7dc5f..fae66498038 100644 --- a/app/policies/issuable_policy.rb +++ b/app/policies/issuable_policy.rb @@ -55,7 +55,7 @@ class IssuablePolicy < BasePolicy enable :read_issuable_participables end - # This rule replicates permissions in NotePolicy#can_read_confidential + # This rule replicates permissions in NotePolicy#can_read_internal_note rule { can?(:reporter_access) | admin }.policy do enable :read_internal_note end diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb index 2bc535adf41..12d83735d22 100644 --- a/app/policies/issue_policy.rb +++ b/app/policies/issue_policy.rb @@ -83,7 +83,7 @@ class IssuePolicy < IssuablePolicy end rule { can?(:reporter_access) }.policy do - enable :mark_note_as_confidential + enable :mark_note_as_internal end end diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb index 67b57595beb..2118088604b 100644 --- a/app/policies/note_policy.rb +++ b/app/policies/note_policy.rb @@ -18,11 +18,11 @@ class NotePolicy < BasePolicy condition(:is_visible) { @subject.system_note_visible_for?(@user) } - condition(:confidential, scope: :subject) { @subject.confidential? } + condition(:internal, scope: :subject) { @subject.confidential? } # Should be matched with IssuablePolicy#read_internal_note # and EpicPolicy#read_internal_note - condition(:can_read_confidential) do + condition(:can_read_internal_note) do access_level >= Gitlab::Access::REPORTER || admin? end @@ -59,11 +59,11 @@ class NotePolicy < BasePolicy enable :resolve_note end - rule { can_read_confidential }.policy do - enable :mark_note_as_confidential + rule { can_read_internal_note }.policy do + enable :mark_note_as_internal end - rule { confidential & ~can_read_confidential }.policy do + rule { internal & ~can_read_internal_note }.policy do prevent :read_note prevent :admin_note prevent :resolve_note diff --git a/app/policies/todo_policy.rb b/app/policies/todo_policy.rb index d63eb9407f8..3b4be29664f 100644 --- a/app/policies/todo_policy.rb +++ b/app/policies/todo_policy.rb @@ -11,18 +11,18 @@ class TodoPolicy < BasePolicy @user && @subject.target&.readable_by?(@user) end - desc "Todo has confidential note" - condition(:has_confidential_note, scope: :subject) { @subject&.note&.confidential? } + desc "Todo has internal note" + condition(:has_internal_note, scope: :subject) { @subject&.note&.confidential? } - desc "User can read the todo's confidential note" - condition(:can_read_todo_confidential_note) do + desc "User can read the todo's internal note" + condition(:can_read_todo_internal_note) do @user && @user.can?(:read_internal_note, @subject.target) end rule { own_todo & can_read_target }.enable :read_todo rule { can?(:read_todo) }.enable :update_todo - rule { has_confidential_note & ~can_read_todo_confidential_note }.policy do + rule { has_internal_note & ~can_read_todo_internal_note }.policy do prevent :read_todo prevent :update_todo end diff --git a/app/serializers/issue_entity.rb b/app/serializers/issue_entity.rb index 397f333008c..a38f345f617 100644 --- a/app/serializers/issue_entity.rb +++ b/app/serializers/issue_entity.rb @@ -48,7 +48,7 @@ class IssueEntity < IssuableEntity end expose :can_create_confidential_note do |issue| - can?(request.current_user, :mark_note_as_confidential, issue) + can?(request.current_user, :mark_note_as_internal, issue) end expose :can_update do |issue| diff --git a/app/services/notes/build_service.rb b/app/services/notes/build_service.rb index cc5c81cf280..e6766273441 100644 --- a/app/services/notes/build_service.rb +++ b/app/services/notes/build_service.rb @@ -35,7 +35,7 @@ module Notes note.author = current_user parent_confidential = discussion&.confidential? - can_set_confidential = can?(current_user, :mark_note_as_confidential, note) + can_set_confidential = can?(current_user, :mark_note_as_internal, note) return discussion_not_found if parent_confidential && !can_set_confidential |