diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-28 21:20:15 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-28 21:20:15 +0000 |
commit | 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (patch) | |
tree | ca89437d4725caeb4e27682522061d3bab7e05b0 /lib/api | |
parent | f4a969f7f495978a7e656c69c929c9fdac111cff (diff) | |
download | gitlab-ce-92d5172ad42ebc62eb78cac21b1e236ad6ace580.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/badges.rb | 7 | ||||
-rw-r--r-- | lib/api/conan_packages.rb | 10 | ||||
-rw-r--r-- | lib/api/helpers/badges_helpers.rb | 8 | ||||
-rw-r--r-- | lib/api/helpers/packages/conan/api_helpers.rb | 8 | ||||
-rw-r--r-- | lib/api/helpers/packages_manager_clients_helpers.rb | 2 |
5 files changed, 20 insertions, 15 deletions
diff --git a/lib/api/badges.rb b/lib/api/badges.rb index f6cd3f83ff3..f9728ffc446 100644 --- a/lib/api/badges.rb +++ b/lib/api/badges.rb @@ -109,9 +109,10 @@ module API end put ":id/badges/:badge_id" do source = find_source_if_admin(source_type) + badge = find_badge(source) badge = ::Badges::UpdateService.new(declared_params(include_missing: false)) - .execute(find_badge(source)) + .execute(badge) if badge.valid? present_badges(source, badge) @@ -130,10 +131,6 @@ module API source = find_source_if_admin(source_type) badge = find_badge(source) - if badge.is_a?(GroupBadge) && source.is_a?(Project) - error!('To delete a Group badge please use the Group endpoint', 403) - end - destroy_conditionally!(badge) end end diff --git a/lib/api/conan_packages.rb b/lib/api/conan_packages.rb index 6923d252fbd..7f2afea9931 100644 --- a/lib/api/conan_packages.rb +++ b/lib/api/conan_packages.rb @@ -26,6 +26,8 @@ module API PACKAGE_COMPONENT_REGEX = Gitlab::Regex.conan_recipe_component_regex CONAN_REVISION_REGEX = Gitlab::Regex.conan_revision_regex + CONAN_FILES = (Gitlab::Regex::Packages::CONAN_RECIPE_FILES + Gitlab::Regex::Packages::CONAN_PACKAGE_FILES).freeze + before do require_packages_enabled! @@ -259,7 +261,7 @@ module API end params do - requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.conan_file_name_regex + requires :file_name, type: String, desc: 'Package file name', values: CONAN_FILES end namespace 'export/:file_name', requirements: FILE_NAME_REQUIREMENTS do desc 'Download recipe files' do @@ -277,7 +279,7 @@ module API end params do - use :workhorse_upload_params + requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)' end route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true @@ -300,7 +302,7 @@ module API params do requires :conan_package_reference, type: String, desc: 'Conan Package ID' requires :package_revision, type: String, desc: 'Conan Package Revision' - requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.conan_file_name_regex + requires :file_name, type: String, desc: 'Package file name', values: CONAN_FILES end namespace 'package/:conan_package_reference/:package_revision/:file_name', requirements: FILE_NAME_REQUIREMENTS do desc 'Download package files' do @@ -328,7 +330,7 @@ module API end params do - use :workhorse_upload_params + requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)' end route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true diff --git a/lib/api/helpers/badges_helpers.rb b/lib/api/helpers/badges_helpers.rb index 46ce5b4e7b5..f402c603c87 100644 --- a/lib/api/helpers/badges_helpers.rb +++ b/lib/api/helpers/badges_helpers.rb @@ -6,7 +6,13 @@ module API include ::API::Helpers::MembersHelpers def find_badge(source) - source.badges.find(params[:badge_id]) + badge_id = params[:badge_id] + + if source.is_a?(Project) + source.project_badges.find(badge_id) + else + source.badges.find(badge_id) + end end def present_badges(source, records, options = {}) diff --git a/lib/api/helpers/packages/conan/api_helpers.rb b/lib/api/helpers/packages/conan/api_helpers.rb index a5fde1af41e..c9c2f66ef62 100644 --- a/lib/api/helpers/packages/conan/api_helpers.rb +++ b/lib/api/helpers/packages/conan/api_helpers.rb @@ -133,7 +133,7 @@ module API end def track_push_package_event - if params[:file_name] == ::Packages::Conan::FileMetadatum::PACKAGE_BINARY && params['file.size'] > 0 + if params[:file_name] == ::Packages::Conan::FileMetadatum::PACKAGE_BINARY && params[:file].size > 0 # rubocop: disable Style/ZeroLengthPredicate track_event('push_package') end end @@ -147,9 +147,9 @@ module API end def create_package_file_with_type(file_type, current_package) - unless params['file.size'] == 0 + unless params[:file].size == 0 # rubocop: disable Style/ZeroLengthPredicate # conan sends two upload requests, the first has no file, so we skip record creation if file.size == 0 - ::Packages::Conan::CreatePackageFileService.new(current_package, uploaded_package_file, params.merge(conan_file_type: file_type)).execute + ::Packages::Conan::CreatePackageFileService.new(current_package, params[:file], params.merge(conan_file_type: file_type)).execute end end @@ -220,7 +220,7 @@ module API return unless token - ::Ci::Build.find_by_token(token.access_token_id.to_s) + ::Ci::AuthJobFinder.new(token: token.access_token_id.to_s).execute end def decode_oauth_token_from_jwt diff --git a/lib/api/helpers/packages_manager_clients_helpers.rb b/lib/api/helpers/packages_manager_clients_helpers.rb index ae16b65aaa8..955d21cb44f 100644 --- a/lib/api/helpers/packages_manager_clients_helpers.rb +++ b/lib/api/helpers/packages_manager_clients_helpers.rb @@ -23,7 +23,7 @@ module API return unless token - ::Ci::Build.find_by_token(token) + ::Ci::AuthJobFinder.new(token: token).execute end def find_deploy_token_from_http_basic_auth |