Add latest changes from gitlab-org/gitlab@12-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-15 15:42:17 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-15 15:42:17 +0000
commit: 44fdf983bd35328dd577d3d3650d14163ef3e2b6 (patch)
tree: 84ff300d056cfbabb5a0fe2a9cbaa80aaeab1cc5 /lib
parent: bc9fa07b26184b5c94808f704db6ea1ac81bf4de (diff)
download: gitlab-ce-44fdf983bd35328dd577d3d3650d14163ef3e2b6.tar.gz
7 files changed, 89 insertions, 30 deletions
diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb
new file mode 100644
index 00000000000..5a531b5324a
--- /dev/null
+++ b/lib/api/helpers/rate_limiter.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module RateLimiter
+      def check_rate_limit!(key, scope)
+        if rate_limiter.throttled?(key, scope: scope)
+          log_request(key)
+          render_exceeded_limit_error!
+        end
+      end
+
+      private
+
+      def rate_limiter
+        ::Gitlab::ApplicationRateLimiter
+      end
+
+      def render_exceeded_limit_error!
+        render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+      end
+
+      def log_request(key)
+        rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+      end
+    end
+  end
+end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index a78202877fb..f27afd0055f 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -4,6 +4,7 @@ module API
   class Issues < Grape::API
     include PaginationParams
     helpers Helpers::IssuesHelpers
+    helpers Helpers::RateLimiter
     helpers ::Gitlab::IssuableMetadata
 
     before { authenticate_non_get! }
@@ -211,6 +212,8 @@ module API
       post ':id/issues' do
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42320')
 
+        check_rate_limit! :issues_create, [current_user, :issues_create]
+
         authorize! :create_issue, user_project
 
         params.delete(:created_at) unless current_user.can?(:set_issue_created_at, user_project)
diff --git a/lib/api/project_export.rb b/lib/api/project_export.rb
index ef6a8f1a396..9fd9d13a20c 100644
--- a/lib/api/project_export.rb
+++ b/lib/api/project_export.rb
@@ -2,15 +2,8 @@
 
 module API
   class ProjectExport < Grape::API
-    helpers do
-      def throttled?(action)
-        rate_limiter.throttled?(action, scope: [current_user, action, user_project])
-      end
+    helpers Helpers::RateLimiter
 
-      def rate_limiter
-        ::Gitlab::ApplicationRateLimiter
-      end
-    end
     before do
       not_found! unless Gitlab::CurrentSettings.project_export_enabled?
       authorize_admin_project
@@ -32,9 +25,7 @@ module API
         detail 'This feature was introduced in GitLab 10.6.'
       end
       get ':id/export/download' do
-        if throttled?(:project_download_export)
-          render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
-        end
+        check_rate_limit! :project_download_export, [current_user, :project_download_export, user_project]
 
         if user_project.export_file_exists?
           present_carrierwave_file!(user_project.export_file)
@@ -54,9 +45,7 @@ module API
         end
       end
       post ':id/export' do
-        if throttled?(:project_export)
-          render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
-        end
+        check_rate_limit! :project_export, [current_user, :project_export, user_project]
 
         project_export_params = declared_params(include_missing: false)
         after_export_params = project_export_params.delete(:upload) || {}
diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index ffa9dd13754..0e83686cab2 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -8,19 +8,12 @@ module API
 
     helpers Helpers::ProjectsHelpers
     helpers Helpers::FileUploadHelpers
+    helpers Helpers::RateLimiter
 
     helpers do
       def import_params
         declared_params(include_missing: false)
       end
-
-      def throttled?(key, scope)
-        rate_limiter.throttled?(key, scope: scope)
-      end
-
-      def rate_limiter
-        ::Gitlab::ApplicationRateLimiter
-      end
     end
 
     before do
@@ -69,13 +62,7 @@ module API
       post 'import' do
         require_gitlab_workhorse!
 
-        key = "project_import".to_sym
-
-        if throttled?(key, [current_user, key])
-          rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
-          render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
-        end
+        check_rate_limit! :project_import, [current_user, :project_import]
 
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')
 
diff --git a/lib/constraints/admin_constrainer.rb b/lib/constraints/admin_constrainer.rb
new file mode 100644
index 00000000000..59c855a1b73
--- /dev/null
+++ b/lib/constraints/admin_constrainer.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Constraints
+  class AdminConstrainer
+    def matches?(request)
+      if Feature.enabled?(:user_mode_in_session)
+        admin_mode_enabled?(request)
+      else
+        user_is_admin?(request)
+      end
+    end
+
+    private
+
+    def user_is_admin?(request)
+      request.env['warden'].authenticate? && request.env['warden'].user.admin?
+    end
+
+    def admin_mode_enabled?(request)
+      Gitlab::Session.with_session(request.session) do
+        request.env['warden'].authenticate? && Gitlab::Auth::CurrentUserMode.new(request.env['warden'].user).admin_mode?
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb
new file mode 100644
index 00000000000..9b9ef70424a
--- /dev/null
+++ b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # Class that will insert record into project_push_rules
+    # for each existing push_rule
+    class BackfillPushRulesIdInProjects
+      # Temporary AR table for push rules
+      class ProjectSetting < ActiveRecord::Base
+        self.table_name = 'project_settings'
+      end
+
+      def perform(start_id, stop_id)
+        ProjectSetting.connection.execute(<<~SQL)
+          UPDATE project_settings ps1
+          SET push_rule_id = pr.id
+          FROM project_settings ps2
+          INNER JOIN push_rules pr
+          ON ps2.project_id = pr.project_id
+          WHERE pr.is_sample = false
+          AND pr.id BETWEEN #{start_id} AND #{stop_id}
+          AND ps1.project_id = ps2.project_id
+        SQL
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/import_export/group/tree_saver.rb b/lib/gitlab/import_export/group/legacy_tree_saver.rb
index fd1eb329ad2..3776ef0d8f5 100644
--- a/lib/gitlab/import_export/group/tree_saver.rb
+++ b/lib/gitlab/import_export/group/legacy_tree_saver.rb
@@ -3,7 +3,7 @@
 module Gitlab
   module ImportExport
     module Group
-      class TreeSaver
+      class LegacyTreeSaver
         attr_reader :full_path, :shared
 
         def initialize(group:, current_user:, shared:, params: {})
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-15 15:42:17 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-15 15:42:17 +0000
commit	44fdf983bd35328dd577d3d3650d14163ef3e2b6 (patch)
tree	84ff300d056cfbabb5a0fe2a9cbaa80aaeab1cc5 /lib
parent	bc9fa07b26184b5c94808f704db6ea1ac81bf4de (diff)
download	gitlab-ce-44fdf983bd35328dd577d3d3650d14163ef3e2b6.tar.gz