summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-04-15 15:42:17 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-04-15 15:42:17 +0000
commit44fdf983bd35328dd577d3d3650d14163ef3e2b6 (patch)
tree84ff300d056cfbabb5a0fe2a9cbaa80aaeab1cc5 /lib
parentbc9fa07b26184b5c94808f704db6ea1ac81bf4de (diff)
downloadgitlab-ce-44fdf983bd35328dd577d3d3650d14163ef3e2b6.tar.gz
Add latest changes from gitlab-org/gitlab@12-10-stable-ee
Diffstat (limited to 'lib')
-rw-r--r--lib/api/helpers/rate_limiter.rb28
-rw-r--r--lib/api/issues.rb3
-rw-r--r--lib/api/project_export.rb17
-rw-r--r--lib/api/project_import.rb17
-rw-r--r--lib/constraints/admin_constrainer.rb25
-rw-r--r--lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb27
-rw-r--r--lib/gitlab/import_export/group/legacy_tree_saver.rb (renamed from lib/gitlab/import_export/group/tree_saver.rb)2
7 files changed, 89 insertions, 30 deletions
diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb
new file mode 100644
index 00000000000..5a531b5324a
--- /dev/null
+++ b/lib/api/helpers/rate_limiter.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module API
+ module Helpers
+ module RateLimiter
+ def check_rate_limit!(key, scope)
+ if rate_limiter.throttled?(key, scope: scope)
+ log_request(key)
+ render_exceeded_limit_error!
+ end
+ end
+
+ private
+
+ def rate_limiter
+ ::Gitlab::ApplicationRateLimiter
+ end
+
+ def render_exceeded_limit_error!
+ render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+ end
+
+ def log_request(key)
+ rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+ end
+ end
+ end
+end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index a78202877fb..f27afd0055f 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -4,6 +4,7 @@ module API
class Issues < Grape::API
include PaginationParams
helpers Helpers::IssuesHelpers
+ helpers Helpers::RateLimiter
helpers ::Gitlab::IssuableMetadata
before { authenticate_non_get! }
@@ -211,6 +212,8 @@ module API
post ':id/issues' do
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42320')
+ check_rate_limit! :issues_create, [current_user, :issues_create]
+
authorize! :create_issue, user_project
params.delete(:created_at) unless current_user.can?(:set_issue_created_at, user_project)
diff --git a/lib/api/project_export.rb b/lib/api/project_export.rb
index ef6a8f1a396..9fd9d13a20c 100644
--- a/lib/api/project_export.rb
+++ b/lib/api/project_export.rb
@@ -2,15 +2,8 @@
module API
class ProjectExport < Grape::API
- helpers do
- def throttled?(action)
- rate_limiter.throttled?(action, scope: [current_user, action, user_project])
- end
+ helpers Helpers::RateLimiter
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
- end
before do
not_found! unless Gitlab::CurrentSettings.project_export_enabled?
authorize_admin_project
@@ -32,9 +25,7 @@ module API
detail 'This feature was introduced in GitLab 10.6.'
end
get ':id/export/download' do
- if throttled?(:project_download_export)
- render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
- end
+ check_rate_limit! :project_download_export, [current_user, :project_download_export, user_project]
if user_project.export_file_exists?
present_carrierwave_file!(user_project.export_file)
@@ -54,9 +45,7 @@ module API
end
end
post ':id/export' do
- if throttled?(:project_export)
- render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
- end
+ check_rate_limit! :project_export, [current_user, :project_export, user_project]
project_export_params = declared_params(include_missing: false)
after_export_params = project_export_params.delete(:upload) || {}
diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index ffa9dd13754..0e83686cab2 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -8,19 +8,12 @@ module API
helpers Helpers::ProjectsHelpers
helpers Helpers::FileUploadHelpers
+ helpers Helpers::RateLimiter
helpers do
def import_params
declared_params(include_missing: false)
end
-
- def throttled?(key, scope)
- rate_limiter.throttled?(key, scope: scope)
- end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
end
before do
@@ -69,13 +62,7 @@ module API
post 'import' do
require_gitlab_workhorse!
- key = "project_import".to_sym
-
- if throttled?(key, [current_user, key])
- rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
- render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
- end
+ check_rate_limit! :project_import, [current_user, :project_import]
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')
diff --git a/lib/constraints/admin_constrainer.rb b/lib/constraints/admin_constrainer.rb
new file mode 100644
index 00000000000..59c855a1b73
--- /dev/null
+++ b/lib/constraints/admin_constrainer.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Constraints
+ class AdminConstrainer
+ def matches?(request)
+ if Feature.enabled?(:user_mode_in_session)
+ admin_mode_enabled?(request)
+ else
+ user_is_admin?(request)
+ end
+ end
+
+ private
+
+ def user_is_admin?(request)
+ request.env['warden'].authenticate? && request.env['warden'].user.admin?
+ end
+
+ def admin_mode_enabled?(request)
+ Gitlab::Session.with_session(request.session) do
+ request.env['warden'].authenticate? && Gitlab::Auth::CurrentUserMode.new(request.env['warden'].user).admin_mode?
+ end
+ end
+ end
+end
diff --git a/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb
new file mode 100644
index 00000000000..9b9ef70424a
--- /dev/null
+++ b/lib/gitlab/background_migration/backfill_push_rules_id_in_projects.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Gitlab
+ module BackgroundMigration
+ # Class that will insert record into project_push_rules
+ # for each existing push_rule
+ class BackfillPushRulesIdInProjects
+ # Temporary AR table for push rules
+ class ProjectSetting < ActiveRecord::Base
+ self.table_name = 'project_settings'
+ end
+
+ def perform(start_id, stop_id)
+ ProjectSetting.connection.execute(<<~SQL)
+ UPDATE project_settings ps1
+ SET push_rule_id = pr.id
+ FROM project_settings ps2
+ INNER JOIN push_rules pr
+ ON ps2.project_id = pr.project_id
+ WHERE pr.is_sample = false
+ AND pr.id BETWEEN #{start_id} AND #{stop_id}
+ AND ps1.project_id = ps2.project_id
+ SQL
+ end
+ end
+ end
+end
diff --git a/lib/gitlab/import_export/group/tree_saver.rb b/lib/gitlab/import_export/group/legacy_tree_saver.rb
index fd1eb329ad2..3776ef0d8f5 100644
--- a/lib/gitlab/import_export/group/tree_saver.rb
+++ b/lib/gitlab/import_export/group/legacy_tree_saver.rb
@@ -3,7 +3,7 @@
module Gitlab
module ImportExport
module Group
- class TreeSaver
+ class LegacyTreeSaver
attr_reader :full_path, :shared
def initialize(group:, current_user:, shared:, params: {})