diff options
author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-13 14:10:25 +0000 |
---|---|---|
committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-13 14:10:25 +0000 |
commit | ecb58dacd614de66c00c8df673abb96fafa5d452 (patch) | |
tree | 9ed48d7b39bdc67b841b58e33d40e3a4231ab207 /lib | |
parent | 8cf1a6f0a3b58b299e1c63283400c05209270dc2 (diff) | |
parent | 16e1076e6f69626e1d8bf53f52dc67baee9fb51e (diff) | |
download | gitlab-ce-ecb58dacd614de66c00c8df673abb96fafa5d452.tar.gz |
Merge branch 'reference-access-control' into 'master'
Only allow users to reference groups, projects, issues, MRs, commits they have access to.
Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2183.
See merge request !1742
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/closing_issue_extractor.rb | 23 | ||||
-rw-r--r-- | lib/gitlab/markdown.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/reference_extractor.rb | 106 |
3 files changed, 66 insertions, 65 deletions
diff --git a/lib/gitlab/closing_issue_extractor.rb b/lib/gitlab/closing_issue_extractor.rb index a9fd59f03d9..ab184d95c05 100644 --- a/lib/gitlab/closing_issue_extractor.rb +++ b/lib/gitlab/closing_issue_extractor.rb @@ -1,21 +1,20 @@ module Gitlab - module ClosingIssueExtractor + class ClosingIssueExtractor ISSUE_CLOSING_REGEX = Regexp.new(Gitlab.config.gitlab.issue_closing_pattern) - def self.closed_by_message_in_project(message, project) - issues = [] + def initialize(project, current_user = nil) + @extractor = Gitlab::ReferenceExtractor.new(project, current_user) + end - unless message.nil? - md = message.scan(ISSUE_CLOSING_REGEX) + def closed_by_message(message) + return [] if message.nil? + + closing_statements = message.scan(ISSUE_CLOSING_REGEX). + map { |ref| ref[0] }.join(" ") - md.each do |ref| - extractor = Gitlab::ReferenceExtractor.new - extractor.analyze(ref[0], project) - issues += extractor.issues_for(project) - end - end + @extractor.analyze(closing_statements) - issues.uniq + @extractor.issues end end end diff --git a/lib/gitlab/markdown.rb b/lib/gitlab/markdown.rb index f1e2ae74a3a..8073417a16a 100644 --- a/lib/gitlab/markdown.rb +++ b/lib/gitlab/markdown.rb @@ -192,6 +192,7 @@ module Gitlab project_path = $LAST_MATCH_INFO[:project] if project_path actual_project = ::Project.find_with_namespace(project_path) + actual_project = nil unless can?(current_user, :read_project, actual_project) project_prefix = project_path end @@ -251,6 +252,7 @@ module Gitlab elsif namespace = Namespace.find_by(path: identifier) url = if namespace.is_a?(Group) + return nil unless can?(current_user, :read_group, namespace) group_url(identifier, only_path: options[:reference_only_path]) else user_url(identifier, only_path: options[:reference_only_path]) diff --git a/lib/gitlab/reference_extractor.rb b/lib/gitlab/reference_extractor.rb index c0419585c4b..a502a8fe9cd 100644 --- a/lib/gitlab/reference_extractor.rb +++ b/lib/gitlab/reference_extractor.rb @@ -1,94 +1,94 @@ module Gitlab # Extract possible GFM references from an arbitrary String for further processing. class ReferenceExtractor - attr_accessor :users, :labels, :issues, :merge_requests, :snippets, :commits, :commit_ranges + attr_accessor :project, :current_user, :references include ::Gitlab::Markdown - def initialize - @users, @labels, @issues, @merge_requests, @snippets, @commits, @commit_ranges = - [], [], [], [], [], [], [] + def initialize(project, current_user = nil) + @project = project + @current_user = current_user end - def analyze(string, project) - text = string.dup + def can?(user, action, subject) + Ability.abilities.allowed?(user, action, subject) + end + + def analyze(text) + text = text.dup # Remove preformatted/code blocks so that references are not included text.gsub!(%r{<pre>.*?</pre>|<code>.*?</code>}m) { |match| '' } text.gsub!(%r{^```.*?^```}m) { |match| '' } - parse_references(text, project) + @references = Hash.new { |hash, type| hash[type] = [] } + parse_references(text) end # Given a valid project, resolve the extracted identifiers of the requested type to # model objects. - def users_for(project) - users.map do |entry| - project.users.where(username: entry[:id]).first - end.reject(&:nil?) + def users + references[:user].uniq.map do |project, identifier| + if identifier == "all" + project.team.members.flatten + elsif namespace = Namespace.find_by(path: identifier) + if namespace.is_a?(Group) + namespace.users + else + namespace.owner + end + end + end.flatten.compact.uniq end - def labels_for(project = nil) - labels.map do |entry| - project.labels.where(id: entry[:id]).first - end.reject(&:nil?) + def labels + references[:label].uniq.map do |project, identifier| + project.labels.where(id: identifier).first + end.compact.uniq end - def issues_for(project = nil) - issues.map do |entry| - if should_lookup?(project, entry[:project]) - entry[:project].issues.where(iid: entry[:id]).first + def issues + references[:issue].uniq.map do |project, identifier| + if project.default_issues_tracker? + project.issues.where(iid: identifier).first end - end.reject(&:nil?) + end.compact.uniq end - def merge_requests_for(project = nil) - merge_requests.map do |entry| - if should_lookup?(project, entry[:project]) - entry[:project].merge_requests.where(iid: entry[:id]).first - end - end.reject(&:nil?) + def merge_requests + references[:merge_request].uniq.map do |project, identifier| + project.merge_requests.where(iid: identifier).first + end.compact.uniq end - def snippets_for(project) - snippets.map do |entry| - project.snippets.where(id: entry[:id]).first - end.reject(&:nil?) + def snippets + references[:snippet].uniq.map do |project, identifier| + project.snippets.where(id: identifier).first + end.compact.uniq end - def commits_for(project = nil) - commits.map do |entry| - repo = entry[:project].repository if entry[:project] - if should_lookup?(project, entry[:project]) - repo.commit(entry[:id]) if repo - end - end.reject(&:nil?) + def commits + references[:commit].uniq.map do |project, identifier| + repo = project.repository + repo.commit(identifier) if repo + end.compact.uniq end - def commit_ranges_for(project = nil) - commit_ranges.map do |entry| - repo = entry[:project].repository if entry[:project] - if repo && should_lookup?(project, entry[:project]) - from_id, to_id = entry[:id].split(/\.{2,3}/, 2) + def commit_ranges + references[:commit_range].uniq.map do |project, identifier| + repo = project.repository + if repo + from_id, to_id = identifier.split(/\.{2,3}/, 2) [repo.commit(from_id), repo.commit(to_id)] end - end.reject(&:nil?) + end.compact.uniq end private def reference_link(type, identifier, project, _) - # Append identifier to the appropriate collection. - send("#{type}s") << { project: project, id: identifier } - end - - def should_lookup?(project, entry_project) - if entry_project.nil? - false - else - project.nil? || entry_project.default_issues_tracker? - end + references[type] << [project, identifier] end end end |