diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-01 03:09:55 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-01 03:09:55 +0000 |
commit | 4ed4dc08a806773e5dc326fc0c18bda6f6ea7af7 (patch) | |
tree | 6b68c951a0fa49efd7bab988fd740012cbe5443b /lib | |
parent | 186e045e14c941ac0b8490a0ff92694b186990ad (diff) | |
download | gitlab-ce-4ed4dc08a806773e5dc326fc0c18bda6f6ea7af7.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/search.rb | 10 | ||||
-rw-r--r-- | lib/gitlab/git_access_snippet.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/search_results.rb | 22 |
3 files changed, 25 insertions, 15 deletions
diff --git a/lib/api/search.rb b/lib/api/search.rb index b9c6a823f4f..8b6569dd57d 100644 --- a/lib/api/search.rb +++ b/lib/api/search.rb @@ -62,12 +62,6 @@ module API # Defining this method here as a noop allows us to easily extend it in # EE, without having to modify this file directly. end - - def check_users_search_allowed! - if params[:scope].to_sym == :users && Feature.disabled?(:users_search, default_enabled: true) - render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400) - end - end end resource :search do @@ -85,7 +79,6 @@ module API end get do verify_search_scope!(resource: nil) - check_users_search_allowed! present search, with: entity end @@ -107,7 +100,6 @@ module API end get ':id/(-/)search' do verify_search_scope!(resource: user_group) - check_users_search_allowed! present search(group_id: user_group.id), with: entity end @@ -129,8 +121,6 @@ module API use :pagination end get ':id/(-/)search' do - check_users_search_allowed! - present search({ project_id: user_project.id, repository_ref: params[:ref] }), with: entity end end diff --git a/lib/gitlab/git_access_snippet.rb b/lib/gitlab/git_access_snippet.rb index ae83e45f2b3..b4ccca9df07 100644 --- a/lib/gitlab/git_access_snippet.rb +++ b/lib/gitlab/git_access_snippet.rb @@ -60,13 +60,17 @@ module Gitlab def check_valid_actor! # TODO: Investigate if expanding actor/authentication types are needed. # https://gitlab.com/gitlab-org/gitlab/issues/202190 - if actor && !actor.is_a?(User) && !actor.instance_of?(Key) + if actor && !allowed_actor? raise ForbiddenError, ERROR_MESSAGES[:authentication_mechanism] end super end + def allowed_actor? + actor.is_a?(User) || actor.instance_of?(Key) + end + def project_snippet? snippet.is_a?(ProjectSnippet) end @@ -138,3 +142,5 @@ module Gitlab end end end + +Gitlab::GitAccessSnippet.prepend_if_ee('EE::Gitlab::GitAccessSnippet') diff --git a/lib/gitlab/search_results.rb b/lib/gitlab/search_results.rb index 3500af51373..1e78464ddf8 100644 --- a/lib/gitlab/search_results.rb +++ b/lib/gitlab/search_results.rb @@ -7,7 +7,7 @@ module Gitlab DEFAULT_PAGE = 1 DEFAULT_PER_PAGE = 20 - attr_reader :current_user, :query, :filters + attr_reader :current_user, :query, :sort, :filters # Limit search results by passed projects # It allows us to search only for projects user has access to @@ -19,11 +19,12 @@ module Gitlab # query attr_reader :default_project_filter - def initialize(current_user, query, limit_projects = nil, default_project_filter: false, filters: {}) + def initialize(current_user, query, limit_projects = nil, sort: nil, default_project_filter: false, filters: {}) @current_user = current_user @query = query @limit_projects = limit_projects || Project.all @default_project_filter = default_project_filter + @sort = sort @filters = filters end @@ -124,6 +125,19 @@ module Gitlab end end + # rubocop: disable CodeReuse/ActiveRecord + def apply_sort(scope) + case sort + when 'oldest' + scope.reorder('created_at ASC') + when 'newest' + scope.reorder('created_at DESC') + else + scope + end + end + # rubocop: enable CodeReuse/ActiveRecord + def projects limit_projects.search(query) end @@ -135,7 +149,7 @@ module Gitlab issues = issues.where(project_id: project_ids_relation) # rubocop: disable CodeReuse/ActiveRecord end - issues + apply_sort(issues) end # rubocop: disable CodeReuse/ActiveRecord @@ -155,7 +169,7 @@ module Gitlab merge_requests = merge_requests.in_projects(project_ids_relation) end - merge_requests + apply_sort(merge_requests) end def default_scope |