diff options
| -rw-r--r-- | app/controllers/autocomplete_controller.rb | 16 | ||||
| -rw-r--r-- | app/models/merge_request.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/13979-dashboard-empty-state.yml | 5 | ||||
| -rw-r--r-- | changelogs/unreleased/31830-limit-mr-target-branches.yml | 5 | ||||
| -rw-r--r-- | locale/gitlab.pot | 33 | ||||
| -rw-r--r-- | spec/controllers/autocomplete_controller_spec.rb | 72 |
6 files changed, 103 insertions, 30 deletions
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 06531932b31..ba8d2d18695 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -40,10 +40,20 @@ class AutocompleteController < ApplicationController end def merge_request_target_branches - merge_requests = MergeRequestsFinder.new(current_user, params).execute - target_branches = merge_requests.recent_target_branches + if target_branch_params.present? + merge_requests = MergeRequestsFinder.new(current_user, target_branch_params).execute + target_branches = merge_requests.recent_target_branches + + render json: target_branches.map { |target_branch| { title: target_branch } } + else + render json: { error: _('At least one of group_id or project_id must be specified') }, status: :bad_request + end + end + + private - render json: target_branches.map { |target_branch| { title: target_branch } } + def target_branch_params + params.permit(:group_id, :project_id) end end diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index f769fc0b961..b0d030c78b7 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -277,7 +277,7 @@ class MergeRequest < ApplicationRecord def self.recent_target_branches(limit: 100) group(:target_branch) .select(:target_branch) - .reorder('MAX(merge_requests.updated_at) DESC') + .reorder(arel_table[:updated_at].maximum.desc) .limit(limit) .pluck(:target_branch) end diff --git a/changelogs/unreleased/13979-dashboard-empty-state.yml b/changelogs/unreleased/13979-dashboard-empty-state.yml new file mode 100644 index 00000000000..90a84833708 --- /dev/null +++ b/changelogs/unreleased/13979-dashboard-empty-state.yml @@ -0,0 +1,5 @@ +--- +title: Use better context-specific empty state screens for the Security Dashboards +merge_request: 18382 +author: +type: changed diff --git a/changelogs/unreleased/31830-limit-mr-target-branches.yml b/changelogs/unreleased/31830-limit-mr-target-branches.yml new file mode 100644 index 00000000000..6247e74f8a6 --- /dev/null +++ b/changelogs/unreleased/31830-limit-mr-target-branches.yml @@ -0,0 +1,5 @@ +--- +title: Require group_id or project_id for MR target branch autocomplete action +merge_request: 20933 +author: +type: performance diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 7832ee37ebd..bd3aca61343 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -2171,6 +2171,9 @@ msgstr "" msgid "At least one approval from a code owner is required to change files matching the respective CODEOWNER rules." msgstr "" +msgid "At least one of group_id or project_id must be specified" +msgstr "" + msgid "Attach a file" msgstr "" @@ -11616,6 +11619,15 @@ msgstr "" msgid "No value set by top-level parent group." msgstr "" +msgid "No vulnerabilities found for this group" +msgstr "" + +msgid "No vulnerabilities found for this pipeline" +msgstr "" + +msgid "No vulnerabilities found for this project" +msgstr "" + msgid "No, directly import the existing email addresses and usernames." msgstr "" @@ -15355,12 +15367,6 @@ msgstr "" msgid "Security Reports|Undo dismiss" msgstr "" -msgid "Security Reports|We've found no vulnerabilities for your group" -msgstr "" - -msgid "Security Reports|While it's rare to have no vulnerabilities for your group, it can happen. In any event, we ask that you please double check your settings to make sure you've set up your dashboard correctly." -msgstr "" - msgid "Security configuration help link" msgstr "" @@ -19607,6 +19613,9 @@ msgstr "" msgid "We want to be sure it is you, please confirm you are not a robot." msgstr "" +msgid "We've found no vulnerabilities" +msgstr "" + msgid "Web IDE" msgstr "" @@ -19675,6 +19684,18 @@ msgstr "" msgid "When:" msgstr "" +msgid "While it's rare to have no vulnerabilities for your group, it can happen. In any event, we ask that you double check your settings to make sure you've set up your dashboard correctly." +msgstr "" + +msgid "While it's rare to have no vulnerabilities for your pipeline, it can happen. In any event, we ask that you double check your settings to make sure all security scanning jobs have passed successfully." +msgstr "" + +msgid "While it's rare to have no vulnerabilities for your project, it can happen. In any event, we ask that you double check your settings to make sure you've set up your dashboard correctly." +msgstr "" + +msgid "While it's rare to have no vulnerabilities, it can happen. In any event, we ask that you please double check your settings to make sure you've set up your dashboard correctly." +msgstr "" + msgid "White helpers give contextual information." msgstr "" diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 6cdd61e7abd..56c27b4e5eb 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -365,35 +365,67 @@ describe AutocompleteController do expect(json_response[3]).to match('name' => 'thumbsdown') end end + end - context 'Get merge_request_target_branches' do - let(:user2) { create(:user) } - let!(:merge_request1) { create(:merge_request, source_project: project, target_branch: 'feature') } + context 'Get merge_request_target_branches' do + let!(:merge_request) { create(:merge_request, source_project: project, target_branch: 'feature') } - context 'unauthorized user' do - it 'returns empty json' do - get :merge_request_target_branches + context 'anonymous user' do + it 'returns empty json' do + get :merge_request_target_branches, params: { project_id: project.id } - expect(json_response).to be_empty - end + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_empty end + end - context 'sign in as user without any accesible merge requests' do - it 'returns empty json' do - sign_in(user2) - get :merge_request_target_branches + context 'user without any accessible merge requests' do + it 'returns empty json' do + sign_in(create(:user)) - expect(json_response).to be_empty - end + get :merge_request_target_branches, params: { project_id: project.id } + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_empty end + end - context 'sign in as user with a accesible merge request' do - it 'returns json' do - sign_in(user) - get :merge_request_target_branches + context 'user with an accessible merge request but no scope' do + it 'returns an error' do + sign_in(user) - expect(json_response).to contain_exactly({ 'title' => 'feature' }) - end + get :merge_request_target_branches + + expect(response).to have_gitlab_http_status(400) + expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' }) + end + end + + context 'user with an accessible merge request by project' do + it 'returns json' do + sign_in(user) + + get :merge_request_target_branches, params: { project_id: project.id } + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to contain_exactly({ 'title' => 'feature' }) + end + end + + context 'user with an accessible merge request by group' do + let(:group) { create(:group) } + let(:project) { create(:project, namespace: group) } + let(:user) { create(:user) } + + it 'returns json' do + group.add_owner(user) + + sign_in(user) + + get :merge_request_target_branches, params: { group_id: group.id } + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to contain_exactly({ 'title' => 'feature' }) end end end |