diff options
-rw-r--r-- | app/assets/stylesheets/framework/gitlab-theme.scss | 4 | ||||
-rw-r--r-- | changelogs/unreleased/rs-allow-name-on-anchors.yml | 5 | ||||
-rw-r--r-- | config/initializers/1_settings.rb | 4 | ||||
-rw-r--r-- | doc/install/kubernetes/gitlab_omnibus.md | 16 | ||||
-rw-r--r-- | doc/install/requirements.md | 4 | ||||
-rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 3 | ||||
-rw-r--r-- | spec/lib/banzai/filter/sanitization_filter_spec.rb | 8 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 133 |
8 files changed, 120 insertions, 57 deletions
diff --git a/app/assets/stylesheets/framework/gitlab-theme.scss b/app/assets/stylesheets/framework/gitlab-theme.scss index f844d6f1d5a..7fa58b11d9d 100644 --- a/app/assets/stylesheets/framework/gitlab-theme.scss +++ b/app/assets/stylesheets/framework/gitlab-theme.scss @@ -6,7 +6,7 @@ // Header header.navbar-gitlab-new { - background: linear-gradient(to right, $color-900, $color-800); + background-color: $color-900; .navbar-collapse { color: $color-200; @@ -201,7 +201,7 @@ body { @include gitlab-theme($theme-gray-900, $theme-gray-700, $theme-gray-800, $theme-gray-700, $theme-gray-700, $theme-gray-100, $theme-gray-700); header.navbar-gitlab-new { - background: $theme-gray-100; + background-color: $theme-gray-100; box-shadow: 0 2px 0 0 $border-color; .logo-text svg { diff --git a/changelogs/unreleased/rs-allow-name-on-anchors.yml b/changelogs/unreleased/rs-allow-name-on-anchors.yml new file mode 100644 index 00000000000..59e95ed8a0e --- /dev/null +++ b/changelogs/unreleased/rs-allow-name-on-anchors.yml @@ -0,0 +1,5 @@ +--- +title: Re-allow `name` attribute on user-provided anchor HTML +merge_request: +author: +type: fixed diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 94429ee91a9..27c1ecc7b23 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -499,9 +499,7 @@ Settings.backup['upload']['storage_class'] ||= nil # Git # Settings['git'] ||= Settingslogic.new({}) -Settings.git['max_size'] ||= 20971520 # 20.megabytes -Settings.git['bin_path'] ||= '/usr/bin/git' -Settings.git['timeout'] ||= 10 +Settings.git['bin_path'] ||= '/usr/bin/git' # Important: keep the satellites.path setting until GitLab 9.0 at # least. This setting is fed to 'rm -rf' in diff --git a/doc/install/kubernetes/gitlab_omnibus.md b/doc/install/kubernetes/gitlab_omnibus.md index 19e2a257c94..150eb3a8bce 100644 --- a/doc/install/kubernetes/gitlab_omnibus.md +++ b/doc/install/kubernetes/gitlab_omnibus.md @@ -155,6 +155,22 @@ should we done using `helm upgrade`: helm upgrade -f values.yaml gitlab gitlab/gitlab-omnibus ``` +## Upgrading from CE to EE using the Helm Chart + +If you have installed the Community Edition using this chart, upgrading to Enterprise Edition is easy. + +If you are using a `values.yaml` file to specify the configuration options, edit the file and set `gitlab=ee`. If you would like to run a specific version of GitLab EE, set `gitlabEEImage` to be the desired GitLab [docker image](https://hub.docker.com/r/gitlab/gitlab-ee/tags/). Then you can use `helm upgrade` to update your GitLab instance to EE: + +```bash +helm upgrade -f values.yaml gitlab gitlab/gitlab-omnibus +``` + +You can also upgrade and specify these options via the command line: + +```bash +helm upgrade gitlab --set gitlab=ee,gitlabEEImage=gitlab/gitlab-ee:9.5.5-ee.0 gitlab/gitlab-omnibus +``` + ## Uninstalling GitLab using the Helm Chart To uninstall the GitLab Chart, run the following: diff --git a/doc/install/requirements.md b/doc/install/requirements.md index f672b358096..17fe80fa93d 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -82,11 +82,11 @@ errors during usage. We recommend having at least 2GB of swap on your server, even if you currently have enough available RAM. Having swap will help reduce the chance of errors occurring -if your available memory changes. We also recommend [configuring the kernels swappiness setting](https://askubuntu.com/a/103916) +if your available memory changes. We also recommend [configuring the kernel's swappiness setting](https://askubuntu.com/a/103916) to a low value like `10` to make the most of your RAM while still having the swap available when needed. -Notice: The 25 workers of Sidekiq will show up as separate processes in your process overview (such as top or htop) but they share the same RAM allocation since Sidekiq is a multithreaded application. Please see the section below about Unicorn workers for information about many you need of those. +Notice: The 25 workers of Sidekiq will show up as separate processes in your process overview (such as top or htop) but they share the same RAM allocation since Sidekiq is a multithreaded application. Please see the section below about Unicorn workers for information about how many you need of those. ## Database diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 9923ec4e870..88b17e12576 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -45,8 +45,9 @@ module Banzai whitelist[:elements].push('abbr') whitelist[:attributes]['abbr'] = %w(title) - # Disallow `name` attribute globally + # Disallow `name` attribute globally, allow on `a` whitelist[:attributes][:all].delete('name') + whitelist[:attributes]['a'].push('name') # Allow any protocol in `a` elements... whitelist[:protocols].delete('a') diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index 01ceb21dfaa..5f41e28fece 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -47,9 +47,11 @@ describe Banzai::Filter::SanitizationFilter do describe 'custom whitelist' do it 'customizes the whitelist only once' do instance = described_class.new('Foo') + control_count = instance.whitelist[:transformers].size + 3.times { instance.whitelist } - expect(instance.whitelist[:transformers].size).to eq 5 + expect(instance.whitelist[:transformers].size).to eq control_count end it 'sanitizes `class` attribute from all elements' do @@ -101,16 +103,18 @@ describe Banzai::Filter::SanitizationFilter do expect(filter(act).to_html).to eq exp end - it 'disallows the `name` attribute globally' do + it 'disallows the `name` attribute globally, allows on `a`' do html = <<~HTML <img name="getElementById" src=""> <span name="foo" class="bar">Hi</span> + <a name="foo" class="bar">Bye</a> HTML doc = filter(html) expect(doc.at_css('img')).not_to have_attribute('name') expect(doc.at_css('span')).not_to have_attribute('name') + expect(doc.at_css('a')).to have_attribute('name') end it 'allows `summary` elements' do diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index c0cbdeed03d..f2593a1a75c 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -1,15 +1,15 @@ require 'spec_helper' describe ProjectPolicy do - let(:guest) { create(:user) } - let(:reporter) { create(:user) } - let(:dev) { create(:user) } - let(:master) { create(:user) } - let(:owner) { create(:user) } - let(:admin) { create(:admin) } + set(:guest) { create(:user) } + set(:reporter) { create(:user) } + set(:developer) { create(:user) } + set(:master) { create(:user) } + set(:owner) { create(:user) } + set(:admin) { create(:admin) } let(:project) { create(:project, :public, namespace: owner.namespace) } - let(:guest_permissions) do + let(:base_guest_permissions) do %i[ read_project read_board read_list read_wiki read_issue read_label read_milestone read_project_snippet read_project_member @@ -18,7 +18,7 @@ describe ProjectPolicy do ] end - let(:reporter_permissions) do + let(:base_reporter_permissions) do %i[ download_code fork_project create_project_snippet update_issue admin_issue admin_label admin_list read_commit_status read_build @@ -41,7 +41,7 @@ describe ProjectPolicy do ] end - let(:master_permissions) do + let(:base_master_permissions) do %i[ delete_protected_branch update_project_snippet update_environment update_deployment admin_project_snippet @@ -66,11 +66,20 @@ describe ProjectPolicy do ] end + # Used in EE specs + let(:additional_guest_permissions) { [] } + let(:additional_reporter_permissions) { [] } + let(:additional_master_permissions) { [] } + + let(:guest_permissions) { base_guest_permissions + additional_guest_permissions } + let(:reporter_permissions) { base_reporter_permissions + additional_reporter_permissions } + let(:master_permissions) { base_master_permissions + additional_master_permissions } + before do - project.team << [guest, :guest] - project.team << [master, :master] - project.team << [dev, :developer] - project.team << [reporter, :reporter] + project.add_guest(guest) + project.add_master(master) + project.add_developer(developer) + project.add_reporter(reporter) end def expect_allowed(*permissions) @@ -127,38 +136,41 @@ describe ProjectPolicy do end end - context 'when a project has pending invites, and the current user is anonymous' do - let(:group) { create(:group, :public) } - let(:project) { create(:project, :public, namespace: group) } - let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] } - let(:anonymous_permissions) { guest_permissions - user_permissions } + shared_examples 'project policies as anonymous' do + context 'abilities for public projects' do + context 'when a project has pending invites' do + let(:group) { create(:group, :public) } + let(:project) { create(:project, :public, namespace: group) } + let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] } + let(:anonymous_permissions) { guest_permissions - user_permissions } - subject { described_class.new(nil, project) } + subject { described_class.new(nil, project) } - before do - create(:group_member, :invited, group: group) - end + before do + create(:group_member, :invited, group: group) + end - it 'does not grant owner access' do - expect_allowed(*anonymous_permissions) - expect_disallowed(*user_permissions) + it 'does not grant owner access' do + expect_allowed(*anonymous_permissions) + expect_disallowed(*user_permissions) + end + end end - end - context 'abilities for non-public projects' do - let(:project) { create(:project, namespace: owner.namespace) } + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } - subject { described_class.new(current_user, project) } - - context 'with no user' do - let(:current_user) { nil } + subject { described_class.new(nil, project) } it { is_expected.to be_banned } end + end - context 'guests' do - let(:current_user) { guest } + shared_examples 'project policies as guest' do + subject { described_class.new(guest, project) } + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } let(:reporter_public_build_permissions) do reporter_permissions - [:read_build, :read_pipeline] end @@ -179,7 +191,7 @@ describe ProjectPolicy do end end - context 'public builds disabled' do + context 'when public builds disabled' do before do project.update(public_builds: false) end @@ -192,8 +204,7 @@ describe ProjectPolicy do context 'when builds are disabled' do before do - project.project_feature.update( - builds_access_level: ProjectFeature::DISABLED) + project.project_feature.update(builds_access_level: ProjectFeature::DISABLED) end it do @@ -202,9 +213,13 @@ describe ProjectPolicy do end end end + end + + shared_examples 'project policies as reporter' do + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } - context 'reporter' do - let(:current_user) { reporter } + subject { described_class.new(reporter, project) } it do expect_allowed(*guest_permissions) @@ -216,9 +231,13 @@ describe ProjectPolicy do expect_disallowed(*owner_permissions) end end + end - context 'developer' do - let(:current_user) { dev } + shared_examples 'project policies as developer' do + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } + + subject { described_class.new(developer, project) } it do expect_allowed(*guest_permissions) @@ -229,9 +248,13 @@ describe ProjectPolicy do expect_disallowed(*owner_permissions) end end + end + + shared_examples 'project policies as master' do + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } - context 'master' do - let(:current_user) { master } + subject { described_class.new(master, project) } it do expect_allowed(*guest_permissions) @@ -242,9 +265,13 @@ describe ProjectPolicy do expect_disallowed(*owner_permissions) end end + end + + shared_examples 'project policies as owner' do + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } - context 'owner' do - let(:current_user) { owner } + subject { described_class.new(owner, project) } it do expect_allowed(*guest_permissions) @@ -255,9 +282,13 @@ describe ProjectPolicy do expect_allowed(*owner_permissions) end end + end - context 'admin' do - let(:current_user) { admin } + shared_examples 'project policies as admin' do + context 'abilities for non-public projects' do + let(:project) { create(:project, namespace: owner.namespace) } + + subject { described_class.new(admin, project) } it do expect_allowed(*guest_permissions) @@ -269,4 +300,12 @@ describe ProjectPolicy do end end end + + it_behaves_like 'project policies as anonymous' + it_behaves_like 'project policies as guest' + it_behaves_like 'project policies as reporter' + it_behaves_like 'project policies as developer' + it_behaves_like 'project policies as master' + it_behaves_like 'project policies as owner' + it_behaves_like 'project policies as admin' end |