diff options
Diffstat (limited to 'app/controllers/admin')
37 files changed, 162 insertions, 117 deletions
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb index 31d825c235b..6f80ed3c172 100644 --- a/app/controllers/admin/abuse_reports_controller.rb +++ b/app/controllers/admin/abuse_reports_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::AbuseReportsController < Admin::ApplicationController + feature_category :users + def index @abuse_reports = AbuseReportsFinder.new(params).execute end diff --git a/app/controllers/admin/appearances_controller.rb b/app/controllers/admin/appearances_controller.rb index 8405f2a5cf8..c2614a158b7 100644 --- a/app/controllers/admin/appearances_controller.rb +++ b/app/controllers/admin/appearances_controller.rb @@ -3,6 +3,8 @@ class Admin::AppearancesController < Admin::ApplicationController before_action :set_appearance, except: :create + feature_category :navigation + def show end diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 73f71f7ad55..786ba73a96f 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -2,6 +2,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController include InternalRedirect + include ServicesHelper # NOTE: Use @application_setting in this controller when you need to access # application_settings after it has been modified. This is because the @@ -16,6 +17,24 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController push_frontend_feature_flag(:ci_instance_variables_ui, default_enabled: true) end + feature_category :not_owned, [ + :general, :reporting, :metrics_and_profiling, :network, + :preferences, :update, :reset_health_check_token + ] + + feature_category :metrics, [ + :create_self_monitoring_project, + :status_create_self_monitoring_project, + :delete_self_monitoring_project, + :status_delete_self_monitoring_project + ] + + feature_category :source_code_management, [:repository, :clear_repository_check_states] + feature_category :continuous_integration, [:ci_cd, :reset_registration_token] + feature_category :collection, [:usage_data] + feature_category :integrations, [:integrations] + feature_category :pages, [:lets_encrypt_terms_of_service] + VALID_SETTING_PANELS = %w(general repository ci_cd reporting metrics_and_profiling network preferences).freeze @@ -32,6 +51,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController end def integrations + return not_found unless instance_level_integrations? + @integrations = Service.find_or_initialize_all(Service.for_instance).sort_by(&:title) end diff --git a/app/controllers/admin/applications_controller.rb b/app/controllers/admin/applications_controller.rb index c017ecee054..449aa90b0e6 100644 --- a/app/controllers/admin/applications_controller.rb +++ b/app/controllers/admin/applications_controller.rb @@ -6,6 +6,8 @@ class Admin::ApplicationsController < Admin::ApplicationController before_action :set_application, only: [:show, :edit, :update, :destroy] before_action :load_scopes, only: [:new, :create, :edit, :update] + feature_category :authentication_and_authorization + def index applications = ApplicationsFinder.new.execute @applications = Kaminari.paginate_array(applications).page(params[:page]) diff --git a/app/controllers/admin/background_jobs_controller.rb b/app/controllers/admin/background_jobs_controller.rb index fc877142418..d4b906d5e33 100644 --- a/app/controllers/admin/background_jobs_controller.rb +++ b/app/controllers/admin/background_jobs_controller.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true class Admin::BackgroundJobsController < Admin::ApplicationController + feature_category :not_owned end diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb index 3233c765941..4660b0bfbb0 100644 --- a/app/controllers/admin/broadcast_messages_controller.rb +++ b/app/controllers/admin/broadcast_messages_controller.rb @@ -5,6 +5,8 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController before_action :finder, only: [:edit, :update, :destroy] + feature_category :navigation + # rubocop: disable CodeReuse/ActiveRecord def index @broadcast_messages = BroadcastMessage.order(ends_at: :desc).page(params[:page]) diff --git a/app/controllers/admin/ci/variables_controller.rb b/app/controllers/admin/ci/variables_controller.rb index ca9b393550d..f30ee37fa58 100644 --- a/app/controllers/admin/ci/variables_controller.rb +++ b/app/controllers/admin/ci/variables_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::Ci::VariablesController < Admin::ApplicationController + feature_category :continuous_integration + def show respond_to do |format| format.json { render_instance_variables } diff --git a/app/controllers/admin/cohorts_controller.rb b/app/controllers/admin/cohorts_controller.rb index e3df98b7917..d5cd9c55422 100644 --- a/app/controllers/admin/cohorts_controller.rb +++ b/app/controllers/admin/cohorts_controller.rb @@ -5,6 +5,8 @@ class Admin::CohortsController < Admin::ApplicationController track_unique_visits :index, target_id: 'i_analytics_cohorts' + feature_category :instance_statistics + def index if Gitlab::CurrentSettings.usage_ping_enabled cohorts_results = Rails.cache.fetch('cohorts', expires_in: 1.day) do diff --git a/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb b/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb deleted file mode 100644 index 03783cd75a3..00000000000 --- a/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb +++ /dev/null @@ -1,110 +0,0 @@ -# frozen_string_literal: true - -module Authenticates2FAForAdminMode - extend ActiveSupport::Concern - - included do - include AuthenticatesWithTwoFactor - end - - def admin_mode_prompt_for_two_factor(user) - return handle_locked_user(user) unless user.can?(:log_in) - - session[:otp_user_id] = user.id - push_frontend_feature_flag(:webauthn) - - if user.two_factor_webauthn_enabled? - setup_webauthn_authentication(user) - else - setup_u2f_authentication(user) - end - - render 'admin/sessions/two_factor', layout: 'application' - end - - def admin_mode_authenticate_with_two_factor - user = current_user - - return handle_locked_user(user) unless user.can?(:log_in) - - if user_params[:otp_attempt].present? && session[:otp_user_id] - admin_mode_authenticate_with_two_factor_via_otp(user) - elsif user_params[:device_response].present? && session[:otp_user_id] - if user.two_factor_webauthn_enabled? - admin_mode_authenticate_with_two_factor_via_webauthn(user) - else - admin_mode_authenticate_with_two_factor_via_u2f(user) - end - elsif user && user.valid_password?(user_params[:password]) - admin_mode_prompt_for_two_factor(user) - else - invalid_login_redirect - end - end - - def admin_mode_authenticate_with_two_factor_via_otp(user) - if valid_otp_attempt?(user) - # Remove any lingering user data from login - session.delete(:otp_user_id) - - user.save! unless Gitlab::Database.read_only? - - # The admin user has successfully passed 2fa, enable admin mode ignoring password - enable_admin_mode - else - user.increment_failed_attempts! - Gitlab::AppLogger.info("Failed Admin Mode Login: user=#{user.username} ip=#{request.remote_ip} method=OTP") - flash.now[:alert] = _('Invalid two-factor code.') - - admin_mode_prompt_for_two_factor(user) - end - end - - def admin_mode_authenticate_with_two_factor_via_u2f(user) - if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge]) - admin_handle_two_factor_success - else - admin_handle_two_factor_failure(user, 'U2F') - end - end - - def admin_mode_authenticate_with_two_factor_via_webauthn(user) - if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute - admin_handle_two_factor_success - else - admin_handle_two_factor_failure(user, 'WebAuthn') - end - end - - private - - def enable_admin_mode - if current_user_mode.enable_admin_mode!(skip_password_validation: true) - redirect_to redirect_path, notice: _('Admin mode enabled') - else - invalid_login_redirect - end - end - - def invalid_login_redirect - flash.now[:alert] = _('Invalid login or password') - render :new - end - - def admin_handle_two_factor_success - # Remove any lingering user data from login - session.delete(:otp_user_id) - session.delete(:challenge) - - # The admin user has successfully passed 2fa, enable admin mode ignoring password - enable_admin_mode - end - - def admin_handle_two_factor_failure(user, method) - user.increment_failed_attempts! - Gitlab::AppLogger.info("Failed Admin Mode Login: user=#{user.username} ip=#{request.remote_ip} method=#{method}") - flash.now[:alert] = _('Authentication via %{method} device failed.') % { method: method } - - admin_mode_prompt_for_two_factor(user) - end -end diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index b7b535e70df..7d981d67840 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -6,6 +6,8 @@ class Admin::DashboardController < Admin::ApplicationController COUNTED_ITEMS = [Project, User, Group].freeze + feature_category :not_owned + # rubocop: disable CodeReuse/ActiveRecord def index @counts = Gitlab::Database::Count.approximate_counts(COUNTED_ITEMS) diff --git a/app/controllers/admin/deploy_keys_controller.rb b/app/controllers/admin/deploy_keys_controller.rb index 180f7d4c803..ed63e65d4df 100644 --- a/app/controllers/admin/deploy_keys_controller.rb +++ b/app/controllers/admin/deploy_keys_controller.rb @@ -4,6 +4,8 @@ class Admin::DeployKeysController < Admin::ApplicationController before_action :deploy_keys, only: [:index] before_action :deploy_key, only: [:destroy, :edit, :update] + feature_category :continuous_delivery + def index end diff --git a/app/controllers/admin/dev_ops_report_controller.rb b/app/controllers/admin/dev_ops_report_controller.rb index bed0d51c331..59b2200fb59 100644 --- a/app/controllers/admin/dev_ops_report_controller.rb +++ b/app/controllers/admin/dev_ops_report_controller.rb @@ -5,6 +5,8 @@ class Admin::DevOpsReportController < Admin::ApplicationController track_unique_visits :show, target_id: 'i_analytics_dev_ops_score' + feature_category :devops_reports + # rubocop: disable CodeReuse/ActiveRecord def show @metric = DevOpsReport::Metric.order(:created_at).last&.present diff --git a/app/controllers/admin/gitaly_servers_controller.rb b/app/controllers/admin/gitaly_servers_controller.rb index 0a5566bfe70..827791c8a4a 100644 --- a/app/controllers/admin/gitaly_servers_controller.rb +++ b/app/controllers/admin/gitaly_servers_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::GitalyServersController < Admin::ApplicationController + feature_category :gitaly + def index @gitaly_servers = Gitaly::Server.all end diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 6414792dd43..032e449f995 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -5,6 +5,8 @@ class Admin::GroupsController < Admin::ApplicationController before_action :group, only: [:edit, :update, :destroy, :project_update, :members_update] + feature_category :subgroups + def index @groups = groups.sort_by_attribute(@sort = params[:sort]) @groups = @groups.search(params[:name]) if params[:name].present? diff --git a/app/controllers/admin/health_check_controller.rb b/app/controllers/admin/health_check_controller.rb index 7668c799cba..e013b5fbd72 100644 --- a/app/controllers/admin/health_check_controller.rb +++ b/app/controllers/admin/health_check_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::HealthCheckController < Admin::ApplicationController + feature_category :not_owned + def show @errors = HealthCheck::Utils.process_checks(checks) end diff --git a/app/controllers/admin/hook_logs_controller.rb b/app/controllers/admin/hook_logs_controller.rb index 8301b3aa880..444ad17f86d 100644 --- a/app/controllers/admin/hook_logs_controller.rb +++ b/app/controllers/admin/hook_logs_controller.rb @@ -8,6 +8,8 @@ class Admin::HookLogsController < Admin::ApplicationController respond_to :html + feature_category :integrations + def show end diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb index 51b0f45c5be..ca24f671b9d 100644 --- a/app/controllers/admin/hooks_controller.rb +++ b/app/controllers/admin/hooks_controller.rb @@ -5,6 +5,8 @@ class Admin::HooksController < Admin::ApplicationController before_action :hook_logs, only: :edit + feature_category :integrations + def index @hooks = SystemHook.all @hook = SystemHook.new @@ -34,7 +36,7 @@ class Admin::HooksController < Admin::ApplicationController end def destroy - hook.destroy + destroy_hook(hook) redirect_to admin_hooks_path, status: :found end diff --git a/app/controllers/admin/identities_controller.rb b/app/controllers/admin/identities_controller.rb index 327538f1e93..dcec50e882d 100644 --- a/app/controllers/admin/identities_controller.rb +++ b/app/controllers/admin/identities_controller.rb @@ -4,6 +4,8 @@ class Admin::IdentitiesController < Admin::ApplicationController before_action :user before_action :identity, except: [:index, :new, :create] + feature_category :authentication_and_authorization + def new @identity = Identity.new end diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb index c35619a944e..c3166d5dd82 100644 --- a/app/controllers/admin/impersonation_tokens_controller.rb +++ b/app/controllers/admin/impersonation_tokens_controller.rb @@ -3,6 +3,8 @@ class Admin::ImpersonationTokensController < Admin::ApplicationController before_action :user + feature_category :authentication_and_authorization + def index set_index_vars end diff --git a/app/controllers/admin/impersonations_controller.rb b/app/controllers/admin/impersonations_controller.rb index 65fe22bd8f4..6c45b03455e 100644 --- a/app/controllers/admin/impersonations_controller.rb +++ b/app/controllers/admin/impersonations_controller.rb @@ -4,6 +4,8 @@ class Admin::ImpersonationsController < Admin::ApplicationController skip_before_action :authenticate_admin! before_action :authenticate_impersonator! + feature_category :authentication_and_authorization + def destroy original_user = stop_impersonation redirect_to admin_user_path(original_user), status: :found diff --git a/app/controllers/admin/instance_review_controller.rb b/app/controllers/admin/instance_review_controller.rb new file mode 100644 index 00000000000..db304c82dd6 --- /dev/null +++ b/app/controllers/admin/instance_review_controller.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true +class Admin::InstanceReviewController < Admin::ApplicationController + feature_category :instance_statistics + + def index + redirect_to("#{::Gitlab::SubscriptionPortal::SUBSCRIPTIONS_URL}/instance_review?#{instance_review_params}") + end + + def instance_review_params + result = { + instance_review: { + email: current_user.email, + last_name: current_user.name, + version: ::Gitlab::VERSION + } + } + + if Gitlab::CurrentSettings.usage_ping_enabled? + data = ::Gitlab::UsageData.data + counts = data[:counts] + + result[:instance_review].merge!( + users_count: data[:active_user_count], + projects_count: counts[:projects], + groups_count: counts[:groups], + issues_count: counts[:issues], + merge_requests_count: counts[:merge_requests], + internal_pipelines_count: counts[:ci_internal_pipelines], + external_pipelines_count: counts[:ci_external_pipelines], + labels_count: counts[:labels], + milestones_count: counts[:milestones], + snippets_count: counts[:snippets], + notes_count: counts[:notes] + ) + end + + result.to_query + end +end diff --git a/app/controllers/admin/instance_statistics_controller.rb b/app/controllers/admin/instance_statistics_controller.rb index 3aee26b97a2..dfbd704cb0c 100644 --- a/app/controllers/admin/instance_statistics_controller.rb +++ b/app/controllers/admin/instance_statistics_controller.rb @@ -7,6 +7,8 @@ class Admin::InstanceStatisticsController < Admin::ApplicationController track_unique_visits :index, target_id: 'i_analytics_instance_statistics' + feature_category :instance_statistics + def index end diff --git a/app/controllers/admin/integrations_controller.rb b/app/controllers/admin/integrations_controller.rb index 1e2a99f7078..9a1d5a11f7f 100644 --- a/app/controllers/admin/integrations_controller.rb +++ b/app/controllers/admin/integrations_controller.rb @@ -2,6 +2,9 @@ class Admin::IntegrationsController < Admin::ApplicationController include IntegrationsActions + include ServicesHelper + + feature_category :integrations private @@ -10,7 +13,7 @@ class Admin::IntegrationsController < Admin::ApplicationController end def integrations_enabled? - true + instance_level_integrations? end def scoped_edit_integration_path(integration) diff --git a/app/controllers/admin/jobs_controller.rb b/app/controllers/admin/jobs_controller.rb index 7b50a45a9cd..b800ca79d6b 100644 --- a/app/controllers/admin/jobs_controller.rb +++ b/app/controllers/admin/jobs_controller.rb @@ -3,6 +3,8 @@ class Admin::JobsController < Admin::ApplicationController BUILDS_PER_PAGE = 30 + feature_category :continuous_integration + def index # We need all builds for tabs counters @all_builds = Ci::JobsFinder.new(current_user: current_user).execute diff --git a/app/controllers/admin/keys_controller.rb b/app/controllers/admin/keys_controller.rb index 58ea19d1210..03383604e30 100644 --- a/app/controllers/admin/keys_controller.rb +++ b/app/controllers/admin/keys_controller.rb @@ -3,6 +3,8 @@ class Admin::KeysController < Admin::ApplicationController before_action :user, only: [:show, :destroy] + feature_category :authentication_and_authorization + def show @key = user.keys.find(params[:id]) diff --git a/app/controllers/admin/labels_controller.rb b/app/controllers/admin/labels_controller.rb index 6cb206c1686..be63bf4c7ce 100644 --- a/app/controllers/admin/labels_controller.rb +++ b/app/controllers/admin/labels_controller.rb @@ -3,6 +3,8 @@ class Admin::LabelsController < Admin::ApplicationController before_action :set_label, only: [:show, :edit, :update, :destroy] + feature_category :issue_tracking + def index @labels = Label.templates.page(params[:page]) end diff --git a/app/controllers/admin/plan_limits_controller.rb b/app/controllers/admin/plan_limits_controller.rb index 2620db8aec5..0a5cdc06d61 100644 --- a/app/controllers/admin/plan_limits_controller.rb +++ b/app/controllers/admin/plan_limits_controller.rb @@ -5,6 +5,8 @@ class Admin::PlanLimitsController < Admin::ApplicationController before_action :set_plan_limits + feature_category :not_owned + def create redirect_path = referer_path(request) || general_admin_application_settings_path diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index 9fe1f22c342..c4564478462 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -6,6 +6,9 @@ class Admin::ProjectsController < Admin::ApplicationController before_action :project, only: [:show, :transfer, :repository_check, :destroy] before_action :group, only: [:show, :transfer] + feature_category :projects, [:index, :show, :transfer, :destroy] + feature_category :source_code_management, [:repository_check] + def index params[:sort] ||= 'latest_activity_desc' @sort = params[:sort] diff --git a/app/controllers/admin/requests_profiles_controller.rb b/app/controllers/admin/requests_profiles_controller.rb index 24383455064..fbbe8c24637 100644 --- a/app/controllers/admin/requests_profiles_controller.rb +++ b/app/controllers/admin/requests_profiles_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::RequestsProfilesController < Admin::ApplicationController + feature_category :not_owned + def index @profile_token = Gitlab::RequestProfiler.profile_token @profiles = Gitlab::RequestProfiler.all.group_by(&:request_path) diff --git a/app/controllers/admin/runner_projects_controller.rb b/app/controllers/admin/runner_projects_controller.rb index 774ce04d079..7761ffaac84 100644 --- a/app/controllers/admin/runner_projects_controller.rb +++ b/app/controllers/admin/runner_projects_controller.rb @@ -3,6 +3,8 @@ class Admin::RunnerProjectsController < Admin::ApplicationController before_action :project, only: [:create] + feature_category :continuous_integration + def create @runner = Ci::Runner.find(params[:runner_project][:runner_id]) diff --git a/app/controllers/admin/runners_controller.rb b/app/controllers/admin/runners_controller.rb index 7a377a33d41..576b148fbff 100644 --- a/app/controllers/admin/runners_controller.rb +++ b/app/controllers/admin/runners_controller.rb @@ -1,7 +1,11 @@ # frozen_string_literal: true class Admin::RunnersController < Admin::ApplicationController - before_action :runner, except: [:index, :tag_list] + include RunnerSetupScripts + + before_action :runner, except: [:index, :tag_list, :runner_setup_scripts] + + feature_category :continuous_integration def index finder = Ci::RunnersFinder.new(current_user: current_user, params: params) @@ -53,6 +57,10 @@ class Admin::RunnersController < Admin::ApplicationController render json: ActsAsTaggableOn::TagSerializer.new.represent(tags) end + def runner_setup_scripts + private_runner_setup_scripts + end + private def runner diff --git a/app/controllers/admin/serverless/domains_controller.rb b/app/controllers/admin/serverless/domains_controller.rb index 1d4f10e033f..49cd9f7a36d 100644 --- a/app/controllers/admin/serverless/domains_controller.rb +++ b/app/controllers/admin/serverless/domains_controller.rb @@ -4,6 +4,8 @@ class Admin::Serverless::DomainsController < Admin::ApplicationController before_action :check_feature_flag before_action :domain, only: [:update, :verify, :destroy] + feature_category :serverless + def index @domain = PagesDomain.instance_serverless.first_or_initialize end diff --git a/app/controllers/admin/services_controller.rb b/app/controllers/admin/services_controller.rb index 1f4250639c4..379e74bb249 100644 --- a/app/controllers/admin/services_controller.rb +++ b/app/controllers/admin/services_controller.rb @@ -6,6 +6,8 @@ class Admin::ServicesController < Admin::ApplicationController before_action :service, only: [:edit, :update] before_action :whitelist_query_limiting, only: [:index] + feature_category :integrations + def index @services = Service.find_or_create_templates.sort_by(&:title) @existing_instance_types = Service.for_instance.pluck(:type) # rubocop: disable CodeReuse/ActiveRecord diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 0c0bbaf4d93..9c378f4c883 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -1,12 +1,14 @@ # frozen_string_literal: true class Admin::SessionsController < ApplicationController - include Authenticates2FAForAdminMode + include AuthenticatesWithTwoFactorForAdminMode include InternalRedirect include RendersLdapServers before_action :user_is_admin! + feature_category :authentication_and_authorization + def new if current_user_mode.admin_mode? redirect_to redirect_path, notice: _('Admin mode already enabled') @@ -65,7 +67,10 @@ class Admin::SessionsController < ApplicationController end def valid_otp_attempt?(user) - valid_otp_attempt = user.validate_and_consume_otp!(user_params[:otp_attempt]) + otp_validation_result = + ::Users::ValidateOtpService.new(user).execute(user_params[:otp_attempt]) + valid_otp_attempt = otp_validation_result[:status] == :success + return valid_otp_attempt if Gitlab::Database.read_only? valid_otp_attempt || user.invalidate_otp_backup_code!(user_params[:otp_attempt]) diff --git a/app/controllers/admin/spam_logs_controller.rb b/app/controllers/admin/spam_logs_controller.rb index 689e502a221..67d991c8b03 100644 --- a/app/controllers/admin/spam_logs_controller.rb +++ b/app/controllers/admin/spam_logs_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::SpamLogsController < Admin::ApplicationController + feature_category :not_owned + # rubocop: disable CodeReuse/ActiveRecord def index @spam_logs = SpamLog.order(id: :desc).page(params[:page]) diff --git a/app/controllers/admin/system_info_controller.rb b/app/controllers/admin/system_info_controller.rb index 657aa177ecf..f14305528a3 100644 --- a/app/controllers/admin/system_info_controller.rb +++ b/app/controllers/admin/system_info_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Admin::SystemInfoController < Admin::ApplicationController + feature_category :not_owned + EXCLUDED_MOUNT_OPTIONS = %w[ nobrowse read-only diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index e19b09e1324..bd7b69384b2 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -6,10 +6,14 @@ class Admin::UsersController < Admin::ApplicationController before_action :user, except: [:index, :new, :create] before_action :check_impersonation_availability, only: :impersonate before_action :ensure_destroy_prerequisites_met, only: [:destroy] + before_action :check_admin_approval_feature_available!, only: [:approve] + + feature_category :users def index @users = User.filter_items(params[:filter]).order_name_asc @users = @users.search_with_secondary_emails(params[:search_query]) if params[:search_query].present? + @users = @users.includes(:authorized_projects) # rubocop: disable CodeReuse/ActiveRecord @users = @users.sort_by_attribute(@sort = params[:sort]) @users = @users.page(params[:page]) end @@ -59,6 +63,16 @@ class Admin::UsersController < Admin::ApplicationController end end + def approve + result = Users::ApproveService.new(current_user).execute(user) + + if result[:status] == :success + redirect_back_or_admin_user(notice: _("Successfully approved")) + else + redirect_back_or_admin_user(alert: result[:message]) + end + end + def activate return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user must be unblocked to be activated")) if user.blocked? @@ -69,6 +83,7 @@ class Admin::UsersController < Admin::ApplicationController def deactivate return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user cannot be deactivated")) if user.blocked? return redirect_back_or_admin_user(notice: _("Successfully deactivated")) if user.deactivated? + return redirect_back_or_admin_user(notice: _("Internal users cannot be deactivated")) if user.internal? return redirect_back_or_admin_user(notice: _("The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated") % { minimum_inactive_days: ::User::MINIMUM_INACTIVE_DAYS }) unless user.can_be_deactivated? user.deactivate @@ -78,7 +93,7 @@ class Admin::UsersController < Admin::ApplicationController def block result = Users::BlockService.new(current_user).execute(user) - if result[:status] = :success + if result[:status] == :success redirect_back_or_admin_user(notice: _("Successfully blocked")) else redirect_back_or_admin_user(alert: _("Error occurred. User was not blocked")) @@ -168,7 +183,7 @@ class Admin::UsersController < Admin::ApplicationController # restore username to keep form action url. user.username = params[:id] format.html { render "edit" } - format.json { render json: [result[:message]], status: result[:status] } + format.json { render json: [result[:message]], status: :internal_server_error } end end end @@ -283,6 +298,10 @@ class Admin::UsersController < Admin::ApplicationController def log_impersonation_event Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) end + + def check_admin_approval_feature_available! + access_denied! unless Feature.enabled?(:admin_approval_for_new_user_signups, default_enabled: true) + end end Admin::UsersController.prepend_if_ee('EE::Admin::UsersController') |