diff options
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r-- | app/controllers/concerns/gitlab_recaptcha.rb | 3 | ||||
-rw-r--r-- | app/controllers/concerns/integrations/actions.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/issuable_actions.rb | 3 | ||||
-rw-r--r-- | app/controllers/concerns/issues_calendar.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/membership_actions.rb | 4 | ||||
-rw-r--r-- | app/controllers/concerns/notes_actions.rb | 42 | ||||
-rw-r--r-- | app/controllers/concerns/product_analytics_tracking.rb | 11 | ||||
-rw-r--r-- | app/controllers/concerns/project_stats_refresh_conflicts_guard.rb | 13 | ||||
-rw-r--r-- | app/controllers/concerns/snippets_actions.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/sorting_preference.rb | 17 | ||||
-rw-r--r-- | app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/wiki_actions.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/zuora_csp.rb | 26 |
13 files changed, 77 insertions, 52 deletions
diff --git a/app/controllers/concerns/gitlab_recaptcha.rb b/app/controllers/concerns/gitlab_recaptcha.rb index 15e856463ea..cedadba5fc7 100644 --- a/app/controllers/concerns/gitlab_recaptcha.rb +++ b/app/controllers/concerns/gitlab_recaptcha.rb @@ -17,6 +17,9 @@ module GitlabRecaptcha flash.delete :recaptcha_error self.resource = resource_class.new + + add_gon_variables + render action: 'new' end end diff --git a/app/controllers/concerns/integrations/actions.rb b/app/controllers/concerns/integrations/actions.rb index 1f788860c8f..e0a12555e11 100644 --- a/app/controllers/concerns/integrations/actions.rb +++ b/app/controllers/concerns/integrations/actions.rb @@ -51,11 +51,9 @@ module Integrations::Actions private - # rubocop:disable Gitlab/ModuleWithInstanceVariables def integration @integration ||= find_or_initialize_non_project_specific_integration(params[:id]) end - # rubocop:enable Gitlab/ModuleWithInstanceVariables def success_message if integration.active? diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 4d3eb9cd183..07850acd23d 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -184,7 +184,8 @@ module IssuableActions def paginated_discussions return if params[:per_page].blank? - return unless issuable.instance_of?(Issue) && Feature.enabled?(:paginated_issue_discussions, project) + return if issuable.instance_of?(Issue) && Feature.disabled?(:paginated_issue_discussions, project) + return if issuable.instance_of?(MergeRequest) && Feature.disabled?(:paginated_mr_discussions, project) strong_memoize(:paginated_discussions) do issuable diff --git a/app/controllers/concerns/issues_calendar.rb b/app/controllers/concerns/issues_calendar.rb index 1fdfde4c869..51d6d3cf05a 100644 --- a/app/controllers/concerns/issues_calendar.rb +++ b/app/controllers/concerns/issues_calendar.rb @@ -4,7 +4,6 @@ module IssuesCalendar extend ActiveSupport::Concern # rubocop:disable Gitlab/ModuleWithInstanceVariables - # rubocop: disable CodeReuse/ActiveRecord def render_issues_calendar(issuables) @issues = issuables .non_archived @@ -23,6 +22,5 @@ module IssuesCalendar end end end - # rubocop: enable CodeReuse/ActiveRecord # rubocop:enable Gitlab/ModuleWithInstanceVariables end diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 0b9024dc3db..fb11bece79c 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -143,8 +143,8 @@ module MembershipActions raise NotImplementedError end - def requested_relations - case params[:with_inherited_permissions].presence + def requested_relations(inherited_permissions = :with_inherited_permissions) + case params[inherited_permissions].presence when 'exclude' [:direct] when 'only' diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index 55b6747fcfb..928c617471b 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -6,8 +6,7 @@ module NotesActions extend ActiveSupport::Concern # last_fetched_at is an integer number of microseconds, which is the same - # precision as PostgreSQL "timestamp" fields. It's important for them to have - # identical precision for accurate pagination + # precision as PostgreSQL "timestamp" fields. MICROSECOND = 1_000_000 included do @@ -23,7 +22,7 @@ module NotesActions end def index - notes, meta = gather_notes + notes, meta = gather_all_notes notes = prepare_notes_for_rendering(notes) notes = notes.select { |n| n.readable_by?(current_user) } notes = @@ -33,11 +32,7 @@ module NotesActions notes.map { |note| note_json(note) } end - # We know there's more data, so tell the frontend to poll again after 1ms - set_polling_interval_header(interval: 1) if meta[:more] - - # Only present an ETag for the empty response to ensure pagination works - # as expected + # Only present an ETag for the empty response ::Gitlab::EtagCaching::Middleware.skip!(response) if notes.present? render json: meta.merge(notes: notes) @@ -105,17 +100,6 @@ module NotesActions private - # Lower bound (last_fetched_at as specified in the request) is already set in - # the finder. Here, we select between returning all notes since then, or a - # page's worth of notes. - def gather_notes - if Feature.enabled?(:paginated_notes, noteable.try(:resource_parent)) - gather_some_notes - else - gather_all_notes - end - end - def gather_all_notes now = Time.current notes = merge_resource_events(notes_finder.execute.inc_relations_for_view) @@ -123,27 +107,11 @@ module NotesActions [notes, { last_fetched_at: (now.to_i * MICROSECOND) + now.usec }] end - def gather_some_notes - paginator = ::Gitlab::UpdatedNotesPaginator.new( - notes_finder.execute.inc_relations_for_view, - last_fetched_at: last_fetched_at - ) - - notes = paginator.notes - - # Fetch all the synthetic notes in the same time range as the real notes. - # Although we don't limit the number, their text is under our control so - # should be fairly cheap to process. - notes = merge_resource_events(notes, fetch_until: paginator.next_fetched_at) - - [notes, paginator.metadata] - end - - def merge_resource_events(notes, fetch_until: nil) + def merge_resource_events(notes) return notes if notes_filter == UserPreference::NOTES_FILTERS[:only_comments] ResourceEvents::MergeIntoNotesService - .new(noteable, current_user, last_fetched_at: last_fetched_at, fetch_until: fetch_until) + .new(noteable, current_user, last_fetched_at: last_fetched_at) .execute(notes) end diff --git a/app/controllers/concerns/product_analytics_tracking.rb b/app/controllers/concerns/product_analytics_tracking.rb index 4021ff83578..0b51b3dd380 100644 --- a/app/controllers/concerns/product_analytics_tracking.rb +++ b/app/controllers/concerns/product_analytics_tracking.rb @@ -20,8 +20,17 @@ module ProductAnalyticsTracking def route_events_to(destinations, name, &block) track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) - if destinations.include?(:snowplow) && Feature.enabled?(:route_hll_to_snowplow, tracking_namespace_source) + if destinations.include?(:snowplow) && event_enabled?(name) Gitlab::Tracking.event(self.class.to_s, name, namespace: tracking_namespace_source, user: current_user) end end + + def event_enabled?(event) + events_to_ff = { + g_analytics_valuestream: :route_hll_to_snowplow, + i_search_paid: :route_hll_to_snowplow_phase2 + } + + Feature.enabled?(events_to_ff[event.to_sym], tracking_namespace_source) + end end diff --git a/app/controllers/concerns/project_stats_refresh_conflicts_guard.rb b/app/controllers/concerns/project_stats_refresh_conflicts_guard.rb new file mode 100644 index 00000000000..a3349997dbd --- /dev/null +++ b/app/controllers/concerns/project_stats_refresh_conflicts_guard.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module ProjectStatsRefreshConflictsGuard + extend ActiveSupport::Concern + + def reject_if_build_artifacts_size_refreshing! + return unless project.refreshing_build_artifacts_size? + + Gitlab::ProjectStatsRefreshConflictsLogger.warn_request_rejected_during_stats_refresh(project.id) + + render_409('Action temporarily disabled. The project this pipeline belongs to is undergoing stats refresh.') + end +end diff --git a/app/controllers/concerns/snippets_actions.rb b/app/controllers/concerns/snippets_actions.rb index 0ee8d0c9307..1bb81a46e50 100644 --- a/app/controllers/concerns/snippets_actions.rb +++ b/app/controllers/concerns/snippets_actions.rb @@ -75,7 +75,6 @@ module SnippetsActions private - # rubocop:disable Gitlab/ModuleWithInstanceVariables def blob @blob ||= blobs.first end @@ -87,7 +86,6 @@ module SnippetsActions snippet.blobs end end - # rubocop:enable Gitlab/ModuleWithInstanceVariables def convert_line_endings(content) params[:line_ending] == 'raw' ? content : content.gsub(/\r\n/, "\n") diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb index 8d8845e2f41..6278b489028 100644 --- a/app/controllers/concerns/sorting_preference.rb +++ b/app/controllers/concerns/sorting_preference.rb @@ -5,10 +5,12 @@ module SortingPreference include CookiesHelper def set_sort_order(field = sorting_field, default_order = default_sort_order) - set_sort_order_from_user_preference(field) || - set_sort_order_from_cookie(field) || - params[:sort] || - default_order + sort_order = set_sort_order_from_user_preference(field) || set_sort_order_from_cookie(field) || params[:sort] + + # some types of sorting might not be available on the dashboard + return default_order unless valid_sort_order?(sort_order) + + sort_order end # Implement sorting_field method on controllers @@ -85,4 +87,11 @@ module SortingPreference else value end end + + def valid_sort_order?(sort_order) + return false unless sort_order + return can_sort_by_issue_weight?(action_name == 'issues') if sort_order.include?('weight') + + true + end end diff --git a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb index b254916cdd6..707c1e6c84f 100644 --- a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb +++ b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb @@ -32,3 +32,5 @@ module SpammableActions::CaptchaCheck::HtmlFormatActionsSupport request.headers['X-GitLab-Spam-Log-Id'] = params[:spam_log_id] if params[:spam_log_id] end end + +SpammableActions::CaptchaCheck::HtmlFormatActionsSupport.prepend_mod diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index 9fc8886aaee..83447744013 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -167,7 +167,7 @@ module WikiActions render 'shared/wikis/diff' end - # rubocop:disable Gitlab/ModuleWithInstanceVariables + # rubocop:enable Gitlab/ModuleWithInstanceVariables # rubocop:disable Gitlab/ModuleWithInstanceVariables def destroy diff --git a/app/controllers/concerns/zuora_csp.rb b/app/controllers/concerns/zuora_csp.rb new file mode 100644 index 00000000000..5f9be11d7b9 --- /dev/null +++ b/app/controllers/concerns/zuora_csp.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module ZuoraCSP + extend ActiveSupport::Concern + + ZUORA_URL = 'https://*.zuora.com' + + included do + content_security_policy do |policy| + next if policy.directives.blank? + + default_script_src = policy.directives['script-src'] || policy.directives['default-src'] + script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", ZUORA_URL] + + default_frame_src = policy.directives['frame-src'] || policy.directives['default-src'] + frame_src_values = Array.wrap(default_frame_src) | ["'self'", ZUORA_URL] + + default_child_src = policy.directives['child-src'] || policy.directives['default-src'] + child_src_values = Array.wrap(default_child_src) | ["'self'", ZUORA_URL] + + policy.script_src(*script_src_values) + policy.frame_src(*frame_src_values) + policy.child_src(*child_src_values) + end + end +end |