summaryrefslogtreecommitdiff
path: root/app/controllers/groups
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/groups')
-rw-r--r--app/controllers/groups/application_controller.rb8
-rw-r--r--app/controllers/groups/boards_controller.rb2
-rw-r--r--app/controllers/groups/clusters/applications_controller.rb18
-rw-r--r--app/controllers/groups/dependency_proxies_controller.rb2
-rw-r--r--app/controllers/groups/dependency_proxy/application_controller.rb66
-rw-r--r--app/controllers/groups/dependency_proxy_auth_controller.rb4
-rw-r--r--app/controllers/groups/dependency_proxy_for_containers_controller.rb27
-rw-r--r--app/controllers/groups/email_campaigns_controller.rb6
-rw-r--r--app/controllers/groups/group_members_controller.rb2
-rw-r--r--app/controllers/groups/runners_controller.rb13
-rw-r--r--app/controllers/groups/settings/ci_cd_controller.rb5
-rw-r--r--app/controllers/groups/settings/integrations_controller.rb4
12 files changed, 114 insertions, 43 deletions
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index 69081835c4d..aa0d49902c3 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -13,16 +13,8 @@ class Groups::ApplicationController < ApplicationController
before_action :set_sorting
requires_cross_project_access
- helper_method :can_manage_members?
-
private
- def can_manage_members?(group = @group)
- strong_memoize(:can_manage_members) do
- can?(current_user, :admin_group_member, group)
- end
- end
-
def group
@group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info)
end
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 04b4d8ea9a7..96a3b38669d 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -7,7 +7,7 @@ class Groups::BoardsController < Groups::ApplicationController
before_action :assign_endpoint_vars
before_action do
- push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: false)
+ push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: :yaml)
push_frontend_feature_flag(:issue_boards_filtered_search, group, default_enabled: :yaml)
push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml)
push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
diff --git a/app/controllers/groups/clusters/applications_controller.rb b/app/controllers/groups/clusters/applications_controller.rb
deleted file mode 100644
index ce6fda4143c..00000000000
--- a/app/controllers/groups/clusters/applications_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-class Groups::Clusters::ApplicationsController < Clusters::ApplicationsController
- include ControllerWithCrossProjectAccessCheck
-
- prepend_before_action :group
- requires_cross_project_access
-
- private
-
- def clusterable
- @clusterable ||= ClusterablePresenter.fabricate(group, current_user: current_user)
- end
-
- def group
- @group ||= find_routable!(Group, params[:group_id] || params[:id], request.path_info)
- end
-end
diff --git a/app/controllers/groups/dependency_proxies_controller.rb b/app/controllers/groups/dependency_proxies_controller.rb
index b896b240daf..b037aa52939 100644
--- a/app/controllers/groups/dependency_proxies_controller.rb
+++ b/app/controllers/groups/dependency_proxies_controller.rb
@@ -2,7 +2,7 @@
module Groups
class DependencyProxiesController < Groups::ApplicationController
- include DependencyProxy::GroupAccess
+ include ::DependencyProxy::GroupAccess
before_action :authorize_admin_dependency_proxy!, only: :update
before_action :dependency_proxy
diff --git a/app/controllers/groups/dependency_proxy/application_controller.rb b/app/controllers/groups/dependency_proxy/application_controller.rb
new file mode 100644
index 00000000000..fd9db41f748
--- /dev/null
+++ b/app/controllers/groups/dependency_proxy/application_controller.rb
@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Groups
+ module DependencyProxy
+ class ApplicationController < ::ApplicationController
+ EMPTY_AUTH_RESULT = Gitlab::Auth::Result.new(nil, nil, nil, nil).freeze
+
+ delegate :actor, to: :@authentication_result, allow_nil: true
+
+ # This allows auth_user to be set in the base ApplicationController
+ alias_method :authenticated_user, :actor
+
+ # We disable `authenticate_user!` since the `DependencyProxy::ApplicationController` performs auth using JWT token
+ skip_before_action :authenticate_user!, raise: false
+
+ prepend_before_action :authenticate_user_from_jwt_token!
+
+ def authenticate_user_from_jwt_token!
+ return unless dependency_proxy_for_private_groups?
+
+ authenticate_with_http_token do |token, _|
+ @authentication_result = EMPTY_AUTH_RESULT
+
+ found_user = user_from_token(token)
+ sign_in(found_user) if found_user.is_a?(User)
+ end
+
+ request_bearer_token! unless authenticated_user
+ end
+
+ private
+
+ def dependency_proxy_for_private_groups?
+ Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true)
+ end
+
+ def request_bearer_token!
+ # unfortunately, we cannot use https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html#method-i-authentication_request
+ response.headers['WWW-Authenticate'] = ::DependencyProxy::Registry.authenticate_header
+ render plain: '', status: :unauthorized
+ end
+
+ def user_from_token(token)
+ token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token)
+
+ if token_payload['user_id']
+ token_user = User.find(token_payload['user_id'])
+ return unless token_user
+
+ @authentication_result = Gitlab::Auth::Result.new(token_user, nil, :user, [])
+ return token_user
+ elsif token_payload['deploy_token']
+ deploy_token = DeployToken.active.find_by_token(token_payload['deploy_token'])
+ return unless deploy_token
+
+ @authentication_result = Gitlab::Auth::Result.new(deploy_token, nil, :deploy_token, [])
+ return deploy_token
+ end
+
+ nil
+ rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
+ nil
+ end
+ end
+ end
+end
diff --git a/app/controllers/groups/dependency_proxy_auth_controller.rb b/app/controllers/groups/dependency_proxy_auth_controller.rb
index e3e9bd88e24..60b2371fa9a 100644
--- a/app/controllers/groups/dependency_proxy_auth_controller.rb
+++ b/app/controllers/groups/dependency_proxy_auth_controller.rb
@@ -1,8 +1,6 @@
# frozen_string_literal: true
-class Groups::DependencyProxyAuthController < ApplicationController
- include DependencyProxy::Auth
-
+class Groups::DependencyProxyAuthController < ::Groups::DependencyProxy::ApplicationController
feature_category :dependency_proxy
def authenticate
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index e2c104f88a4..f7dc552bd3e 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -1,10 +1,12 @@
# frozen_string_literal: true
-class Groups::DependencyProxyForContainersController < Groups::ApplicationController
- include DependencyProxy::Auth
+class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy::ApplicationController
+ include Gitlab::Utils::StrongMemoize
include DependencyProxy::GroupAccess
include SendFileUpload
+ include ::PackagesHelper # for event tracking
+ before_action :ensure_group
before_action :ensure_token_granted!
before_action :ensure_feature_enabled!
@@ -22,6 +24,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
response.headers['Etag'] = "\"#{result[:manifest].digest}\""
content_type = result[:manifest].content_type
+ event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache])
+ track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
send_upload(
result[:manifest].file,
proxy: true,
@@ -38,6 +42,8 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
.new(group, image, token, params[:sha]).execute
if result[:status] == :success
+ event_name = tracking_event_name(object_type: :blob, from_cache: result[:from_cache])
+ track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
send_upload(result[:blob].file)
else
head result[:http_status]
@@ -46,6 +52,12 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
private
+ def group
+ strong_memoize(:group) do
+ Group.find_by_full_path(params[:group_id], follow_redirects: request.get?)
+ end
+ end
+
def image
params[:image]
end
@@ -54,11 +66,22 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
params[:tag]
end
+ def tracking_event_name(object_type:, from_cache:)
+ event_name = "pull_#{object_type}"
+ event_name = "#{event_name}_from_cache" if from_cache
+
+ event_name
+ end
+
def dependency_proxy
@dependency_proxy ||=
group.dependency_proxy_setting || group.create_dependency_proxy_setting
end
+ def ensure_group
+ render_404 unless group
+ end
+
def ensure_feature_enabled!
render_404 unless dependency_proxy.enabled
end
diff --git a/app/controllers/groups/email_campaigns_controller.rb b/app/controllers/groups/email_campaigns_controller.rb
index d4c7b31c4b8..70c8a23d918 100644
--- a/app/controllers/groups/email_campaigns_controller.rb
+++ b/app/controllers/groups/email_campaigns_controller.rb
@@ -38,10 +38,12 @@ class Groups::EmailCampaignsController < Groups::ApplicationController
create_track_url
when :verify
project_pipelines_url(group.projects.first)
- when :trial
+ when :trial, :trial_short
'https://about.gitlab.com/free-trial/'
- when :team
+ when :team, :team_short
group_group_members_url(group)
+ when :admin_verify
+ project_settings_ci_cd_path(group.projects.first, ci_runner_templates: true, anchor: 'js-runners-settings')
end
end
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index d5e7653dea2..9b8d5cfe476 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -29,7 +29,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
.new(@group, current_user, params: filter_params)
.execute(include_relations: requested_relations)
- if can_manage_members?
+ if can?(current_user, :admin_group_member, @group)
@skip_groups = @group.related_group_ids
@invited_members = @members.invite
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index 1cff658dd52..dbbfdd76fe8 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -1,14 +1,21 @@
# frozen_string_literal: true
class Groups::RunnersController < Groups::ApplicationController
- # Proper policies should be implemented per
- # https://gitlab.com/gitlab-org/gitlab-foss/issues/45894
+ # TODO Proper policies, such as `read_group_runners, should be implemented per
+ # https://gitlab.com/gitlab-org/gitlab/-/issues/334802
before_action :authorize_admin_group!
-
+ before_action :runner_list_group_view_vue_ui_enabled, only: [:index]
before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
feature_category :runner
+ def index
+ end
+
+ def runner_list_group_view_vue_ui_enabled
+ return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml)
+ end
+
def show
end
diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb
index 88c709e3f53..0f40c9bfd2c 100644
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -60,6 +60,7 @@ module Groups
def define_variables
define_ci_variables
+ define_view_variables
end
def define_ci_variables
@@ -69,6 +70,10 @@ module Groups
.map { |variable| variable.present(current_user: current_user) }
end
+ def define_view_variables
+ @content_class = 'limit-container-width' unless fluid_layout
+ end
+
def authorize_admin_group!
return render_404 unless can?(current_user, :admin_group, group)
end
diff --git a/app/controllers/groups/settings/integrations_controller.rb b/app/controllers/groups/settings/integrations_controller.rb
index 8e3b2cb5d1b..a7a1de03224 100644
--- a/app/controllers/groups/settings/integrations_controller.rb
+++ b/app/controllers/groups/settings/integrations_controller.rb
@@ -26,10 +26,6 @@ module Groups
def find_or_initialize_non_project_specific_integration(name)
Integration.find_or_initialize_non_project_specific_integration(name, group_id: group.id)
end
-
- def scoped_edit_integration_path(integration)
- edit_group_settings_integration_path(group, integration)
- end
end
end
end
View Lorry Controller Status