summaryrefslogtreecommitdiff
path: root/app/controllers/projects
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/projects')
-rw-r--r--app/controllers/projects/artifacts_controller.rb17
-rw-r--r--app/controllers/projects/builds_controller.rb2
-rw-r--r--app/controllers/projects/commit_controller.rb2
-rw-r--r--app/controllers/projects/environments_controller.rb49
-rw-r--r--app/controllers/projects/pipelines_controller.rb2
-rw-r--r--app/controllers/projects/project_members_controller.rb36
-rw-r--r--app/controllers/projects/todos_controller.rb31
-rw-r--r--app/controllers/projects/wikis_controller.rb3
8 files changed, 110 insertions, 32 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index 832d7deb57d..f11c8321464 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -1,22 +1,18 @@
class Projects::ArtifactsController < Projects::ApplicationController
layout 'project'
before_action :authorize_read_build!
+ before_action :authorize_update_build!, only: [:keep]
+ before_action :validate_artifacts!
def download
unless artifacts_file.file_storage?
return redirect_to artifacts_file.url
end
- unless artifacts_file.exists?
- return render_404
- end
-
send_file artifacts_file.path, disposition: 'attachment'
end
def browse
- return render_404 unless build.artifacts?
-
directory = params[:path] ? "#{params[:path]}/" : ''
@entry = build.artifacts_metadata_entry(directory)
@@ -34,8 +30,17 @@ class Projects::ArtifactsController < Projects::ApplicationController
end
end
+ def keep
+ build.keep_artifacts!
+ redirect_to namespace_project_build_path(project.namespace, project, build)
+ end
+
private
+ def validate_artifacts!
+ render_404 unless build.artifacts?
+ end
+
def build
@build ||= project.builds.find_by!(id: params[:build_id])
end
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 14c82826342..ef3051d7519 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -51,7 +51,7 @@ class Projects::BuildsController < Projects::ApplicationController
return render_404
end
- build = Ci::Build.retry(@build)
+ build = Ci::Build.retry(@build, current_user)
redirect_to build_path(build)
end
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 20637fa46fe..6751737d15e 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -46,7 +46,7 @@ class Projects::CommitController < Projects::ApplicationController
def retry_builds
ci_builds.latest.failed.each do |build|
if build.retryable?
- Ci::Build.retry(build)
+ Ci::Build.retry(build, current_user)
end
end
diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb
new file mode 100644
index 00000000000..4b433796161
--- /dev/null
+++ b/app/controllers/projects/environments_controller.rb
@@ -0,0 +1,49 @@
+class Projects::EnvironmentsController < Projects::ApplicationController
+ layout 'project'
+ before_action :authorize_read_environment!
+ before_action :authorize_create_environment!, only: [:new, :create]
+ before_action :authorize_update_environment!, only: [:destroy]
+ before_action :environment, only: [:show, :destroy]
+
+ def index
+ @environments = project.environments
+ end
+
+ def show
+ @deployments = environment.deployments.order(id: :desc).page(params[:page])
+ end
+
+ def new
+ @environment = project.environments.new
+ end
+
+ def create
+ @environment = project.environments.create(create_params)
+
+ if @environment.persisted?
+ redirect_to namespace_project_environment_path(project.namespace, project, @environment)
+ else
+ render 'new'
+ end
+ end
+
+ def destroy
+ if @environment.destroy
+ flash[:notice] = 'Environment was successfully removed.'
+ else
+ flash[:alert] = 'Failed to remove environment.'
+ end
+
+ redirect_to namespace_project_environments_path(project.namespace, project)
+ end
+
+ private
+
+ def create_params
+ params.require(:environment).permit(:name)
+ end
+
+ def environment
+ @environment ||= project.environments.find(params[:id])
+ end
+end
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index cac440ae53e..127bd1a4318 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -32,7 +32,7 @@ class Projects::PipelinesController < Projects::ApplicationController
end
def retry
- pipeline.retry_failed
+ pipeline.retry_failed(current_user)
redirect_back_or_default default: namespace_project_pipelines_path(project.namespace, project)
end
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index cdea5f0b776..35d067cd029 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -1,10 +1,12 @@
class Projects::ProjectMembersController < Projects::ApplicationController
+ include MembershipActions
+
# Authorize
- before_action :authorize_admin_project_member!, except: [:leave, :index]
+ before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
def index
@project_members = @project.project_members
- @project_members = @project_members.non_invite unless can?(current_user, :admin_project, @project)
+ @project_members = @project_members.non_pending unless can?(current_user, :admin_project, @project)
if params[:search].present?
users = @project.users.search(params[:search]).to_a
@@ -14,9 +16,10 @@ class Projects::ProjectMembersController < Projects::ApplicationController
@project_members = @project_members.order('access_level DESC')
@group = @project.group
+
if @group
@group_members = @group.group_members
- @group_members = @group_members.non_invite unless can?(current_user, :admin_group, @group)
+ @group_members = @group_members.non_pending unless can?(current_user, :admin_group, @group)
if params[:search].present?
users = @group.users.search(params[:search]).to_a
@@ -73,26 +76,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
end
end
- def leave
- @project_member = @project.project_members.find_by(user_id: current_user)
-
- if can?(current_user, :destroy_project_member, @project_member)
- @project_member.destroy
-
- respond_to do |format|
- format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
- format.js { head :ok }
- end
- else
- if current_user == @project.owner
- message = 'You can not leave your own project. Transfer or delete the project.'
- redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
- else
- render_403
- end
- end
- end
-
def apply_import
source_project = Project.find(params[:source_project_id])
@@ -112,4 +95,11 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def member_params
params.require(:project_member).permit(:user_id, :access_level)
end
+
+ # MembershipActions concern
+ alias_method :membershipable, :project
+
+ def cannot_leave?
+ current_user == @project.owner
+ end
end
diff --git a/app/controllers/projects/todos_controller.rb b/app/controllers/projects/todos_controller.rb
new file mode 100644
index 00000000000..a51bd5e2b49
--- /dev/null
+++ b/app/controllers/projects/todos_controller.rb
@@ -0,0 +1,31 @@
+class Projects::TodosController < Projects::ApplicationController
+ def create
+ todos = TodoService.new.mark_todo(issuable, current_user)
+
+ render json: {
+ todo: todos,
+ count: current_user.todos.pending.count,
+ }
+ end
+
+ def update
+ current_user.todos.find_by_id(params[:id]).update(state: :done)
+
+ render json: {
+ count: current_user.todos.pending.count,
+ }
+ end
+
+ private
+
+ def issuable
+ @issuable ||= begin
+ case params[:issuable_type]
+ when "issue"
+ @project.issues.find(params[:issuable_id])
+ when "merge_request"
+ @project.merge_requests.find(params[:issuable_id])
+ end
+ end
+ end
+end
diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb
index 2aa6bed0724..7ec1e73b3be 100644
--- a/app/controllers/projects/wikis_controller.rb
+++ b/app/controllers/projects/wikis_controller.rb
@@ -16,6 +16,9 @@ class Projects::WikisController < Projects::ApplicationController
if @page
render 'show'
elsif file = @project_wiki.find_file(params[:id], params[:version_id])
+ response.headers['Content-Security-Policy'] = "default-src 'none'"
+ response.headers['X-Content-Security-Policy'] = "default-src 'none'"
+
if file.on_disk?
send_file file.on_disk_path, disposition: 'inline'
else
View Lorry Controller Status