diff options
Diffstat (limited to 'app/controllers/projects')
31 files changed, 205 insertions, 67 deletions
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb index cf432cfb429..f678e19d05d 100644 --- a/app/controllers/projects/autocomplete_sources_controller.rb +++ b/app/controllers/projects/autocomplete_sources_controller.rb @@ -2,8 +2,9 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController before_action :authorize_read_milestone!, only: :milestones + before_action :authorize_read_crm_contact!, only: :contacts - feature_category :team_planning, [:issues, :labels, :milestones, :commands] + feature_category :team_planning, [:issues, :labels, :milestones, :commands, :contacts] feature_category :code_review, [:merge_requests] feature_category :users, [:members] feature_category :snippets, [:snippets] @@ -38,6 +39,10 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController render json: autocomplete_service.snippets end + def contacts + render json: autocomplete_service.contacts + end + private def autocomplete_service @@ -49,6 +54,10 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController .new(project, current_user) .execute(params[:type], params[:type_id]) end + + def authorize_read_crm_contact! + render_404 unless can?(current_user, :read_crm_contact, project.root_ancestor) + end end Projects::AutocompleteSourcesController.prepend_mod_with('Projects::AutocompleteSourcesController') diff --git a/app/controllers/projects/badges_controller.rb b/app/controllers/projects/badges_controller.rb index 8023e51b552..42bd87e1c01 100644 --- a/app/controllers/projects/badges_controller.rb +++ b/app/controllers/projects/badges_controller.rb @@ -8,6 +8,7 @@ class Projects::BadgesController < Projects::ApplicationController feature_category :continuous_integration, [:index, :pipeline] feature_category :code_testing, [:coverage] + feature_category :release_orchestration, [:release] def pipeline pipeline_status = Gitlab::Ci::Badge::Pipeline::Status @@ -34,6 +35,17 @@ class Projects::BadgesController < Projects::ApplicationController render_badge coverage_report end + def release + latest_release = Gitlab::Ci::Badge::Release::LatestRelease + .new(project, current_user, opts: { + key_text: params[:key_text], + key_width: params[:key_width], + order_by: params[:order_by] + }) + + render_badge latest_release + end + private def badge_layout diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb index adaa47b48cb..0170cff6160 100644 --- a/app/controllers/projects/boards_controller.rb +++ b/app/controllers/projects/boards_controller.rb @@ -11,8 +11,8 @@ class Projects::BoardsController < Projects::ApplicationController push_frontend_feature_flag(:board_multi_select, project, default_enabled: :yaml) push_frontend_feature_flag(:iteration_cadences, project&.group, default_enabled: :yaml) experiment(:prominent_create_board_btn, subject: current_user) do |e| - e.use { } - e.try { } + e.control { } + e.candidate { } end.run end diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 63ac5f97420..dad73c37fea 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -131,11 +131,28 @@ class Projects::BranchesController < Projects::ApplicationController private def sort_value_for_mode - return params[:sort] if params[:sort].present? + custom_sort || default_sort + end + + def custom_sort + sort = params[:sort].presence + + unless sort.in?(supported_sort_options) + flash.now[:alert] = _("Unsupported sort value.") + sort = nil + end + sort + end + + def default_sort 'stale' == @mode ? sort_value_oldest_updated : sort_value_recently_updated end + def supported_sort_options + [nil, sort_value_name, sort_value_oldest_updated, sort_value_recently_updated] + end + # It can be expensive to calculate the diverging counts for each # branch. Normally the frontend should be specifying a set of branch # names, but prior to diff --git a/app/controllers/projects/cluster_agents_controller.rb b/app/controllers/projects/cluster_agents_controller.rb index 404d3907128..84bb01ee266 100644 --- a/app/controllers/projects/cluster_agents_controller.rb +++ b/app/controllers/projects/cluster_agents_controller.rb @@ -16,7 +16,7 @@ class Projects::ClusterAgentsController < Projects::ApplicationController private def authorize_can_read_cluster_agent! - return if can?(current_user, :admin_cluster, project) + return if can?(current_user, :read_cluster, project) access_denied! end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 8f45fa1cb9f..440375bf3c9 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -6,6 +6,7 @@ class Projects::ClustersController < Clusters::ClustersController before_action do push_frontend_feature_flag(:prometheus_computed_alerts) + push_frontend_feature_flag(:show_gitlab_agent_feedback, type: :ops, default_enabled: :yaml) end layout 'project' diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index 62935e133c5..0ce0b8b8895 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -92,6 +92,8 @@ class Projects::CommitController < Projects::ApplicationController end def branches + return git_not_found! unless commit + # branch_names_contains/tag_names_contains can take a long time when there are thousands of # branches/tags - each `git branch --contains xxx` request can consume a cpu core. # so only do the query when there are a manageable number of branches/tags diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index 1ca35903703..82a13b60b13 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -67,11 +67,11 @@ class Projects::CommitsController < Projects::ApplicationController def set_commits render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present? - limit = params[:limit].to_i + limit = permitted_params[:limit].to_i @limit = limit > 0 ? limit : COMMITS_DEFAULT_LIMIT # limit can only ever be a positive number - @offset = (params[:offset] || 0).to_i - search = params[:search] - author = params[:author] + @offset = (permitted_params[:offset] || 0).to_i + search = permitted_params[:search] + author = permitted_params[:author] @commits = if search.present? @@ -87,4 +87,8 @@ class Projects::CommitsController < Projects::ApplicationController @commits = @commits.with_latest_pipeline(@ref) @commits = set_commits_for_rendering(@commits) end + + def permitted_params + params.permit(:limit, :offset, :search, :author) + end end diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 07f7c1cf7de..243cc7a346c 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -28,6 +28,7 @@ class Projects::CompareController < Projects::ApplicationController COMMIT_DIFFS_PER_PAGE = 20 def index + compare_params end def show @@ -44,9 +45,9 @@ class Projects::CompareController < Projects::ApplicationController def create from_to_vars = { - from: params[:from].presence, - to: params[:to].presence, - from_project_id: params[:from_project_id].presence + from: compare_params[:from].presence, + to: compare_params[:to].presence, + from_project_id: compare_params[:from_project_id].presence } if from_to_vars[:from].blank? || from_to_vars[:to].blank? @@ -87,10 +88,10 @@ class Projects::CompareController < Projects::ApplicationController # target == start_ref == from def target_project strong_memoize(:target_project) do - next source_project unless params.key?(:from_project_id) - next source_project if params[:from_project_id].to_i == source_project.id + next source_project unless compare_params.key?(:from_project_id) + next source_project if compare_params[:from_project_id].to_i == source_project.id - target_project = target_projects(source_project).find_by_id(params[:from_project_id]) + target_project = target_projects(source_project).find_by_id(compare_params[:from_project_id]) # Just ignore the field if it points at a non-existent or hidden project next source_project unless target_project && can?(current_user, :download_code, target_project) @@ -111,13 +112,13 @@ class Projects::CompareController < Projects::ApplicationController end def start_ref - @start_ref ||= Addressable::URI.unescape(params[:from]) + @start_ref ||= Addressable::URI.unescape(compare_params[:from]) end def head_ref return @ref if defined?(@ref) - @ref = @head_ref = Addressable::URI.unescape(params[:to]) + @ref = @head_ref = Addressable::URI.unescape(compare_params[:to]) end def define_commits @@ -146,4 +147,8 @@ class Projects::CompareController < Projects::ApplicationController .find_by(source_project: source_project, source_branch: head_ref, target_branch: start_ref) end # rubocop: enable CodeReuse/ActiveRecord + + def compare_params + @compare_params ||= params.permit(:from, :to, :from_project_id) + end end diff --git a/app/controllers/projects/design_management/designs_controller.rb b/app/controllers/projects/design_management/designs_controller.rb index 550d8578396..2aa48249c0e 100644 --- a/app/controllers/projects/design_management/designs_controller.rb +++ b/app/controllers/projects/design_management/designs_controller.rb @@ -4,6 +4,7 @@ class Projects::DesignManagement::DesignsController < Projects::ApplicationContr before_action :authorize_read_design! feature_category :design_management + urgency :low private diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb index ba83f8dad35..475c41eec9c 100644 --- a/app/controllers/projects/forks_controller.rb +++ b/app/controllers/projects/forks_controller.rb @@ -22,14 +22,14 @@ class Projects::ForksController < Projects::ApplicationController end def index - @sort = params[:sort] + @sort = forks_params[:sort] @total_forks_count = project.forks.size @public_forks_count = project.forks.public_only.size @private_forks_count = @total_forks_count - project.forks.public_and_internal_only.size @internal_forks_count = @total_forks_count - @public_forks_count - @private_forks_count - @forks = load_forks.page(params[:page]) + @forks = load_forks.page(forks_params[:page]) prepare_projects_for_rendering(@forks) @@ -98,7 +98,7 @@ class Projects::ForksController < Projects::ApplicationController def load_forks forks = ForkProjectsFinder.new( project, - params: params.merge(search: params[:filter_projects]), + params: forks_params.merge(search: forks_params[:filter_projects]), current_user: current_user ).execute @@ -117,6 +117,10 @@ class Projects::ForksController < Projects::ApplicationController end end + def forks_params + params.permit(:filter_projects, :sort, :page) + end + def fork_params params.permit(:path, :name, :description, :visibility).tap do |param| param[:namespace] = fork_namespace diff --git a/app/controllers/projects/google_cloud/deployments_controller.rb b/app/controllers/projects/google_cloud/deployments_controller.rb index 4e7fd73e378..1941eb8a5f9 100644 --- a/app/controllers/projects/google_cloud/deployments_controller.rb +++ b/app/controllers/projects/google_cloud/deployments_controller.rb @@ -4,10 +4,63 @@ class Projects::GoogleCloud::DeploymentsController < Projects::GoogleCloud::Base before_action :validate_gcp_token! def cloud_run - render json: "Placeholder" + params = { token_in_session: token_in_session } + enable_cloud_run_response = GoogleCloud::EnableCloudRunService + .new(project, current_user, params).execute + + if enable_cloud_run_response[:status] == :error + flash[:error] = enable_cloud_run_response[:message] + redirect_to project_google_cloud_index_path(project) + else + params = { action: GoogleCloud::GeneratePipelineService::ACTION_DEPLOY_TO_CLOUD_RUN } + generate_pipeline_response = GoogleCloud::GeneratePipelineService + .new(project, current_user, params).execute + + if generate_pipeline_response[:status] == :error + flash[:error] = 'Failed to generate pipeline' + redirect_to project_google_cloud_index_path(project) + else + cloud_run_mr_params = cloud_run_mr_params(generate_pipeline_response[:branch_name]) + redirect_to project_new_merge_request_path(project, merge_request: cloud_run_mr_params) + end + end + rescue Google::Apis::ClientError => error + handle_gcp_error(error, project) end def cloud_storage render json: "Placeholder" end + + private + + def cloud_run_mr_params(branch_name) + { + title: cloud_run_mr_title, + description: cloud_run_mr_description(branch_name), + source_project_id: project.id, + target_project_id: project.id, + source_branch: branch_name, + target_branch: project.default_branch + } + end + + def cloud_run_mr_title + 'Enable deployments to Cloud Run' + end + + def cloud_run_mr_description(branch_name) + <<-TEXT +This merge request includes a Cloud Run deployment job in the pipeline definition (.gitlab-ci.yml). + +The `deploy-to-cloud-run` job: +* Requires the following environment variables + * `GCP_PROJECT_ID` + * `GCP_SERVICE_ACCOUNT_KEY` +* Job definition can be found at: https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library + +This pipeline definition has been committed to the branch `#{branch_name}`. +You may modify the pipeline definition further or accept the changes as-is if suitable. + TEXT + end end diff --git a/app/controllers/projects/google_cloud_controller.rb b/app/controllers/projects/google_cloud_controller.rb index 1fa8ae60376..206a8c7e391 100644 --- a/app/controllers/projects/google_cloud_controller.rb +++ b/app/controllers/projects/google_cloud_controller.rb @@ -6,6 +6,8 @@ class Projects::GoogleCloudController < Projects::GoogleCloud::BaseController screen: 'home', serviceAccounts: GoogleCloud::ServiceAccountsService.new(project).find_for_project, createServiceAccountUrl: project_google_cloud_service_accounts_path(project), + enableCloudRunUrl: project_google_cloud_deployments_cloud_run_path(project), + enableCloudStorageUrl: project_google_cloud_deployments_cloud_storage_path(project), emptyIllustrationUrl: ActionController::Base.helpers.image_path('illustrations/pipelines_empty.svg') }.to_json end diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb index 27893fe510d..6bc81381d92 100644 --- a/app/controllers/projects/group_links_controller.rb +++ b/app/controllers/projects/group_links_controller.rb @@ -28,7 +28,7 @@ class Projects::GroupLinksController < Projects::ApplicationController if group_link.expires? render json: { - expires_in: helpers.distance_of_time_in_words_to_now(group_link.expires_at), + expires_in: helpers.time_ago_with_tooltip(group_link.expires_at), expires_soon: group_link.expires_soon? } else diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 785fbdaa611..1b98810b09b 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -10,7 +10,7 @@ class Projects::IssuesController < Projects::ApplicationController include RecordUserLastActivity ISSUES_EXCEPT_ACTIONS = %i[index calendar new create bulk_update import_csv export_csv service_desk].freeze - SET_ISSUABLES_INDEX_ONLY_ACTIONS = %i[index calendar service_desk].freeze + SET_ISSUABLES_INDEX_ONLY_ACTIONS = %i[calendar service_desk].freeze prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) } @@ -42,18 +42,20 @@ class Projects::IssuesController < Projects::ApplicationController if: -> { Feature.disabled?('rate_limited_service_issues_create', project, default_enabled: :yaml) } before_action do - push_frontend_feature_flag(:tribute_autocomplete, @project) push_frontend_feature_flag(:improved_emoji_picker, project, default_enabled: :yaml) push_frontend_feature_flag(:vue_issues_list, project&.group, default_enabled: :yaml) push_frontend_feature_flag(:iteration_cadences, project&.group, default_enabled: :yaml) + push_frontend_feature_flag(:contacts_autocomplete, project&.group, default_enabled: :yaml) + push_frontend_feature_flag(:markdown_continue_lists, project, default_enabled: :yaml) end before_action only: :show do - push_frontend_feature_flag(:real_time_issue_sidebar, @project, default_enabled: :yaml) + push_frontend_feature_flag(:real_time_issue_sidebar, project, default_enabled: :yaml) push_frontend_feature_flag(:confidential_notes, project&.group, default_enabled: :yaml) - push_frontend_feature_flag(:issue_assignees_widget, @project, default_enabled: :yaml) - push_frontend_feature_flag(:paginated_issue_discussions, @project, default_enabled: :yaml) - push_frontend_feature_flag(:fix_comment_scroll, @project, default_enabled: :yaml) + push_frontend_feature_flag(:issue_assignees_widget, project, default_enabled: :yaml) + push_frontend_feature_flag(:paginated_issue_discussions, project, default_enabled: :yaml) + push_frontend_feature_flag(:fix_comment_scroll, project, default_enabled: :yaml) + push_frontend_feature_flag(:work_items, project, default_enabled: :yaml) end around_action :allow_gitaly_ref_name_caching, only: [:discussions] @@ -71,11 +73,14 @@ class Projects::IssuesController < Projects::ApplicationController ] feature_category :service_desk, [:service_desk] + urgency :low, [:service_desk] feature_category :importers, [:import_csv, :export_csv] attr_accessor :vulnerability_id def index + set_issuables_index if !html_request? || Feature.disabled?(:vue_issues_list, project&.group, default_enabled: :yaml) + @issues = @issuables respond_to do |format| @@ -317,7 +322,7 @@ class Projects::IssuesController < Projects::ApplicationController end def reorder_params - params.permit(:move_before_id, :move_after_id, :group_full_path) + params.permit(:move_before_id, :move_after_id) end def store_uri diff --git a/app/controllers/projects/merge_requests/drafts_controller.rb b/app/controllers/projects/merge_requests/drafts_controller.rb index 645720a0889..686d2c1dc1f 100644 --- a/app/controllers/projects/merge_requests/drafts_controller.rb +++ b/app/controllers/projects/merge_requests/drafts_controller.rb @@ -92,7 +92,8 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli :commit_id, :note, :position, - :resolve_discussion + :resolve_discussion, + :line_code ).tap do |h| # Old FE version will still be sending `draft_note[commit_id]` as 'undefined'. # That can result to having a note linked to a commit with 'undefined' ID diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index f936aeb0084..6445f920db5 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -30,24 +30,31 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo before_action :set_issuables_index, only: [:index] before_action :authenticate_user!, only: [:assign_related_issues] before_action :check_user_can_push_to_source_branch!, only: [:rebase] + before_action only: [:index, :show] do + push_frontend_feature_flag(:mr_attention_requests, project, default_enabled: :yaml) + end + before_action only: [:show] do push_frontend_feature_flag(:file_identifier_hash) - push_frontend_feature_flag(:merge_request_widget_graphql, @project, default_enabled: :yaml) - push_frontend_feature_flag(:default_merge_ref_for_diffs, @project, default_enabled: :yaml) - push_frontend_feature_flag(:core_security_mr_widget_counts, @project) - push_frontend_feature_flag(:paginated_notes, @project, default_enabled: :yaml) - push_frontend_feature_flag(:confidential_notes, @project, default_enabled: :yaml) + push_frontend_feature_flag(:merge_request_widget_graphql, project, default_enabled: :yaml) + push_frontend_feature_flag(:default_merge_ref_for_diffs, project, default_enabled: :yaml) + push_frontend_feature_flag(:core_security_mr_widget_counts, project) + push_frontend_feature_flag(:paginated_notes, project, default_enabled: :yaml) + push_frontend_feature_flag(:confidential_notes, project, default_enabled: :yaml) push_frontend_feature_flag(:improved_emoji_picker, project, default_enabled: :yaml) - push_frontend_feature_flag(:diffs_virtual_scrolling, project, default_enabled: :yaml) push_frontend_feature_flag(:restructured_mr_widget, project, default_enabled: :yaml) - push_frontend_feature_flag(:mr_changes_fluid_layout, project, default_enabled: :yaml) - push_frontend_feature_flag(:mr_attention_requests, project, default_enabled: :yaml) - push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml) - push_frontend_feature_flag(:rebase_without_ci_ui, @project, default_enabled: :yaml) + push_frontend_feature_flag(:refactor_mr_widgets_extensions, project, default_enabled: :yaml) + push_frontend_feature_flag(:rebase_without_ci_ui, project, default_enabled: :yaml) + push_frontend_feature_flag(:rearrange_pipelines_table, project, default_enabled: :yaml) + push_frontend_feature_flag(:markdown_continue_lists, project, default_enabled: :yaml) # Usage data feature flags - push_frontend_feature_flag(:users_expanding_widgets_usage_data, @project, default_enabled: :yaml) + push_frontend_feature_flag(:users_expanding_widgets_usage_data, project, default_enabled: :yaml) push_frontend_feature_flag(:diff_settings_usage_data, default_enabled: :yaml) - push_frontend_feature_flag(:diff_searching_usage_data, @project, default_enabled: :yaml) + push_frontend_feature_flag(:usage_data_diff_searches, project, default_enabled: :yaml) + end + + before_action do + push_frontend_feature_flag(:permit_all_shared_groups_for_approval, @project, default_enabled: :yaml) end around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :discussions] @@ -100,10 +107,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo # rubocop:disable Metrics/AbcSize def show close_merge_request_if_no_source_project - - if Feature.disabled?(:check_mergeability_async_in_widget, @project, default_enabled: :yaml) - @merge_request.check_mergeability(async: true) - end + @merge_request.check_mergeability(async: true) respond_to do |format| format.html do @@ -504,6 +508,8 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo .can_push_to_branch?(@merge_request.source_branch) access_denied! unless access_check + + access_denied! unless merge_request.permits_force_push? end def merge_access_check diff --git a/app/controllers/projects/packages/infrastructure_registry_controller.rb b/app/controllers/projects/packages/infrastructure_registry_controller.rb index c02a0a56e03..2fe353b7acb 100644 --- a/app/controllers/projects/packages/infrastructure_registry_controller.rb +++ b/app/controllers/projects/packages/infrastructure_registry_controller.rb @@ -9,11 +9,7 @@ module Projects def show @package = project.packages.find(params[:id]) - @package_files = if Feature.enabled?(:packages_installable_package_files, default_enabled: :yaml) - @package.installable_package_files.recent - else - @package.package_files.recent - end + @package_files = @package.installable_package_files.recent end end end diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb index 71dc67bb6dc..7f680bbf121 100644 --- a/app/controllers/projects/pipelines_controller.rb +++ b/app/controllers/projects/pipelines_controller.rb @@ -13,6 +13,9 @@ class Projects::PipelinesController < Projects::ApplicationController before_action :authorize_create_pipeline!, only: [:new, :create, :config_variables] before_action :authorize_update_pipeline!, only: [:retry, :cancel] before_action :ensure_pipeline, only: [:show, :downloadable_artifacts] + before_action do + push_frontend_feature_flag(:rearrange_pipelines_table, project, default_enabled: :yaml) + end before_action do push_frontend_feature_flag(:jobs_tab_vue, @project, default_enabled: :yaml) diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index e8074f7d793..dc0614c6bdd 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -13,8 +13,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController def index @sort = params[:sort].presence || sort_value_name - @skip_groups = @project.invited_group_ids - @skip_groups += @project.group.self_and_ancestors_ids if @project.group + @skip_groups = @project.related_group_ids @group_links = @project.project_group_links @group_links = @group_links.search(params[:search_groups]) if params[:search_groups].present? diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 73eb6bb2bf2..b070f9419fc 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -18,7 +18,7 @@ class Projects::RefsController < Projects::ApplicationController respond_to do |format| format.html do new_path = - case params[:destination] + case permitted_params[:destination] when "tree" project_tree_path(@project, @id) when "blob" @@ -45,7 +45,7 @@ class Projects::RefsController < Projects::ApplicationController def logs_tree tree_summary = ::Gitlab::TreeSummary.new( @commit, @project, current_user, - path: @path, offset: params[:offset], limit: 25) + path: @path, offset: permitted_params[:offset], limit: 25) respond_to do |format| format.html { render_404 } @@ -62,6 +62,10 @@ class Projects::RefsController < Projects::ApplicationController private def validate_ref_id - return not_found! if params[:id].present? && params[:id] !~ Gitlab::PathRegex.git_reference_regex + return not_found if permitted_params[:id].present? && permitted_params[:id] !~ Gitlab::PathRegex.git_reference_regex + end + + def permitted_params + params.permit(:id, :offset, :destination) end end diff --git a/app/controllers/projects/repositories_controller.rb b/app/controllers/projects/repositories_controller.rb index 77826a2f789..9fc75fff807 100644 --- a/app/controllers/projects/repositories_controller.rb +++ b/app/controllers/projects/repositories_controller.rb @@ -23,7 +23,7 @@ class Projects::RepositoriesController < Projects::ApplicationController feature_category :source_code_management def create - @project.create_repository + @project.create_repository unless @project.repository_exists? redirect_to project_path(@project) end diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb index 62a9f8a4625..192a29730d9 100644 --- a/app/controllers/projects/runners_controller.rb +++ b/app/controllers/projects/runners_controller.rb @@ -23,7 +23,7 @@ class Projects::RunnersController < Projects::ApplicationController def destroy if @runner.only_for?(project) - @runner.destroy + Ci::UnregisterRunnerService.new(@runner).execute end redirect_to project_runners_path(@project), status: :found diff --git a/app/controllers/projects/security/configuration_controller.rb b/app/controllers/projects/security/configuration_controller.rb index 14f765814e6..7b799cc0aa6 100644 --- a/app/controllers/projects/security/configuration_controller.rb +++ b/app/controllers/projects/security/configuration_controller.rb @@ -10,6 +10,8 @@ module Projects def show render_403 unless can?(current_user, :read_security_configuration, project) + @configuration ||= configuration_presenter + respond_to do |format| format.html format.json do diff --git a/app/controllers/projects/service_desk_controller.rb b/app/controllers/projects/service_desk_controller.rb index 1fb07c3a903..aa0e70121df 100644 --- a/app/controllers/projects/service_desk_controller.rb +++ b/app/controllers/projects/service_desk_controller.rb @@ -4,6 +4,7 @@ class Projects::ServiceDeskController < Projects::ApplicationController before_action :authorize_admin_project! feature_category :service_desk + urgency :low def show json_response diff --git a/app/controllers/projects/service_ping_controller.rb b/app/controllers/projects/service_ping_controller.rb index 00530c09be8..368da8d1ef2 100644 --- a/app/controllers/projects/service_ping_controller.rb +++ b/app/controllers/projects/service_ping_controller.rb @@ -13,6 +13,14 @@ class Projects::ServicePingController < Projects::ApplicationController head(200) end + def web_ide_clientside_preview_success + return render_404 unless Gitlab::CurrentSettings.web_ide_clientside_preview_enabled? + + Gitlab::UsageDataCounters::WebIdeCounter.increment_previews_success_count + + head(200) + end + def web_ide_pipelines_count Gitlab::UsageDataCounters::WebIdeCounter.increment_pipelines_count diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb index 9896f75c099..1321111faaf 100644 --- a/app/controllers/projects/services_controller.rb +++ b/app/controllers/projects/services_controller.rb @@ -12,9 +12,6 @@ class Projects::ServicesController < Projects::ApplicationController before_action :web_hook_logs, only: [:edit, :update] before_action :set_deprecation_notice_for_prometheus_integration, only: [:edit, :update] before_action :redirect_deprecated_prometheus_integration, only: [:update] - before_action do - push_frontend_feature_flag(:vue_integration_form, current_user, default_enabled: :yaml) - end respond_to :html diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index c71134e0547..dd2fb57f7ac 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -160,6 +160,8 @@ module Projects @badges.map! do |badge| badge.new(@project, @ref).metadata end + + @badges.append(Gitlab::Ci::Badge::Release::LatestRelease.new(@project, current_user).metadata) end def define_auto_devops_variables diff --git a/app/controllers/projects/settings/repository_controller.rb b/app/controllers/projects/settings/repository_controller.rb index d750bd201e2..a28c08e87cb 100644 --- a/app/controllers/projects/settings/repository_controller.rb +++ b/app/controllers/projects/settings/repository_controller.rb @@ -25,7 +25,7 @@ module Projects if result[:status] == :success flash[:notice] = _('Repository cleanup has started. You will receive an email once the cleanup operation is complete.') else - flash[:alert] = status.fetch(:message, _('Failed to upload object map file')) + flash[:alert] = result.fetch(:message, _('Failed to upload object map file')) end redirect_to project_settings_repository_path(project) diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index de0faaca9c0..6472d3c3454 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -16,13 +16,16 @@ class Projects::TagsController < Projects::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def index begin - params[:sort] = params[:sort].presence || sort_value_recently_updated + tags_params = params + .permit(:search, :sort, :per_page, :page_token, :page) + .with_defaults(sort: sort_value_recently_updated) - @sort = params[:sort] + @sort = tags_params[:sort] + @search = tags_params[:search] - @tags = TagsFinder.new(@repository, params).execute + @tags = TagsFinder.new(@repository, tags_params).execute - @tags = Kaminari.paginate_array(@tags).page(params[:page]) + @tags = Kaminari.paginate_array(@tags).page(tags_params[:page]) tag_names = @tags.map(&:name) @tags_pipelines = @project.ci_pipelines.latest_successful_for_refs(tag_names) @@ -31,6 +34,7 @@ class Projects::TagsController < Projects::ApplicationController rescue Gitlab::Git::CommandError => e @tags = [] + @releases = [] @tags_loading_error = e end diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index c15768e7bbb..ed5bd73d6d1 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -6,7 +6,7 @@ class Projects::UploadsController < Projects::ApplicationController # These will kick you out if you don't have access. skip_before_action :project, :repository, - if: -> { action_name == 'show' && embeddable? } + if: -> { bypass_auth_checks_on_uploads? } before_action :authorize_upload_file!, only: [:create, :authorize] before_action :verify_workhorse_api!, only: [:authorize] |