diff options
Diffstat (limited to 'app/services')
22 files changed, 480 insertions, 25 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 2b77f6be72a..f28cddb2af3 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -109,7 +109,7 @@ module Auth case requested_action when 'pull' - build_can_pull?(requested_project) || user_can_pull?(requested_project) + build_can_pull?(requested_project) || user_can_pull?(requested_project) || deploy_token_can_pull?(requested_project) when 'push' build_can_push?(requested_project) || user_can_push?(requested_project) when '*' @@ -123,22 +123,34 @@ module Auth Gitlab.config.registry end + def can_user?(ability, project) + user = current_user.is_a?(User) ? current_user : nil + can?(user, ability, project) + end + def build_can_pull?(requested_project) # Build can: # 1. pull from its own project (for ex. a build) # 2. read images from dependent projects if creator of build is a team member has_authentication_ability?(:build_read_container_image) && - (requested_project == project || can?(current_user, :build_read_container_image, requested_project)) + (requested_project == project || can_user?(:build_read_container_image, requested_project)) end def user_can_admin?(requested_project) has_authentication_ability?(:admin_container_image) && - can?(current_user, :admin_container_image, requested_project) + can_user?(:admin_container_image, requested_project) end def user_can_pull?(requested_project) has_authentication_ability?(:read_container_image) && - can?(current_user, :read_container_image, requested_project) + can_user?(:read_container_image, requested_project) + end + + def deploy_token_can_pull?(requested_project) + has_authentication_ability?(:read_container_image) && + current_user.is_a?(DeployToken) && + current_user.has_access_to?(requested_project) && + current_user.read_registry? end ## @@ -154,7 +166,7 @@ module Auth def user_can_push?(requested_project) has_authentication_ability?(:create_container_image) && - can?(current_user, :create_container_image, requested_project) + can_user?(:create_container_image, requested_project) end def error(code, status:, message: '') diff --git a/app/services/boards/issues/list_service.rb b/app/services/boards/issues/list_service.rb index ecd74b74f8a..ac70a99c2c5 100644 --- a/app/services/boards/issues/list_service.rb +++ b/app/services/boards/issues/list_service.rb @@ -35,6 +35,7 @@ module Boards def filter_params set_parent set_state + set_scope params end @@ -51,6 +52,10 @@ module Boards params[:state] = list && list.closed? ? 'closed' : 'opened' end + def set_scope + params[:include_subgroups] = board.group_board? + end + def board_label_ids @board_label_ids ||= board.lists.movable.pluck(:label_id) end diff --git a/app/services/deploy_tokens/create_service.rb b/app/services/deploy_tokens/create_service.rb new file mode 100644 index 00000000000..52f545947af --- /dev/null +++ b/app/services/deploy_tokens/create_service.rb @@ -0,0 +1,7 @@ +module DeployTokens + class CreateService < BaseService + def execute + @project.deploy_tokens.create(params) + end + end +end diff --git a/app/services/issuable/destroy_service.rb b/app/services/issuable/destroy_service.rb index 7197a426a72..0b1a33518c6 100644 --- a/app/services/issuable/destroy_service.rb +++ b/app/services/issuable/destroy_service.rb @@ -4,6 +4,7 @@ module Issuable TodoService.new.destroy_target(issuable) do |issuable| if issuable.destroy issuable.update_project_counter_caches + issuable.assignees.each(&:invalidate_cache_counts) end end end diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index 91ec702fbc6..1f67e3ecf9d 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -51,9 +51,10 @@ class IssuableBaseService < BaseService return unless milestone_id params[:milestone_id] = '' if milestone_id == IssuableFinder::NONE + group_ids = project.group&.self_and_ancestors&.pluck(:id) milestone = - Milestone.for_projects_and_groups([project.id], [project.group&.id]).find_by_id(milestone_id) + Milestone.for_projects_and_groups([project.id], group_ids).find_by_id(milestone_id) params[:milestone_id] = '' unless milestone end diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb index 4161932ad2a..1374f10c586 100644 --- a/app/services/issues/update_service.rb +++ b/app/services/issues/update_service.rb @@ -90,7 +90,7 @@ module Issues issue = if board_group_id - IssuesFinder.new(current_user, group_id: board_group_id).find_by(id: id) + IssuesFinder.new(current_user, group_id: board_group_id, include_subgroups: true).find_by(id: id) else project.issues.find(id) end diff --git a/app/services/projects/base_move_relations_service.rb b/app/services/projects/base_move_relations_service.rb new file mode 100644 index 00000000000..e8fd3ef57e5 --- /dev/null +++ b/app/services/projects/base_move_relations_service.rb @@ -0,0 +1,22 @@ +module Projects + class BaseMoveRelationsService < BaseService + attr_reader :source_project + def execute(source_project, remove_remaining_elements: true) + return if source_project.blank? + + @source_project = source_project + + true + end + + private + + def prepare_relation(relation, id_param = :id) + if Gitlab::Database.postgresql? + relation + else + relation.model.where("#{id_param}": relation.pluck(id_param)) + end + end + end +end diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index 633e2c8236c..d361d070993 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -96,6 +96,8 @@ module Projects system_hook_service.execute_hooks_for(@project, :create) setup_authorizations + + current_user.invalidate_personal_projects_count end # Refresh the current user's authorizations inline (so they can access the diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb index 4b8f955ae69..aa14206db3b 100644 --- a/app/services/projects/destroy_service.rb +++ b/app/services/projects/destroy_service.rb @@ -34,6 +34,8 @@ module Projects system_hook_service.execute_hooks_for(project, :destroy) log_info("Project \"#{project.full_path}\" was removed") + current_user.invalidate_personal_projects_count + true rescue => error attempt_rollback(project, error.message) @@ -44,6 +46,20 @@ module Projects raise end + def attempt_repositories_rollback + return unless @project + + flush_caches(@project) + + unless mv_repository(removal_path(repo_path), repo_path) + raise_error('Failed to restore project repository. Please contact the administrator.') + end + + unless mv_repository(removal_path(wiki_path), wiki_path) + raise_error('Failed to restore wiki repository. Please contact the administrator.') + end + end + private def repo_path @@ -68,12 +84,9 @@ module Projects # Skip repository removal. We use this flag when remove user or group return true if params[:skip_repo] == true - # There is a possibility project does not have repository or wiki - return true unless gitlab_shell.exists?(project.repository_storage_path, path + '.git') - new_path = removal_path(path) - if gitlab_shell.mv_repository(project.repository_storage_path, path, new_path) + if mv_repository(path, new_path) log_info("Repository \"#{path}\" moved to \"#{new_path}\"") project.run_after_commit do @@ -85,6 +98,13 @@ module Projects end end + def mv_repository(from_path, to_path) + # There is a possibility project does not have repository or wiki + return true unless gitlab_shell.exists?(project.repository_storage_path, from_path + '.git') + + gitlab_shell.mv_repository(project.repository_storage_path, from_path, to_path) + end + def attempt_rollback(project, message) return unless project diff --git a/app/services/projects/gitlab_projects_import_service.rb b/app/services/projects/gitlab_projects_import_service.rb index fb4afb85588..a16268f4fd2 100644 --- a/app/services/projects/gitlab_projects_import_service.rb +++ b/app/services/projects/gitlab_projects_import_service.rb @@ -15,9 +15,18 @@ module Projects file = params.delete(:file) FileUtils.copy_entry(file.path, import_upload_path) + @overwrite = params.delete(:overwrite) + data = {} + data[:override_params] = @override_params if @override_params + + if overwrite_project? + data[:original_path] = params[:path] + params[:path] += "-#{tmp_filename}" + end + params[:import_type] = 'gitlab_project' params[:import_source] = import_upload_path - params[:import_data] = { data: { override_params: @override_params } } if @override_params + params[:import_data] = { data: data } if data.present? ::Projects::CreateService.new(current_user, params).execute end @@ -31,5 +40,17 @@ module Projects def tmp_filename SecureRandom.hex end + + def overwrite_project? + @overwrite && project_with_same_full_path? + end + + def project_with_same_full_path? + Project.find_by_full_path("#{current_namespace.full_path}/#{params[:path]}").present? + end + + def current_namespace + @current_namespace ||= Namespace.find_by(id: params[:namespace_id]) + end end end diff --git a/app/services/projects/move_access_service.rb b/app/services/projects/move_access_service.rb new file mode 100644 index 00000000000..3af3a22d486 --- /dev/null +++ b/app/services/projects/move_access_service.rb @@ -0,0 +1,25 @@ +module Projects + class MoveAccessService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + @project.with_transaction_returning_status do + if @project.namespace != source_project.namespace + @project.run_after_commit do + source_project.namespace.refresh_project_authorizations + self.namespace.refresh_project_authorizations + end + end + + ::Projects::MoveProjectMembersService.new(@project, @current_user) + .execute(source_project, remove_remaining_elements: remove_remaining_elements) + ::Projects::MoveProjectGroupLinksService.new(@project, @current_user) + .execute(source_project, remove_remaining_elements: remove_remaining_elements) + ::Projects::MoveProjectAuthorizationsService.new(@project, @current_user) + .execute(source_project, remove_remaining_elements: remove_remaining_elements) + + success + end + end + end +end diff --git a/app/services/projects/move_deploy_keys_projects_service.rb b/app/services/projects/move_deploy_keys_projects_service.rb new file mode 100644 index 00000000000..dde420655b0 --- /dev/null +++ b/app/services/projects/move_deploy_keys_projects_service.rb @@ -0,0 +1,31 @@ +module Projects + class MoveDeployKeysProjectsService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_deploy_keys_projects + remove_remaining_deploy_keys_projects if remove_remaining_elements + + success + end + end + + private + + def move_deploy_keys_projects + prepare_relation(non_existent_deploy_keys_projects) + .update_all(project_id: @project.id) + end + + def non_existent_deploy_keys_projects + source_project.deploy_keys_projects + .joins(:deploy_key) + .where.not(keys: { fingerprint: @project.deploy_keys.select(:fingerprint) }) + end + + def remove_remaining_deploy_keys_projects + source_project.deploy_keys_projects.destroy_all + end + end +end diff --git a/app/services/projects/move_forks_service.rb b/app/services/projects/move_forks_service.rb new file mode 100644 index 00000000000..d2901ea1457 --- /dev/null +++ b/app/services/projects/move_forks_service.rb @@ -0,0 +1,42 @@ +module Projects + class MoveForksService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super && source_project.fork_network + + Project.transaction(requires_new: true) do + move_forked_project_links + move_fork_network_members + update_root_project + refresh_forks_count + + success + end + end + + private + + def move_forked_project_links + # Update ancestor + ForkedProjectLink.where(forked_to_project: source_project) + .update_all(forked_to_project_id: @project.id) + + # Update the descendants + ForkedProjectLink.where(forked_from_project: source_project) + .update_all(forked_from_project_id: @project.id) + end + + def move_fork_network_members + ForkNetworkMember.where(project: source_project).update_all(project_id: @project.id) + ForkNetworkMember.where(forked_from_project: source_project).update_all(forked_from_project_id: @project.id) + end + + def update_root_project + # Update root network project + ForkNetwork.where(root_project: source_project).update_all(root_project_id: @project.id) + end + + def refresh_forks_count + Projects::ForksCountService.new(@project).refresh_cache + end + end +end diff --git a/app/services/projects/move_lfs_objects_projects_service.rb b/app/services/projects/move_lfs_objects_projects_service.rb new file mode 100644 index 00000000000..298da5f1a82 --- /dev/null +++ b/app/services/projects/move_lfs_objects_projects_service.rb @@ -0,0 +1,29 @@ +module Projects + class MoveLfsObjectsProjectsService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_lfs_objects_projects + remove_remaining_lfs_objects_project if remove_remaining_elements + + success + end + end + + private + + def move_lfs_objects_projects + prepare_relation(non_existent_lfs_objects_projects) + .update_all(project_id: @project.lfs_storage_project.id) + end + + def remove_remaining_lfs_objects_project + source_project.lfs_objects_projects.destroy_all + end + + def non_existent_lfs_objects_projects + source_project.lfs_objects_projects.where.not(lfs_object: @project.lfs_objects) + end + end +end diff --git a/app/services/projects/move_notification_settings_service.rb b/app/services/projects/move_notification_settings_service.rb new file mode 100644 index 00000000000..f7be461a5da --- /dev/null +++ b/app/services/projects/move_notification_settings_service.rb @@ -0,0 +1,38 @@ +module Projects + class MoveNotificationSettingsService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_notification_settings + remove_remaining_notification_settings if remove_remaining_elements + + success + end + end + + private + + def move_notification_settings + prepare_relation(non_existent_notifications) + .update_all(source_id: @project.id) + end + + # Remove remaining notification settings from source_project + def remove_remaining_notification_settings + source_project.notification_settings.destroy_all + end + + # Get users of current notification_settings + def users_in_target_project + @project.notification_settings.select(:user_id) + end + + # Look for notification_settings in source_project that are not in the target project + def non_existent_notifications + source_project.notification_settings + .select(:id) + .where.not(user_id: users_in_target_project) + end + end +end diff --git a/app/services/projects/move_project_authorizations_service.rb b/app/services/projects/move_project_authorizations_service.rb new file mode 100644 index 00000000000..5ef12fc49e5 --- /dev/null +++ b/app/services/projects/move_project_authorizations_service.rb @@ -0,0 +1,40 @@ +# NOTE: This service cannot be used directly because it is part of a +# a bigger process. Instead, use the service MoveAccessService which moves +# project memberships, project group links, authorizations and refreshes +# the authorizations if neccessary +module Projects + class MoveProjectAuthorizationsService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_project_authorizations + + remove_remaining_authorizations if remove_remaining_elements + + success + end + end + + private + + def move_project_authorizations + prepare_relation(non_existent_authorization, :user_id) + .update_all(project_id: @project.id) + end + + def remove_remaining_authorizations + # I think because the Project Authorization table does not have a primary key + # it brings a lot a problems/bugs. First, Rails raises PG::SyntaxException if we use + # destroy_all instead of delete_all. + source_project.project_authorizations.delete_all(:delete_all) + end + + # Look for authorizations in source_project that are not in the target project + def non_existent_authorization + source_project.project_authorizations + .select(:user_id) + .where.not(user: @project.authorized_users) + end + end +end diff --git a/app/services/projects/move_project_group_links_service.rb b/app/services/projects/move_project_group_links_service.rb new file mode 100644 index 00000000000..dbeffd7dae9 --- /dev/null +++ b/app/services/projects/move_project_group_links_service.rb @@ -0,0 +1,40 @@ +# NOTE: This service cannot be used directly because it is part of a +# a bigger process. Instead, use the service MoveAccessService which moves +# project memberships, project group links, authorizations and refreshes +# the authorizations if neccessary +module Projects + class MoveProjectGroupLinksService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_group_links + remove_remaining_project_group_links if remove_remaining_elements + + success + end + end + + private + + def move_group_links + prepare_relation(non_existent_group_links) + .update_all(project_id: @project.id) + end + + # Remove remaining project group links from source_project + def remove_remaining_project_group_links + source_project.reload.project_group_links.destroy_all + end + + def group_links_in_target_project + @project.project_group_links.select(:group_id) + end + + # Look for groups in source_project that are not in the target project + def non_existent_group_links + source_project.project_group_links + .where.not(group_id: group_links_in_target_project) + end + end +end diff --git a/app/services/projects/move_project_members_service.rb b/app/services/projects/move_project_members_service.rb new file mode 100644 index 00000000000..22a5f0a3fe6 --- /dev/null +++ b/app/services/projects/move_project_members_service.rb @@ -0,0 +1,40 @@ +# NOTE: This service cannot be used directly because it is part of a +# a bigger process. Instead, use the service MoveAccessService which moves +# project memberships, project group links, authorizations and refreshes +# the authorizations if neccessary +module Projects + class MoveProjectMembersService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + Project.transaction(requires_new: true) do + move_project_members + remove_remaining_members if remove_remaining_elements + + success + end + end + + private + + def move_project_members + prepare_relation(non_existent_members).update_all(source_id: @project.id) + end + + def remove_remaining_members + # Remove remaining members and authorizations from source_project + source_project.project_members.destroy_all + end + + def project_members_in_target_project + @project.project_members.select(:user_id) + end + + # Look for members in source_project that are not in the target project + def non_existent_members + source_project.members + .select(:id) + .where.not(user_id: @project.project_members.select(:user_id)) + end + end +end diff --git a/app/services/projects/move_users_star_projects_service.rb b/app/services/projects/move_users_star_projects_service.rb new file mode 100644 index 00000000000..079fd5b9685 --- /dev/null +++ b/app/services/projects/move_users_star_projects_service.rb @@ -0,0 +1,20 @@ +module Projects + class MoveUsersStarProjectsService < BaseMoveRelationsService + def execute(source_project, remove_remaining_elements: true) + return unless super + + user_stars = source_project.users_star_projects + + return unless user_stars.any? + + Project.transaction(requires_new: true) do + user_stars.update_all(project_id: @project.id) + + Project.reset_counters @project.id, :users_star_projects + Project.reset_counters source_project.id, :users_star_projects + + success + end + end + end +end diff --git a/app/services/projects/overwrite_project_service.rb b/app/services/projects/overwrite_project_service.rb new file mode 100644 index 00000000000..ce94f147aa9 --- /dev/null +++ b/app/services/projects/overwrite_project_service.rb @@ -0,0 +1,69 @@ +module Projects + class OverwriteProjectService < BaseService + def execute(source_project) + return unless source_project && source_project.namespace == @project.namespace + + Project.transaction do + move_before_destroy_relationships(source_project) + destroy_old_project(source_project) + rename_project(source_project.name, source_project.path) + + @project + end + # Projects::DestroyService can raise Exceptions, but we don't want + # to pass that kind of exception to the caller. Instead, we change it + # for a StandardError exception + rescue Exception => e # rubocop:disable Lint/RescueException + attempt_restore_repositories(source_project) + + if e.class == Exception + raise StandardError, e.message + else + raise + end + end + + private + + def move_before_destroy_relationships(source_project) + options = { remove_remaining_elements: false } + + ::Projects::MoveUsersStarProjectsService.new(@project, @current_user).execute(source_project, options) + ::Projects::MoveAccessService.new(@project, @current_user).execute(source_project, options) + ::Projects::MoveDeployKeysProjectsService.new(@project, @current_user).execute(source_project, options) + ::Projects::MoveNotificationSettingsService.new(@project, @current_user).execute(source_project, options) + ::Projects::MoveForksService.new(@project, @current_user).execute(source_project, options) + ::Projects::MoveLfsObjectsProjectsService.new(@project, @current_user).execute(source_project, options) + add_source_project_to_fork_network(source_project) + end + + def destroy_old_project(source_project) + # Delete previous project (synchronously) and unlink relations + ::Projects::DestroyService.new(source_project, @current_user).execute + end + + def rename_project(name, path) + # Update de project's name and path to the original name/path + ::Projects::UpdateService.new(@project, + @current_user, + { name: name, path: path }) + .execute + end + + def attempt_restore_repositories(project) + ::Projects::DestroyService.new(project, @current_user).attempt_repositories_rollback + end + + def add_source_project_to_fork_network(source_project) + return unless @project.fork_network + + # Because he have moved all references in the fork network from the source_project + # we won't be able to query the database (only through its cached data), + # for its former relationships. That's why we're adding it to the network + # as a fork of the target project + ForkNetworkMember.create!(fork_network: @project.fork_network, + project: source_project, + forked_from_project: @project) + end + end +end diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index 26765e5c3f3..5a23f0f0a62 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -24,6 +24,8 @@ module Projects transfer(project) + current_user.invalidate_personal_projects_count + true rescue Projects::TransferService::TransferError => ex project.reload diff --git a/app/services/projects/update_pages_service.rb b/app/services/projects/update_pages_service.rb index 7e228d1833d..de77f6bf585 100644 --- a/app/services/projects/update_pages_service.rb +++ b/app/services/projects/update_pages_service.rb @@ -74,25 +74,13 @@ module Projects end def extract_archive!(temp_path) - if artifacts.ends_with?('.tar.gz') || artifacts.ends_with?('.tgz') - extract_tar_archive!(temp_path) - elsif artifacts.ends_with?('.zip') + if artifacts.ends_with?('.zip') extract_zip_archive!(temp_path) else raise InvaildStateError, 'unsupported artifacts format' end end - def extract_tar_archive!(temp_path) - build.artifacts_file.use_file do |artifacts_path| - results = Open3.pipeline(%W(gunzip -c #{artifacts_path}), - %W(dd bs=#{BLOCK_SIZE} count=#{blocks}), - %W(tar -x -C #{temp_path} #{SITE_PATH}), - err: '/dev/null') - raise FailedToExtractError, 'pages failed to extract' unless results.compact.all?(&:success?) - end - end - def extract_zip_archive!(temp_path) raise InvaildStateError, 'missing artifacts metadata' unless build.artifacts_metadata? |