diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/branches.rb | 16 | ||||
| -rw-r--r-- | lib/api/internal.rb | 9 | ||||
| -rw-r--r-- | lib/api/issues.rb | 50 | ||||
| -rw-r--r-- | lib/api/repositories.rb | 17 | ||||
| -rw-r--r-- | lib/gitlab/backend/shell.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/blacklist.rb | 1 | ||||
| -rw-r--r-- | lib/gitlab/git_access.rb | 39 | ||||
| -rw-r--r-- | lib/gitlab/git_ref_validator.rb | 11 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/ldap/person.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/ldap/user.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/oauth/user.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/upgrader.rb | 2 | ||||
| -rw-r--r-- | lib/tasks/gitlab/check.rake | 8 |
14 files changed, 135 insertions, 41 deletions
diff --git a/lib/api/branches.rb b/lib/api/branches.rb index b32a4aa7bc2..4db5f61dd28 100644 --- a/lib/api/branches.rb +++ b/lib/api/branches.rb @@ -80,9 +80,17 @@ module API # POST /projects/:id/repository/branches post ":id/repository/branches" do authorize_push_project - @branch = CreateBranchService.new.execute(user_project, params[:branch_name], params[:ref], current_user) - - present @branch, with: Entities::RepoObject, project: user_project + result = CreateBranchService.new.execute(user_project, + params[:branch_name], + params[:ref], + current_user) + if result[:status] == :success + present result[:branch], + with: Entities::RepoObject, + project: user_project + else + render_api_error!(result[:message], 400) + end end # Delete branch @@ -99,7 +107,7 @@ module API if result[:state] == :success true else - render_api_error!(result[:message], 405) + render_api_error!(result[:message], result[:return_code]) end end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 5850892df07..5f484f63418 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -12,7 +12,9 @@ module API # ref - branch name # forced_push - forced_push # - get "/allowed" do + post "/allowed" do + status 200 + # Check for *.wiki repositories. # Strip out the .wiki from the pathname before finding the # project. This applies the correct project permissions to @@ -34,10 +36,7 @@ module API actor, params[:action], project, - params[:ref], - params[:oldrev], - params[:newrev], - params[:forced_push] + params[:changes] ) end diff --git a/lib/api/issues.rb b/lib/api/issues.rb index eb6a74cd2bc..5369149cdfc 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -3,13 +3,41 @@ module API class Issues < Grape::API before { authenticate! } + helpers do + def filter_issues_state(issues, state = nil) + case state + when 'opened' then issues.opened + when 'closed' then issues.closed + else issues + end + end + + def filter_issues_labels(issues, labels) + issues.includes(:labels).where("labels.title" => labels.split(',')) + end + end + resource :issues do # Get currently authenticated user's issues # - # Example Request: + # Parameters: + # state (optional) - Return "opened" or "closed" issues + # labels (optional) - Comma-separated list of label names + + # Example Requests: # GET /issues + # GET /issues?state=opened + # GET /issues?state=closed + # GET /issues?labels=foo + # GET /issues?labels=foo,bar + # GET /issues?labels=foo,bar&state=opened get do - present paginate(current_user.issues), with: Entities::Issue + issues = current_user.issues + issues = filter_issues_state(issues, params[:state]) unless params[:state].nil? + issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil? + issues = issues.order('issues.id DESC') + + present paginate(issues), with: Entities::Issue end end @@ -18,10 +46,24 @@ module API # # Parameters: # id (required) - The ID of a project - # Example Request: + # state (optional) - Return "opened" or "closed" issues + # labels (optional) - Comma-separated list of label names + # + # Example Requests: + # GET /projects/:id/issues + # GET /projects/:id/issues?state=opened + # GET /projects/:id/issues?state=closed # GET /projects/:id/issues + # GET /projects/:id/issues?labels=foo + # GET /projects/:id/issues?labels=foo,bar + # GET /projects/:id/issues?labels=foo,bar&state=opened get ":id/issues" do - present paginate(user_project.issues), with: Entities::Issue + issues = user_project.issues + issues = filter_issues_state(issues, params[:state]) unless params[:state].nil? + issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil? + issues = issues.order('issues.id DESC') + + present paginate(issues), with: Entities::Issue end # Get a single project issue diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 42068bb343d..07c29aa7b4c 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -32,14 +32,23 @@ module API # id (required) - The ID of a project # tag_name (required) - The name of the tag # ref (required) - Create tag from commit sha or branch + # message (optional) - Specifying a message creates an annotated tag. # Example Request: # POST /projects/:id/repository/tags post ':id/repository/tags' do authorize_push_project - @tag = CreateTagService.new.execute(user_project, params[:tag_name], - params[:ref], current_user) - - present @tag, with: Entities::RepoObject, project: user_project + message = params[:message] || nil + result = CreateTagService.new.execute(user_project, params[:tag_name], + params[:ref], message, + current_user) + + if result[:status] == :success + present result[:tag], + with: Entities::RepoObject, + project: user_project + else + render_api_error!(result[:message], 400) + end end # Get a project repository tree diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb index 53bff3037e5..907373ab991 100644 --- a/lib/gitlab/backend/shell.rb +++ b/lib/gitlab/backend/shell.rb @@ -107,12 +107,17 @@ module Gitlab # path - project path with namespace # tag_name - new tag name # ref - HEAD for new tag + # message - optional message for tag (annotated tag) # # Ex. # add_tag("gitlab/gitlab-ci", "v4.0", "master") + # add_tag("gitlab/gitlab-ci", "v4.0", "master", "message") # - def add_tag(path, tag_name, ref) - system "#{gitlab_shell_path}/bin/gitlab-projects", "create-tag", "#{path}.git", tag_name, ref + def add_tag(path, tag_name, ref, message = nil) + cmd = %W(#{gitlab_shell_path}/bin/gitlab-projects create-tag #{path}.git + #{tag_name} #{ref}) + cmd << message unless message.nil? || message.empty? + system *cmd end # Remove repository tag diff --git a/lib/gitlab/blacklist.rb b/lib/gitlab/blacklist.rb index a47d120dd21..65efb6e4407 100644 --- a/lib/gitlab/blacklist.rb +++ b/lib/gitlab/blacklist.rb @@ -26,6 +26,7 @@ module Gitlab hooks notes unsubscribes + all ) end end diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 38b3d82e2f4..e75a5a1d62e 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -5,7 +5,7 @@ module Gitlab attr_reader :params, :project, :git_cmd, :user - def allowed?(actor, cmd, project, ref = nil, oldrev = nil, newrev = nil, forced_push = false) + def allowed?(actor, cmd, project, changes = nil) case cmd when *DOWNLOAD_COMMANDS if actor.is_a? User @@ -19,12 +19,12 @@ module Gitlab end when *PUSH_COMMANDS if actor.is_a? User - push_allowed?(actor, project, ref, oldrev, newrev, forced_push) + push_allowed?(actor, project, changes) elsif actor.is_a? DeployKey # Deploy key not allowed to push return false elsif actor.is_a? Key - push_allowed?(actor.user, project, ref, oldrev, newrev, forced_push) + push_allowed?(actor.user, project, changes) else raise 'Wrong actor' end @@ -41,13 +41,21 @@ module Gitlab end end - def push_allowed?(user, project, ref, oldrev, newrev, forced_push) - if user && user_allowed?(user) + def push_allowed?(user, project, changes) + return false unless user && user_allowed?(user) + return true if changes.blank? + + changes = changes.lines if changes.kind_of?(String) + + # Iterate over all changes to find if user allowed all of them to be applied + changes.each do |change| + oldrev, newrev, ref = changes.split('') + action = if project.protected_branch?(ref) # we dont allow force push to protected branch - if forced_push.to_s == 'true' + if forced_push?(oldrev, newrev) :force_push_code_to_protected_branches - # and we dont allow remove of protected branch + # and we dont allow remove of protected branch elsif newrev =~ /0000000/ :remove_protected_branches else @@ -59,7 +67,22 @@ module Gitlab else :push_code end - user.can?(action, project) + unless user.can?(action, project) + # If user does not have access to make at least one change - cancel all push + return false + end + end + + # If user has access to make all changes + true + end + + def forced_push?(oldrev, newrev) + return false if project.empty_repo? + + if oldrev !~ /00000000/ && newrev !~ /00000000/ + missed_refs = IO.popen(%W(git --git-dir=#{project.repository.path_to_repo} rev-list #{oldrev} ^#{newrev})).read + missed_refs.split("\n").size > 0 else false end diff --git a/lib/gitlab/git_ref_validator.rb b/lib/gitlab/git_ref_validator.rb new file mode 100644 index 00000000000..13cb08948bb --- /dev/null +++ b/lib/gitlab/git_ref_validator.rb @@ -0,0 +1,11 @@ +module Gitlab + module GitRefValidator + extend self + # Validates a given name against the git reference specification + # + # Returns true for a valid reference name, false otherwise + def validate(ref_name) + system *%W(git check-ref-format refs/#{ref_name}) + end + end +end diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index 62709a12942..c054b6f5865 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -28,7 +28,7 @@ module Gitlab def allowed?(user) if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter) - !Gitlab::LDAP::Person.active_directory_disabled?(user.extern_uid, adapter) + !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter) else false end diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb index 9ad6618bd46..87c3d711db4 100644 --- a/lib/gitlab/ldap/person.rb +++ b/lib/gitlab/ldap/person.rb @@ -16,7 +16,7 @@ module Gitlab adapter.user('dn', dn) end - def self.active_directory_disabled?(dn, adapter=nil) + def self.disabled_via_active_directory?(dn, adapter=nil) adapter ||= Gitlab::LDAP::Adapter.new adapter.dn_matches_filter?(dn, AD_USER_DISABLED) end diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index 79aa145d871..e6aa3890992 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -77,10 +77,6 @@ module Gitlab model.where("provider = ? and lower(extern_uid) = ?", provider, uid.downcase).last end - def username - auth.info.nickname.to_s.force_encoding("utf-8") - end - def provider 'ldap' end diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb index 0056eb3a28b..9670aad2c5d 100644 --- a/lib/gitlab/oauth/user.rb +++ b/lib/gitlab/oauth/user.rb @@ -67,12 +67,11 @@ module Gitlab end def uid - uid = auth.info.uid || auth.uid - uid = uid.to_s unless uid.nil? - uid + auth.uid.to_s end def email + return unless auth.info.respond_to?(:email) auth.info.email.downcase unless auth.info.email.nil? end @@ -85,6 +84,7 @@ module Gitlab end def username + return unless auth.info.respond_to?(:nickname) auth.info.nickname.to_s.force_encoding("utf-8") end diff --git a/lib/gitlab/upgrader.rb b/lib/gitlab/upgrader.rb index 0846359f9b1..74b049b5143 100644 --- a/lib/gitlab/upgrader.rb +++ b/lib/gitlab/upgrader.rb @@ -43,7 +43,7 @@ module Gitlab end def latest_version_raw - remote_tags, _ = Gitlab::Popen.popen(%W(git ls-remote --tags origin)) + remote_tags, _ = Gitlab::Popen.popen(%W(git ls-remote --tags https://gitlab.com/gitlab-org/gitlab-ce.git)) git_tags = remote_tags.split("\n").grep(/tags\/v#{current_version.major}/) git_tags = git_tags.select { |version| version =~ /v\d\.\d\.\d\Z/ } last_tag = git_tags.last.match(/v\d\.\d\.\d/).to_s diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 032ed5ee370..d15944bada3 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -322,7 +322,7 @@ namespace :gitlab do "core.autocrlf" => "input" } correct_options = options.map do |name, value| - run(%W(git config --global --get #{name})).try(:squish) == value + run(%W(#{Gitlab.config.git.bin_path} config --global --get #{name})).try(:squish) == value end if correct_options.all? @@ -330,9 +330,9 @@ namespace :gitlab do else puts "no".red try_fixing_it( - sudo_gitlab("git config --global user.name \"#{options["user.name"]}\""), - sudo_gitlab("git config --global user.email \"#{options["user.email"]}\""), - sudo_gitlab("git config --global core.autocrlf \"#{options["core.autocrlf"]}\"") + sudo_gitlab("\"#{Gitlab.config.git.bin_path}\" config --global user.name \"#{options["user.name"]}\""), + sudo_gitlab("\"#{Gitlab.config.git.bin_path}\" config --global user.email \"#{options["user.email"]}\""), + sudo_gitlab("\"#{Gitlab.config.git.bin_path}\" config --global core.autocrlf \"#{options["core.autocrlf"]}\"") ) for_more_information( see_installation_guide_section "GitLab" |