summaryrefslogtreecommitdiff
path: root/app/models/note.rb
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Prefer leading style for Style/DotPosition"Douwe Maan2017-02-231-5/+5
| | | | This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
* Enable Style/WordArrayDouwe Maan2017-02-231-1/+1
|
* Prefer leading style for Style/DotPositionDouwe Maan2017-02-231-5/+5
|
* Gather issuable metadata to avoid n+ queries on index viewissue_25900_2Felipe Artur2017-02-091-0/+6
|
* address commentsJarka Kadlecova2017-01-251-1/+9
|
* Support notes without projectJarka Kadlecova2017-01-181-3/+8
|
* Merge branch 'jej-note-search-uses-finder' into 'security' Douwe Maan2016-12-151-17/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Note lookup without access check - [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check - [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder` - [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`] - [x] :white_check_mark: lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
* Feature: delegate all open discussions to IssueBob Van Landuyt2016-12-051-1/+1
| | | | | | | | | | | | | When a merge request can only be merged when all discussions are resolved. This feature allows to easily delegate those discussions to a new issue, while marking them as resolved in the merge request. The user is presented with a new issue, prepared with mentions of all unresolved discussions, including the first unresolved note of the discussion, time and link to the note. When the issue is created, the discussions in the merge request will get a system note directing the user to the newly created issue.
* Merge branch 'events-cache-invalidation' into 'master' Douwe Maan2016-11-281-13/+0
|\ | | | | | | | | | | | | Remove caching of events data This MR removes the caching of events data as this was deemed unnecessary while increasing load on the database. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6578#note_18864037 and 5371da341e9d7768ebab8e159b3e2cc8fad1d827 for more information. See merge request !6578
| * Remove event caching codeYorick Peterse2016-11-231-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Flushing the events cache worked by updating a recent number of rows in the "events" table. This has the result that on PostgreSQL a lot of dead tuples are produced on a regular basis. This in turn means that PostgreSQL will spend considerable amounts of time vacuuming this table. This in turn can lead to an increase of database load. For GitLab.com we measured the impact of not using events caching and found no measurable increase in response timings. Meanwhile not flushing the events cache lead to the "events" table having no more dead tuples as now rows are only inserted into this table. As a result of this we are hereby removing events caching as it does not appear to help and only increases database load. For more information see the following comment: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6578#note_18864037
* | Backport Note#commands_changes from EEbackport-commands-paramsDouwe Maan2016-11-241-0/+3
|/
* Does not raise error when Note not found when processing NewNoteWorkerOswaldo Ferreira2016-11-111-0/+1
| | | | - Also remove unnecessary param
* Use CacheMarkdownField for notesNick Thomas2016-10-071-1/+4
|
* Start Frontend work, fix routing problemZ.J. van de Weg2016-09-191-4/+0
|
* prevent authored awardable thumbs votesbarthc2016-08-281-0/+4
| | | | | | prevent authored awardable thumbs votes prevent authored awardable thumbs votes
* Fix Error 500 resulting when loading network graphfix-network-graph-error-500Stan Hu2016-08-201-0/+2
| | | | | | | | `discussion_id` may not be present when the SELECT call for notes does not include this attribute. Don't attempt to set the discussion ID unless the model contains the attribute. Closes #21119, #21128
* Improve performance of MR show pageDouwe Maan2016-08-181-1/+4
|
* Fix MR note discussion IDDouwe Maan2016-08-181-1/+3
|
* Fix class method definitionDouwe Maan2016-08-171-1/+1
|
* Store discussion_id on Note for faster discussion lookup.Douwe Maan2016-08-171-9/+26
|
* Merge branch 'master' into diff-line-comment-vuejsDouwe Maan2016-08-121-0/+1
|\
| * Added concern for a faster "cache_key" methodfaster-cache-keysYorick Peterse2016-08-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This concern provides an optimized/simplified version of the "cache_key" method. This method is about 9 times faster than the default "cache_key" method. The produced cache keys _are_ different from the previous ones but this is worth the performance improvement. To showcase this I set up a benchmark (using benchmark-ips) that compares FasterCacheKeys#cache_key with the regular cache_key. The output of this benchmark was: Calculating ------------------------------------- cache_key 4.825k i/100ms cache_key_fast 21.723k i/100ms ------------------------------------------------- cache_key 59.422k (± 7.2%) i/s - 299.150k cache_key_fast 543.243k (± 9.2%) i/s - 2.694M Comparison: cache_key_fast: 543243.4 i/s cache_key: 59422.0 i/s - 9.14x slower To see the impact on real code I applied these changes and benchmarked Issue#referenced_merge_requests. For an issue referencing 10 merge requests these changes shaved off between 40 and 60 milliseconds.
* | Show existing discussion when adding new comment on line with a hidden ↵Douwe Maan2016-07-281-1/+0
| | | | | | | | resolved discussion
* | Use sha1 of discussion ID.Douwe Maan2016-07-251-2/+2
| |
* | Collapse/hide resolved discussionsDouwe Maan2016-07-251-2/+4
| |
* | Add resolved_at and resolved_by_id to DiffNoteDouwe Maan2016-07-251-0/+12
|/
* Fix bug where replies to commit notes displayed in the MR discussion tab ↵Douwe Maan2016-07-231-5/+9
| | | | wouldn't show up on the commit page
* Add Discussion model to represent MR/diff discussiondiscussion-modelDouwe Maan2016-07-201-3/+4
|
* Fix not normalized emoji pathsdixpac2016-07-141-2/+1
| | | | | | * There where path where +1 was stored as +1 not as thumbsup that was causing problems such as showing thumbsup icon 2 time. I fixed this to always normalize and store +1 as tumbsup
* Optimize system note visibility checking by hiding notes thatStan Hu2016-07-111-1/+13
| | | | | | | | | | | | | have been fully redacted and contain cross-project references. The previous implementation relied on Note#cross_reference_not_visible_for?, which essentially tries to render all the Markdown references in a system note and only displays the note if the user can see the referring project. But this duplicated the work that Banzai::NotesRenderer was doing already. Instead, for each note we render, we memoize the number of visible user references and use it later if it is available. Improves #19273
* Add DiffNote modelDouwe Maan2016-07-061-2/+6
|
* Extract parts of LegacyDiffNote into DiffOnNote concern and move part of ↵Douwe Maan2016-07-061-2/+2
| | | | responsibility to other classes
* Don't garbage collect commits that have related DB records like commentsDouwe Maan2016-07-041-0/+7
|
* use has_many relationship with eventsJames Lopez2016-07-011-1/+1
|
* fixing events for import/exportJames Lopez2016-06-291-0/+1
|
* Support for rendering/redacting multiple documentsYorick Peterse2016-06-241-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | This commit changes the way certain documents are rendered (currently only Notes) and how documents are redacted. Previously both rendering and redacting would run on a per document basis. The result of this was that for every document we'd have to run countless queries just to figure out if we could display a set of links or not. This commit changes things around so that redacting Markdown documents is no longer tied into the html-pipeline Gem. This in turn allows it to redact multiple documents in a single pass, thus reducing the number of queries needed. In turn rendering issue/merge request notes has been adjusted to take advantage of this new setup. Instead of rendering Markdown somewhere deep down in a view the Markdown is rendered and redacted in the controller (taking the current user and all that into account). This has been done in such a way that the "markdown()" helper method can still be used on its own. This particular commit also paves the way for caching rendered HTML on object level. Right now there's an accessor method Note#note_html which is used for setting/getting the rendered HTML. Once we cache HTML on row level we can simply change this field to be a column and call a "save" whenever needed and we're pretty much done.
* Preload notes/discussions associations (award_emoji: :user)optimize-award-emojiPaco Guzman2016-06-231-1/+3
|
* Eager load award emoji on notesZ.J. van de Weg2016-06-231-1/+1
| | | | | | | | | | This commit eager loads the award emoji on both the issues and the MRs. When loading an issue with 108 comments this reduces the query count by 327 queries. On a merge request with the same amount of comments this saves 148 queries. The large difference is not clear to me at this point and the total query count is still huge with 387 and 1034 respectively. The biggest problem however, remains the calculation of participants.
* fixed merge conflictsJames Lopez2016-06-161-16/+7
|\
| * Award Emoji can't be awarded on system notes backendzj-system-notes-not-awardableZ.J. van de Weg2016-06-151-0/+4
| |
| * Use Issue.visible_to_user in Notes.search to avoid query duplicationDouglas Barbosa Alexandre2016-06-131-16/+3
| |
| * Project members with guest role can't access confidential issuesDouglas Barbosa Alexandre2016-06-131-1/+1
| |
* | fixed specs and refactored a few things due to recent model changes and ↵James Lopez2016-06-131-2/+3
|/ | | | merge conflicts
* Backend awardables on commentsZJ van de Weg2016-06-061-0/+1
|
* Merge branch 'master' into awardablesawardablesZ.J. van de Weg2016-06-031-4/+20
|\
| * Merge branch 'separate-banzai-references' into 'master' Douwe Maan2016-06-011-1/+1
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Separate reference gathering from rendering This is a required step to allow batch processing when gathering references. This in turn would allow grabbing (for example) all mentioned users of an issue/merge request using a single query. cc @rspeicher @DouweM See merge request !3969
| | * Refactor ParticipableYorick Peterse2016-06-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several changes to this module: 1. The use of an explicit stack in Participable#participants 2. Proc behaviour has been changed 3. Batch permissions checking == Explicit Stack Participable#participants no longer uses recursion to process "self" and all child objects, instead it uses an Array and processes objects in breadth-first order. This allows us to for example create a single Gitlab::ReferenceExtractor instance and pass this to any Procs. Re-using a ReferenceExtractor removes the need for running potentially many SQL queries every time a Proc is called on a new object. == Proc Behaviour Changed Previously a Proc in Participable was expected to return an Array of User instances. This has been changed and instead it's now expected that a Proc modifies the Gitlab::ReferenceExtractor passed to it. The return value of the Proc is ignored. == Permissions Checking The method Participable#participants uses Ability.users_that_can_read_project to check if the returned users have access to the project of "self" _without_ running multiple SQL queries for every user.
| * | Merge branch 'data_leak' into 'master' Robert Speicher2016-05-311-3/+19
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | Confidential notes data leak Fixes part of https://gitlab.com/gitlab-org/gitlab-ee/issues/575 See merge request !1967
| | * | Confidential notes data leakValery Sizov2016-05-311-3/+19
| | |/
* | | Incorportate feedbackZ.J. van de Weg2016-06-011-14/+2
| | |
View Lorry Controller Status