Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2023-08-30 22:46:44 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2023-08-30 22:47:11 +0300
commit160a0406be075206e8c09fcb490415fae4e90391 (patch)
tree5d404f8af4dd97d84575affcceee010ecbf109c6
parent6a5fe8e74390f235dccd1f962024fce0a97f3214 (diff)
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.checksum2
-rw-r--r--Gemfile.lock4
-rw-r--r--app/policies/project_policy.rb1
-rw-r--r--lib/api/entities/project_import_status.rb11
-rw-r--r--lib/api/project_import.rb8
-rw-r--r--locale/gitlab.pot3
-rw-r--r--spec/lib/api/entities/project_import_status_spec.rb38
-rw-r--r--spec/policies/project_policy_spec.rb11
9 files changed, 62 insertions, 18 deletions
diff --git a/Gemfile b/Gemfile
index a8b1e14a494..a31ae24ecbc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -197,7 +197,7 @@ gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive
gem 'html-pipeline', '~> 2.14.3'
gem 'deckar01-task_list', '2.3.2'
gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup'
-gem 'commonmarker', '~> 0.23.9'
+gem 'commonmarker', '~> 0.23.10'
gem 'kramdown', '~> 2.3.1'
gem 'RedCloth', '~> 4.3.2'
gem 'rdoc', '~> 6.3.2'
diff --git a/Gemfile.checksum b/Gemfile.checksum
index eebf8fed592..d87b57c74a6 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -84,7 +84,7 @@
{"name":"coderay","version":"1.1.3","platform":"ruby","checksum":"dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b"},
{"name":"coercible","version":"1.0.0","platform":"ruby","checksum":"5081ad24352cc8435ce5472bc2faa30260c7ea7f2102cc6a9f167c4d9bffaadc"},
{"name":"colored2","version":"3.1.2","platform":"ruby","checksum":"b13c2bd7eeae2cf7356a62501d398e72fde78780bd26aec6a979578293c28b4a"},
-{"name":"commonmarker","version":"0.23.9","platform":"ruby","checksum":"2e739c85a6961531cb6f5ba5169f2c7f64471b7e700c64b048ec22a5b230811c"},
+{"name":"commonmarker","version":"0.23.10","platform":"ruby","checksum":"fdd312ae2bb4071b2f3085d4d7533cb9f8d9057a2eaa0760228a65bc3ed565d1"},
{"name":"concurrent-ruby","version":"1.2.2","platform":"ruby","checksum":"3879119b8b75e3b62616acc256c64a134d0b0a7a9a3fcba5a233025bcde22c4f"},
{"name":"connection_pool","version":"2.3.0","platform":"ruby","checksum":"677985be912f33c90f98f229aaa0c0ddb2ef8776f21929a36eeeb25251c944da"},
{"name":"cork","version":"0.3.0","platform":"ruby","checksum":"a0a0ac50e262f8514d1abe0a14e95e71c98b24e3378690e5d044daf0013ad4bc"},
diff --git a/Gemfile.lock b/Gemfile.lock
index 04fe6459575..cf94510e923 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -369,7 +369,7 @@ GEM
coercible (1.0.0)
descendants_tracker (~> 0.0.1)
colored2 (3.1.2)
- commonmarker (0.23.9)
+ commonmarker (0.23.10)
concurrent-ruby (1.2.2)
connection_pool (2.3.0)
cork (0.3.0)
@@ -1759,7 +1759,7 @@ DEPENDENCIES
circuitbox (= 2.0.0)
click_house-client!
cloud_profiler_agent (~> 0.0.0)!
- commonmarker (~> 0.23.9)
+ commonmarker (~> 0.23.10)
concurrent-ruby (~> 1.1)
connection_pool (~> 2.0)
countries (~> 4.0.0)
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 564215f6e50..25495bb0221 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -567,6 +567,7 @@ class ProjectPolicy < BasePolicy
enable :destroy_upload
enable :admin_incident_management_timeline_event_tag
enable :stop_environment
+ enable :read_import_error
end
rule { public_project & metrics_dashboard_allowed }.policy do
diff --git a/lib/api/entities/project_import_status.rb b/lib/api/entities/project_import_status.rb
index 59388aacafd..a7e7cd9ff73 100644
--- a/lib/api/entities/project_import_status.rb
+++ b/lib/api/entities/project_import_status.rb
@@ -17,8 +17,15 @@ module API
project.import_state&.relation_hard_failures(limit: 100) || []
end
- expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, _options|
- project.import_state&.last_error
+ expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, options|
+ next unless options[:current_user]
+ next unless project.import_state&.last_error
+
+ if Ability.allowed?(options[:current_user], :read_import_error, project)
+ project.import_state&.last_error
+ else
+ _("Ask a maintainer to check the import status for more details.")
+ end
end
expose :stats, documentation: { type: 'object' } do |project, _options|
diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index 6639b3ec346..c28d0ae2def 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -111,7 +111,7 @@ module API
).execute
if response.success?
- present(response.payload, with: Entities::ProjectImportStatus)
+ present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user)
else
render_api_error!(response.message, response.http_status)
end
@@ -134,7 +134,7 @@ module API
end
route_setting :skip_authentication, true
get ':id/import' do
- present user_project, with: Entities::ProjectImportStatus
+ present user_project, with: Entities::ProjectImportStatus, current_user: current_user
end
params do
@@ -182,7 +182,7 @@ module API
).execute
if response.success?
- present(response.payload, with: Entities::ProjectImportStatus)
+ present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user)
else
render_api_error!(response.message, response.http_status)
end
@@ -241,7 +241,7 @@ module API
).execute
if response.success?
- present(response.payload, with: Entities::ProjectImportStatus)
+ present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user)
else
render_api_error!(response.message, response.http_status)
end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index e55389fd74a..226085ef41a 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -6437,6 +6437,9 @@ msgstr ""
msgid "AsanaService|User Personal Access Token. User must have access to the task. All comments are attributed to this user."
msgstr ""
+msgid "Ask a maintainer to check the import status for more details."
+msgstr ""
+
msgid "Ask again later"
msgstr ""
diff --git a/spec/lib/api/entities/project_import_status_spec.rb b/spec/lib/api/entities/project_import_status_spec.rb
index 37a18718950..5d7f06dc78e 100644
--- a/spec/lib/api/entities/project_import_status_spec.rb
+++ b/spec/lib/api/entities/project_import_status_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do
+RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures, feature_category: :importers do
describe '#as_json' do
subject { entity.as_json }
@@ -67,14 +67,36 @@ RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do
context 'when import has failed' do
let(:project) { create(:project, :import_failed, import_type: 'import_type', import_correlation_id: correlation_id, import_last_error: 'error') }
- let(:entity) { described_class.new(project) }
+ let(:current_user) { create(:user) }
+ let(:options) { { current_user: current_user } }
+ let(:entity) { described_class.new(project, options) }
+
+ context 'when user has access to read import status' do
+ before do
+ project.add_maintainer(current_user)
+ end
+
+ it 'includes basic fields with import error' do
+ expect(subject[:import_status]).to eq('failed')
+ expect(subject[:import_type]).to eq('import_type')
+ expect(subject[:correlation_id]).to eq(correlation_id)
+ expect(subject[:import_error]).to eq('error')
+ expect(subject[:failed_relations]).to eq([])
+ end
+ end
- it 'includes basic fields with import error' do
- expect(subject[:import_status]).to eq('failed')
- expect(subject[:import_type]).to eq('import_type')
- expect(subject[:correlation_id]).to eq(correlation_id)
- expect(subject[:import_error]).to eq('error')
- expect(subject[:failed_relations]).to eq([])
+ context 'when user does not have access to read import status' do
+ before do
+ project.add_reporter(current_user)
+ end
+
+ it 'includes basic fields with import error' do
+ expect(subject[:import_status]).to eq('failed')
+ expect(subject[:import_type]).to eq('import_type')
+ expect(subject[:correlation_id]).to eq(correlation_id)
+ expect(subject[:import_error]).to eq('Ask a maintainer to check the import status for more details.')
+ expect(subject[:failed_relations]).to eq([])
+ end
end
end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 2854d6daece..350d834e63e 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -578,6 +578,11 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
expect(described_class.new(maintainer, project)).to be_allowed(:admin_incident_management_timeline_event_tag)
expect(described_class.new(owner, project)).to be_allowed(:admin_incident_management_timeline_event_tag)
end
+
+ it 'allows to read import error' do
+ expect(described_class.new(maintainer, project)).to be_allowed(:read_import_error)
+ expect(described_class.new(owner, project)).to be_allowed(:read_import_error)
+ end
end
context 'when user is a developer/guest/reporter' do
@@ -586,6 +591,12 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
expect(described_class.new(guest, project)).to be_disallowed(:admin_incident_management_timeline_event_tag)
expect(described_class.new(reporter, project)).to be_disallowed(:admin_incident_management_timeline_event_tag)
end
+
+ it 'disallows reading the import error' do
+ expect(described_class.new(developer, project)).to be_disallowed(:read_import_error)
+ expect(described_class.new(guest, project)).to be_disallowed(:read_import_error)
+ expect(described_class.new(reporter, project)).to be_disallowed(:read_import_error)
+ end
end
context 'when user is not a member of the project' do
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 16:23:53 +0300