diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:47:30 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:47:38 +0300 |
| commit | a58a22c172fa5233b418680269d2831f95444036 (patch) | |
| tree | 812bef28b25ae8ea9c92527f045c81add8436017 | |
| parent | f369df1a89fb7d3b9c8b9eca0ab9ea3419982906 (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee
| -rw-r--r-- | app/policies/project_policy.rb | 1 | ||||
| -rw-r--r-- | lib/api/entities/project_import_status.rb | 11 | ||||
| -rw-r--r-- | lib/api/project_import.rb | 8 | ||||
| -rw-r--r-- | locale/gitlab.pot | 3 | ||||
| -rw-r--r-- | spec/lib/api/entities/project_import_status_spec.rb | 38 | ||||
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 11 |
6 files changed, 58 insertions, 14 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index ad6155258ab..7470f21c6c4 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -561,6 +561,7 @@ class ProjectPolicy < BasePolicy enable :destroy_upload enable :admin_incident_management_timeline_event_tag enable :stop_environment + enable :read_import_error end rule { public_project & metrics_dashboard_allowed }.policy do diff --git a/lib/api/entities/project_import_status.rb b/lib/api/entities/project_import_status.rb index 59388aacafd..a7e7cd9ff73 100644 --- a/lib/api/entities/project_import_status.rb +++ b/lib/api/entities/project_import_status.rb @@ -17,8 +17,15 @@ module API project.import_state&.relation_hard_failures(limit: 100) || [] end - expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, _options| - project.import_state&.last_error + expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, options| + next unless options[:current_user] + next unless project.import_state&.last_error + + if Ability.allowed?(options[:current_user], :read_import_error, project) + project.import_state&.last_error + else + _("Ask a maintainer to check the import status for more details.") + end end expose :stats, documentation: { type: 'object' } do |project, _options| diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index 6639b3ec346..c28d0ae2def 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -111,7 +111,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus) + present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) else render_api_error!(response.message, response.http_status) end @@ -134,7 +134,7 @@ module API end route_setting :skip_authentication, true get ':id/import' do - present user_project, with: Entities::ProjectImportStatus + present user_project, with: Entities::ProjectImportStatus, current_user: current_user end params do @@ -182,7 +182,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus) + present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) else render_api_error!(response.message, response.http_status) end @@ -241,7 +241,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus) + present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) else render_api_error!(response.message, response.http_status) end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index d0f851bef4d..f59b086afb1 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -6365,6 +6365,9 @@ msgstr "" msgid "AsanaService|User Personal Access Token. User must have access to the task. All comments are attributed to this user." msgstr "" +msgid "Ask a maintainer to check the import status for more details." +msgstr "" + msgid "Ask again later" msgstr "" diff --git a/spec/lib/api/entities/project_import_status_spec.rb b/spec/lib/api/entities/project_import_status_spec.rb index 37a18718950..5d7f06dc78e 100644 --- a/spec/lib/api/entities/project_import_status_spec.rb +++ b/spec/lib/api/entities/project_import_status_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do +RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures, feature_category: :importers do describe '#as_json' do subject { entity.as_json } @@ -67,14 +67,36 @@ RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do context 'when import has failed' do let(:project) { create(:project, :import_failed, import_type: 'import_type', import_correlation_id: correlation_id, import_last_error: 'error') } - let(:entity) { described_class.new(project) } + let(:current_user) { create(:user) } + let(:options) { { current_user: current_user } } + let(:entity) { described_class.new(project, options) } + + context 'when user has access to read import status' do + before do + project.add_maintainer(current_user) + end + + it 'includes basic fields with import error' do + expect(subject[:import_status]).to eq('failed') + expect(subject[:import_type]).to eq('import_type') + expect(subject[:correlation_id]).to eq(correlation_id) + expect(subject[:import_error]).to eq('error') + expect(subject[:failed_relations]).to eq([]) + end + end - it 'includes basic fields with import error' do - expect(subject[:import_status]).to eq('failed') - expect(subject[:import_type]).to eq('import_type') - expect(subject[:correlation_id]).to eq(correlation_id) - expect(subject[:import_error]).to eq('error') - expect(subject[:failed_relations]).to eq([]) + context 'when user does not have access to read import status' do + before do + project.add_reporter(current_user) + end + + it 'includes basic fields with import error' do + expect(subject[:import_status]).to eq('failed') + expect(subject[:import_type]).to eq('import_type') + expect(subject[:correlation_id]).to eq(correlation_id) + expect(subject[:import_error]).to eq('Ask a maintainer to check the import status for more details.') + expect(subject[:failed_relations]).to eq([]) + end end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 602b7148d0e..2f0d351063b 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -578,6 +578,11 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(maintainer, project)).to be_allowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(owner, project)).to be_allowed(:admin_incident_management_timeline_event_tag) end + + it 'allows to read import error' do + expect(described_class.new(maintainer, project)).to be_allowed(:read_import_error) + expect(described_class.new(owner, project)).to be_allowed(:read_import_error) + end end context 'when user is a developer/guest/reporter' do @@ -586,6 +591,12 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(guest, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(reporter, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) end + + it 'disallows reading the import error' do + expect(described_class.new(developer, project)).to be_disallowed(:read_import_error) + expect(described_class.new(guest, project)).to be_disallowed(:read_import_error) + expect(described_class.new(reporter, project)).to be_disallowed(:read_import_error) + end end context 'when user is not a member of the project' do |