diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
| commit | 43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch) | |
| tree | dceebdc68925362117480a5d672bcff122fb625b /app/controllers/groups | |
| parent | 20c84b99005abd1c82101dfeff264ac50d2df211 (diff) | |
Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42
Diffstat (limited to 'app/controllers/groups')
13 files changed, 127 insertions, 29 deletions
diff --git a/app/controllers/groups/achievements_controller.rb b/app/controllers/groups/achievements_controller.rb new file mode 100644 index 00000000000..52d63761819 --- /dev/null +++ b/app/controllers/groups/achievements_controller.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module Groups + class AchievementsController < Groups::ApplicationController + feature_category :user_profile + urgency :low + + before_action :authorize_read_achievement! + + private + + def authorize_read_achievement! + render_404 unless can?(current_user, :read_achievement, group) + end + end +end diff --git a/app/controllers/groups/children_controller.rb b/app/controllers/groups/children_controller.rb index d10c52f0301..ca3be1542aa 100644 --- a/app/controllers/groups/children_controller.rb +++ b/app/controllers/groups/children_controller.rb @@ -5,6 +5,8 @@ module Groups extend ::Gitlab::Utils::Override before_action :group + before_action :validate_per_page + skip_cross_project_access_check :index feature_category :subgroups @@ -41,10 +43,11 @@ module Groups protected def setup_children(parent) - @children = GroupDescendantsFinder.new(current_user: current_user, - parent_group: parent, - params: params.to_unsafe_h).execute - @children = @children.page(params[:page]) + @children = GroupDescendantsFinder.new( + current_user: current_user, + parent_group: parent, + params: group_descendants_params + ).execute.page(params[:page]) end private @@ -53,5 +56,25 @@ module Groups def has_project_list? true end + + def group_descendants_params + @group_descendants_params ||= params.to_unsafe_h.compact + end + + def validate_per_page + return unless group_descendants_params.key?(:per_page) + + per_page = begin + Integer(group_descendants_params[:per_page]) + rescue ArgumentError, TypeError + 0 + end + + respond_to do |format| + format.json do + render status: :bad_request, json: { message: 'per_page does not have a valid value' } if per_page < 1 + end + end + end end end diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb index 427df9a7129..1b1aed0ec2e 100644 --- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb +++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb @@ -172,6 +172,6 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy end def manifest_header - token_header.merge(Accept: ::ContainerRegistry::Client::ACCEPTED_TYPES) + token_header.merge(Accept: ::DependencyProxy::Manifest::ACCEPTED_TYPES) end end diff --git a/app/controllers/groups/group_links_controller.rb b/app/controllers/groups/group_links_controller.rb index cc2ca728592..c74c48a960d 100644 --- a/app/controllers/groups/group_links_controller.rb +++ b/app/controllers/groups/group_links_controller.rb @@ -7,7 +7,7 @@ class Groups::GroupLinksController < Groups::ApplicationController feature_category :subgroups def update - Groups::GroupLinks::UpdateService.new(@group_link).execute(group_link_params) + Groups::GroupLinks::UpdateService.new(@group_link, current_user).execute(group_link_params) if @group_link.expires? render json: { diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index f0b857ca4c9..d614cc1cb24 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -16,10 +16,13 @@ class Groups::GroupMembersController < Groups::ApplicationController before_action :authorize_admin_group_member!, except: admin_not_required_endpoints before_action :authorize_read_group_member!, only: :index + before_action only: [:index] do + push_frontend_feature_flag(:service_accounts_crud, @group) + end + skip_before_action :check_two_factor_requirement, only: :leave skip_cross_project_access_check :index, :update, :destroy, :request_access, - :approve_access_request, :leave, :resend_invite, - :override + :approve_access_request, :leave, :resend_invite, :override feature_category :subgroups urgency :low @@ -73,7 +76,7 @@ class Groups::GroupMembersController < Groups::ApplicationController end def filter_params - params.permit(:two_factor, :search).merge(sort: @sort) + params.permit(:two_factor, :search, :user_type).merge(sort: @sort) end def membershipable_members diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb index 494b8c5621d..903c8c214ae 100644 --- a/app/controllers/groups/milestones_controller.rb +++ b/app/controllers/groups/milestones_controller.rb @@ -45,6 +45,24 @@ class Groups::MilestonesController < Groups::ApplicationController Milestones::UpdateService.new(@milestone.parent, current_user, milestone_params).execute(@milestone) redirect_to milestone_path(@milestone) + rescue ActiveRecord::StaleObjectError + respond_to do |format| + format.html do + @conflict = true + render :edit + end + + format.json do + render json: { + errors: [ + format( + _("Someone edited this %{model_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."), # rubocop:disable Layout/LineLength + model_name: _('milestone') + ) + ] + }, status: :conflict + end + end end def destroy @@ -63,7 +81,15 @@ class Groups::MilestonesController < Groups::ApplicationController end def milestone_params - params.require(:milestone).permit(:title, :description, :start_date, :due_date, :state_event) + params.require(:milestone) + .permit( + :description, + :due_date, + :lock_version, + :start_date, + :state_event, + :title + ) end def milestones diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb index 726af00a10e..525407f5849 100644 --- a/app/controllers/groups/observability_controller.rb +++ b/app/controllers/groups/observability_controller.rb @@ -30,7 +30,7 @@ module Groups end def check_observability_allowed - render_404 unless Gitlab::Observability.observability_enabled?(current_user, group) + render_404 unless Gitlab::Observability.allowed_for_action?(current_user, group, params[:action]) end end end diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index 859bb0adb4e..4b52617d287 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -2,14 +2,20 @@ class Groups::RunnersController < Groups::ApplicationController before_action :authorize_read_group_runners!, only: [:index, :show] + before_action :authorize_create_group_runners!, only: [:new, :register] before_action :authorize_update_runner!, only: [:edit, :update, :destroy, :pause, :resume] - before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] + before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show, :register] + + before_action only: [:index] do + push_frontend_feature_flag(:create_runner_workflow_for_namespace, group) + end feature_category :runner urgency :low def index @group_runner_registration_token = @group.runners_token if can?(current_user, :register_group_runners, group) + @group_new_runner_path = new_group_runner_path(@group) if can?(current_user, :create_runner, group) Gitlab::Tracking.event(self.class.name, 'index', user: current_user, namespace: @group) end @@ -28,6 +34,14 @@ class Groups::RunnersController < Groups::ApplicationController end end + def new + render_404 unless create_runner_workflow_for_namespace_enabled? + end + + def register + render_404 unless create_runner_workflow_for_namespace_enabled? && runner.registration_available? + end + private def runner @@ -47,6 +61,16 @@ class Groups::RunnersController < Groups::ApplicationController render_404 end + + def authorize_create_group_runners! + return if can?(current_user, :create_runner, group) + + render_404 + end + + def create_runner_workflow_for_namespace_enabled? + Feature.enabled?(:create_runner_workflow_for_namespace, group) + end end Groups::RunnersController.prepend_mod diff --git a/app/controllers/groups/settings/access_tokens_controller.rb b/app/controllers/groups/settings/access_tokens_controller.rb index d86ddcfe2d0..ff07e881bfa 100644 --- a/app/controllers/groups/settings/access_tokens_controller.rb +++ b/app/controllers/groups/settings/access_tokens_controller.rb @@ -7,7 +7,7 @@ module Groups include AccessTokensActions layout 'group_settings' - feature_category :authentication_and_authorization + feature_category :system_access alias_method :resource, :group diff --git a/app/controllers/groups/settings/applications_controller.rb b/app/controllers/groups/settings/applications_controller.rb index 3557d485422..3ae1ae824a0 100644 --- a/app/controllers/groups/settings/applications_controller.rb +++ b/app/controllers/groups/settings/applications_controller.rb @@ -6,18 +6,16 @@ module Groups include OauthApplications prepend_before_action :authorize_admin_group! - before_action :set_application, only: [:show, :edit, :update, :destroy] + before_action :set_application, only: [:show, :edit, :update, :renew, :destroy] before_action :load_scopes, only: [:index, :create, :edit, :update] - feature_category :authentication_and_authorization + feature_category :system_access def index set_index_vars end - def show - @created = get_created_session if Feature.disabled?('hash_oauth_secrets') - end + def show; end def edit end @@ -28,15 +26,8 @@ module Groups if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - if Feature.enabled?('hash_oauth_secrets') - - @created = true - render :show - else - set_created_session - - redirect_to group_settings_application_url(@group, @application) - end + @created = true + render :show else set_index_vars render :index @@ -51,6 +42,16 @@ module Groups end end + def renew + @application.renew_secret + + if @application.save + render json: { secret: @application.plaintext_secret } + else + render json: { errors: @application.errors }, status: :unprocessable_entity + end + end + def destroy @application.destroy redirect_to group_settings_applications_url(@group), status: :found, notice: _('Application was successfully destroyed.') diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index 78e3ffa4af9..4bbaf92b126 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -12,6 +12,11 @@ module Groups before_action :assign_variables_to_gon, only: [:show] feature_category :continuous_integration + + before_action do + push_frontend_feature_flag(:ci_variables_pages, current_user) + end + urgency :low def show diff --git a/app/controllers/groups/usage_quotas_controller.rb b/app/controllers/groups/usage_quotas_controller.rb index 4f858cd130a..125c8fde004 100644 --- a/app/controllers/groups/usage_quotas_controller.rb +++ b/app/controllers/groups/usage_quotas_controller.rb @@ -6,7 +6,7 @@ module Groups before_action :verify_usage_quotas_enabled! before_action :push_frontend_feature_flags - feature_category :subscription_cost_management + feature_category :consumables_cost_management urgency :low def index diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb index 9ddf6c80c70..fad3a6ab9f5 100644 --- a/app/controllers/groups/variables_controller.rb +++ b/app/controllers/groups/variables_controller.rb @@ -6,7 +6,7 @@ module Groups skip_cross_project_access_check :show, :update - feature_category :pipeline_authoring + feature_category :secrets_management urgency :low, [:show] |