diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-20 14:18:08 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-20 14:18:08 +0300 |
commit | 5afcbe03ead9ada87621888a31a62652b10a7e4f (patch) | |
tree | 9918b67a0d0f0bafa6542e839a8be37adf73102d /app/controllers | |
parent | c97c0201564848c1f53226fe19d71fdcc472f7d0 (diff) |
Add latest changes from gitlab-org/gitlab@16-4-stable-eev16.4.0-rc42
Diffstat (limited to 'app/controllers')
64 files changed, 335 insertions, 341 deletions
diff --git a/app/controllers/activity_pub/application_controller.rb b/app/controllers/activity_pub/application_controller.rb new file mode 100644 index 00000000000..f9c2b14fe77 --- /dev/null +++ b/app/controllers/activity_pub/application_controller.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module ActivityPub + class ApplicationController < ::ApplicationController + include RoutableActions + + before_action :ensure_feature_flag + skip_before_action :authenticate_user! + after_action :set_content_type + + def can?(object, action, subject = :global) + Ability.allowed?(object, action, subject) + end + + def route_not_found + head :not_found + end + + def set_content_type + self.content_type = "application/activity+json" + end + + def ensure_feature_flag + not_found unless ::Feature.enabled?(:activity_pub) + end + end +end diff --git a/app/controllers/activity_pub/projects/application_controller.rb b/app/controllers/activity_pub/projects/application_controller.rb new file mode 100644 index 00000000000..e54a457743d --- /dev/null +++ b/app/controllers/activity_pub/projects/application_controller.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module ActivityPub + module Projects + class ApplicationController < ::ActivityPub::ApplicationController + before_action :project + before_action :ensure_project_feature_flag + + private + + def project + return unless params[:project_id] || params[:id] + + path = File.join(params[:namespace_id], params[:project_id] || params[:id]) + + @project = find_routable!(Project, path, request.fullpath, extra_authorization_proc: auth_proc) + end + + def auth_proc + ->(project) { project.public? && !project.pending_delete? } + end + + def ensure_project_feature_flag + not_found unless ::Feature.enabled?(:activity_pub_project, project) + end + end + end +end diff --git a/app/controllers/activity_pub/projects/releases_controller.rb b/app/controllers/activity_pub/projects/releases_controller.rb new file mode 100644 index 00000000000..7c4c2a0322b --- /dev/null +++ b/app/controllers/activity_pub/projects/releases_controller.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +module ActivityPub + module Projects + class ReleasesController < ApplicationController + feature_category :release_orchestration + + def index + opts = { + inbox: nil, + outbox: outbox_project_releases_url(@project) + } + + render json: ActivityPub::ReleasesActorSerializer.new.represent(@project, opts) + end + + def outbox + serializer = ActivityPub::ReleasesOutboxSerializer.new.with_pagination(request, response) + render json: serializer.represent(releases) + end + + private + + def releases(params = {}) + ReleasesFinder.new(@project, current_user, params).execute + end + end + end +end diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb index 329c4e4921a..b48d6f4f7c2 100644 --- a/app/controllers/admin/abuse_reports_controller.rb +++ b/app/controllers/admin/abuse_reports_controller.rb @@ -3,8 +3,11 @@ class Admin::AbuseReportsController < Admin::ApplicationController feature_category :insider_threat - before_action :set_status_param, only: :index, if: -> { Feature.enabled?(:abuse_reports_list) } + before_action :set_status_param, only: :index before_action :find_abuse_report, only: [:show, :moderate_user, :update, :destroy] + before_action only: :show do + push_frontend_feature_flag(:abuse_report_labels) + end def index @abuse_reports = AbuseReportsFinder.new(params).execute @@ -12,14 +15,11 @@ class Admin::AbuseReportsController < Admin::ApplicationController def show; end - # Kept for backwards compatibility. - # TODO: See https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/167?work_item_iid=443 - # In 16.4 remove or re-use this endpoint after frontend has migrated to using moderate_user endpoint def update - response = Admin::AbuseReports::ModerateUserService.new(@abuse_report, current_user, permitted_params).execute + response = Admin::AbuseReports::UpdateService.new(@abuse_report, current_user, permitted_params).execute if response.success? - render json: { message: response.message } + head :ok else render json: { message: response.message }, status: :unprocessable_entity end @@ -53,6 +53,6 @@ class Admin::AbuseReportsController < Admin::ApplicationController end def permitted_params - params.permit(:user_action, :close, :reason, :comment) + params.permit(:user_action, :close, :reason, :comment, { label_ids: [] }) end end diff --git a/app/controllers/admin/jobs_controller.rb b/app/controllers/admin/jobs_controller.rb index 5ea8c672993..d0ade3e6024 100644 --- a/app/controllers/admin/jobs_controller.rb +++ b/app/controllers/admin/jobs_controller.rb @@ -7,18 +7,10 @@ class Admin::JobsController < Admin::ApplicationController urgency :low before_action do - push_frontend_feature_flag(:admin_jobs_vue) + push_frontend_feature_flag(:admin_jobs_filter_runner_type, type: :ops) end - def index - # We need all builds for tabs counters - @all_builds = Ci::JobsFinder.new(current_user: current_user).execute - - @scope = params[:scope] - @builds = Ci::JobsFinder.new(current_user: current_user, params: params).execute - @builds = @builds.eager_load_everything - @builds = @builds.page(params[:page]).per(BUILDS_PER_PAGE).without_count - end + def index; end def cancel_all Ci::Build.running_or_pending.each(&:cancel) diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index f05b03c2787..1f05e4e7b21 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -221,8 +221,7 @@ class Admin::UsersController < Admin::ApplicationController respond_to do |format| result = Users::UpdateService.new(current_user, user_params_with_pass.merge(user: user)).execute do |user| - user.skip_reconfirmation! - user.send_only_admin_changed_your_password_notification! if admin_making_changes_for_another_user? + prepare_user_for_update(user) end if result[:status] == :success @@ -393,6 +392,12 @@ class Admin::UsersController < Admin::ApplicationController @can_impersonate = helpers.can_impersonate_user(user, impersonation_in_progress?) @impersonation_error_text = @can_impersonate ? nil : helpers.impersonation_error_text(user, impersonation_in_progress?) end + + # method overriden in EE + def prepare_user_for_update(user) + user.skip_reconfirmation! + user.send_only_admin_changed_your_password_notification! if admin_making_changes_for_another_user? + end end Admin::UsersController.prepend_mod_with('Admin::UsersController') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 08e4f4956df..7c69f43fa3d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -38,7 +38,6 @@ class ApplicationController < ActionController::Base before_action :active_user_check, unless: :devise_controller? before_action :set_usage_stats_consent_flag before_action :check_impersonation_availability - before_action :required_signup_info # Make sure the `auth_user` is memoized so it can be logged, we do this after # all other before filters that could have set the user. @@ -115,6 +114,24 @@ class ApplicationController < ActionController::Base content_security_policy do |p| next if p.directives.blank? + + if Rails.env.development? && Feature.enabled?(:vite) + vite_host = ViteRuby.instance.config.host + vite_port = ViteRuby.instance.config.port + vite_origin = "#{vite_host}:#{vite_port}" + http_origin = "http://#{vite_origin}" + ws_origin = "ws://#{vite_origin}" + wss_origin = "wss://#{vite_origin}" + gitlab_ws_origin = Gitlab::Utils.append_path(Gitlab.config.gitlab.url, 'vite-dev/') + http_path = Gitlab::Utils.append_path(http_origin, 'vite-dev/') + + connect_sources = p.directives['connect-src'] + p.connect_src(*(Array.wrap(connect_sources) | [ws_origin, wss_origin, http_path])) + + worker_sources = p.directives['worker-src'] + p.worker_src(*(Array.wrap(worker_sources) | [gitlab_ws_origin, http_path])) + end + next unless Gitlab::CurrentSettings.snowplow_enabled? && !Gitlab::CurrentSettings.snowplow_collector_hostname.blank? default_connect_src = p.directives['connect-src'] || p.directives['default-src'] @@ -326,9 +343,12 @@ class ApplicationController < ActionController::Base end def check_password_expiration - return if session[:impersonator_id] || !current_user&.allow_password_authentication? + return if session[:impersonator_id] + return if current_user.nil? - redirect_to new_profile_password_path if current_user&.password_expired? + if current_user.password_expired? && current_user.allow_password_authentication? + redirect_to new_profile_password_path + end end def active_user_check @@ -555,15 +575,6 @@ class ApplicationController < ActionController::Base def context_user auth_user if strong_memoized?(:auth_user) end - - def required_signup_info - return unless current_user - return unless current_user.role_required? - - store_location_for :user, request.fullpath - - redirect_to users_sign_up_welcome_path - end end ApplicationController.prepend_mod diff --git a/app/controllers/clusters/agents/dashboard_controller.rb b/app/controllers/clusters/agents/dashboard_controller.rb new file mode 100644 index 00000000000..1f72aaa4775 --- /dev/null +++ b/app/controllers/clusters/agents/dashboard_controller.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class DashboardController < ApplicationController + include KasCookie + + before_action :check_feature_flag! + before_action :find_agent + before_action :authorize_read_cluster_agent! + before_action :set_kas_cookie, only: [:show], if: -> { current_user } + + feature_category :deployment_management + + def show + head :ok + end + + private + + def find_agent + @agent = ::Clusters::Agent.find(params[:agent_id]) + end + + def check_feature_flag! + not_found unless ::Feature.enabled?(:k8s_dashboard, current_user) + end + + def authorize_read_cluster_agent! + not_found unless can?(current_user, :read_cluster_agent, @agent) + end + end + end +end diff --git a/app/controllers/concerns/access_tokens_actions.rb b/app/controllers/concerns/access_tokens_actions.rb index 84cbdda1581..de53fd4d835 100644 --- a/app/controllers/concerns/access_tokens_actions.rb +++ b/app/controllers/concerns/access_tokens_actions.rb @@ -69,6 +69,7 @@ module AccessTokensActions resource.members.load @scopes = Gitlab::Auth.available_scopes_for(resource) + @scopes.delete(Gitlab::Auth::K8S_PROXY_SCOPE) unless Feature.enabled?(:k8s_proxy_pat, current_user) @active_access_tokens = active_access_tokens end # rubocop:enable Gitlab/ModuleWithInstanceVariables diff --git a/app/controllers/concerns/harbor/access.rb b/app/controllers/concerns/harbor/access.rb index 211566aeda7..9466952e98e 100644 --- a/app/controllers/concerns/harbor/access.rb +++ b/app/controllers/concerns/harbor/access.rb @@ -5,21 +5,13 @@ module Harbor extend ActiveSupport::Concern included do - before_action :harbor_registry_enabled! before_action :authorize_read_harbor_registry! - before_action do - push_frontend_feature_flag(:harbor_registry_integration) - end feature_category :integrations end private - def harbor_registry_enabled! - render_404 unless Feature.enabled?(:harbor_registry_integration, defined?(group) ? group : project) - end - def authorize_read_harbor_registry! raise NotImplementedError end diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 1b49cffd408..28e1056092d 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -174,22 +174,11 @@ module IssuableActions if Gitlab::Database.read_only? || params[:persist_filter] == 'false' notes_filter_param || current_user&.notes_filter_for(issuable) else - notes_filter = current_user&.set_notes_filter(notes_filter_param, issuable) || notes_filter_param - - # We need to invalidate the cache for polling notes otherwise it will - # ignore the filter. - # The ideal would be to invalidate the cache for each user. - issuable.expire_note_etag_cache if notes_filter_updated? - - notes_filter + current_user&.set_notes_filter(notes_filter_param, issuable) || notes_filter_param end end end - def notes_filter_updated? - current_user&.user_preference&.previous_changes&.any? - end - def discussion_cache_context [current_user&.cache_key, project.team.human_max_access(current_user&.id), 'v2'].join(':') end diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index b02a636ff74..5479154f667 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -20,26 +20,10 @@ module IssuableCollections set_pagination return if redirect_out_of_range(@issuables, @total_pages) - - if params[:label_name].present? && @project - labels_params = { project_id: @project.id, title: params[:label_name] } - @labels = LabelsFinder.new(current_user, labels_params).execute - end - - @users = [] - if params[:assignee_id].present? - assignee = User.find_by_id(params[:assignee_id]) - @users.push(assignee) if assignee - end - - if params[:author_id].present? - author = User.find_by_id(params[:author_id]) - @users.push(author) if author - end end def set_pagination - row_count = finder.row_count + row_count = request.format.atom? ? -1 : finder.row_count @issuables = @issuables.page(params[:page]) @issuables = per_page_for_relative_position if params[:sort] == 'relative_position' diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index 93cf1d15086..31b3d311865 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -33,9 +33,6 @@ module NotesActions notes.map { |note| note_json(note) } end - # Only present an ETag for the empty response - ::Gitlab::EtagCaching::Middleware.skip!(response) if notes.present? - render json: meta.merge(notes: notes) end diff --git a/app/controllers/concerns/onboarding/status.rb b/app/controllers/concerns/onboarding/status.rb index 5112ebb3b5d..8a99f5a6c12 100644 --- a/app/controllers/concerns/onboarding/status.rb +++ b/app/controllers/concerns/onboarding/status.rb @@ -31,12 +31,6 @@ module Onboarding last_invited_member&.source end - def invite_with_tasks_to_be_done? - return false if members.empty? - - MemberTask.for_members(members).exists? - end - private attr_reader :user diff --git a/app/controllers/concerns/preferred_language_switcher.rb b/app/controllers/concerns/preferred_language_switcher.rb index 872652100c9..529d1fb78bd 100644 --- a/app/controllers/concerns/preferred_language_switcher.rb +++ b/app/controllers/concerns/preferred_language_switcher.rb @@ -2,6 +2,8 @@ module PreferredLanguageSwitcher extend ActiveSupport::Concern + include Gitlab::Utils::StrongMemoize + include PreferredLanguageSwitcherHelper private @@ -11,8 +13,37 @@ module PreferredLanguageSwitcher def preferred_language cookies[:preferred_language].presence_in(Gitlab::I18n.available_locales) || + selectable_language(marketing_site_language) || + selectable_language(browser_languages) || Gitlab::CurrentSettings.default_preferred_language end + + def selectable_language(language_options) + language_options.find { |lan| ordered_selectable_locales_codes.include?(lan) } + end + + def ordered_selectable_locales_codes + ordered_selectable_locales.pluck(:value) # rubocop:disable CodeReuse/ActiveRecord + end + + def browser_languages + formatted_http_language_header = request.env['HTTP_ACCEPT_LANGUAGE']&.tr('-', '_') + + return [] unless formatted_http_language_header + + formatted_http_language_header.split(%r{[;,]}).reject { |str| str.start_with?('q') } + end + strong_memoize_attr :browser_languages + + def marketing_site_language + return [] unless params[:glm_source] + + locale = params[:glm_source].scan(%r{(\w{2})-(\w{2})}).flatten + + return [] if locale.empty? + + [locale[0], "#{locale[0]}_#{locale[1]}"] + end end PreferredLanguageSwitcher.prepend_mod diff --git a/app/controllers/concerns/search_rate_limitable.rb b/app/controllers/concerns/search_rate_limitable.rb index 1105e9bbbfd..e32fc2f4dd6 100644 --- a/app/controllers/concerns/search_rate_limitable.rb +++ b/app/controllers/concerns/search_rate_limitable.rb @@ -11,7 +11,8 @@ module SearchRateLimitable # scopes to get counts, we apply rate limits on the search scope if it is present. # # If abusive search is detected, we have stricter limits and ignore the search scope. - check_rate_limit!(:search_rate_limit, scope: [current_user, safe_search_scope].compact) + check_rate_limit!(:search_rate_limit, scope: [current_user, safe_search_scope].compact, + users_allowlist: Gitlab::CurrentSettings.current_application_settings.search_rate_limit_allowlist) else check_rate_limit!(:search_rate_limit_unauthenticated, scope: [request.ip]) end diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb index 6affd7bb4cc..cb8aef11e8d 100644 --- a/app/controllers/concerns/verifies_with_email.rb +++ b/app/controllers/concerns/verifies_with_email.rb @@ -9,7 +9,6 @@ module VerifiesWithEmail included do prepend_before_action :verify_with_email, only: :create, unless: -> { skip_verify_with_email? } - skip_before_action :required_signup_info, only: :successful_verification end # rubocop:disable Metrics/PerceivedComplexity diff --git a/app/controllers/concerns/web_hooks/hook_log_actions.rb b/app/controllers/concerns/web_hooks/hook_log_actions.rb index 321cee5a452..dcea7596790 100644 --- a/app/controllers/concerns/web_hooks/hook_log_actions.rb +++ b/app/controllers/concerns/web_hooks/hook_log_actions.rb @@ -20,8 +20,13 @@ module WebHooks end def retry - execute_hook - redirect_to after_retry_redirect_path + if hook_log.url_current? + execute_hook + redirect_to after_retry_redirect_path + else + flash[:warning] = _('The hook URL has changed, and this log entry cannot be retried') + redirect_back(fallback_location: after_retry_redirect_path) + end end private diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index f7c7ee62c1a..5ceabaa734a 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -7,7 +7,6 @@ class ConfirmationsController < Devise::ConfirmationsController include GoogleAnalyticsCSP include GoogleSyndicationCSP - skip_before_action :required_signup_info prepend_before_action :check_recaptcha, only: :create before_action :load_recaptcha, only: :new diff --git a/app/controllers/groups/email_campaigns_controller.rb b/app/controllers/groups/email_campaigns_controller.rb deleted file mode 100644 index 8ae429de490..00000000000 --- a/app/controllers/groups/email_campaigns_controller.rb +++ /dev/null @@ -1,69 +0,0 @@ -# frozen_string_literal: true - -class Groups::EmailCampaignsController < Groups::ApplicationController - EMAIL_CAMPAIGNS_SCHEMA_URL = 'iglu:com.gitlab/email_campaigns/jsonschema/1-0-0' - - feature_category :experimentation_activation - urgency :low - - before_action :check_params - - def index - track_click - redirect_to redirect_link - end - - private - - def track_click - if Gitlab.com? - message = Gitlab::Email::Message::InProductMarketing.for(@track).new(group: group, user: current_user, series: @series) - - data = { - namespace_id: group.id, - track: @track.to_s, - series: @series, - subject_line: message.subject_line - } - context = SnowplowTracker::SelfDescribingJson.new(EMAIL_CAMPAIGNS_SCHEMA_URL, data) - - ::Gitlab::Tracking.event(self.class.name, 'click', context: [context], user: current_user, namespace: group) - else - ::Users::InProductMarketingEmail.save_cta_click(current_user, @track, @series) - end - end - - def redirect_link - case @track - when :create - create_track_url - when :verify - project_pipelines_url(group.projects.first) - when :trial, :trial_short - 'https://about.gitlab.com/free-trial/' - when :team, :team_short - group_group_members_url(group) - when :admin_verify - project_settings_ci_cd_path(group.projects.first, anchor: 'js-runners-settings') - end - end - - def create_track_url - [ - new_project_url, - new_project_url(anchor: 'import_project'), - help_page_url('user/project/repository/repository_mirroring') - ][@series] - end - - def check_params - @track = params[:track]&.to_sym - @series = params[:series]&.to_i - - track_valid = @track.in?(Namespaces::InProductMarketingEmailsService::TRACKS.keys) - return render_404 unless track_valid - - series_valid = @series.in?(0..Namespaces::InProductMarketingEmailsService::TRACKS[@track][:interval_days].size - 1) - render_404 unless series_valid - end -end diff --git a/app/controllers/groups/labels_controller.rb b/app/controllers/groups/labels_controller.rb index f927cae90b1..9535b83e769 100644 --- a/app/controllers/groups/labels_controller.rb +++ b/app/controllers/groups/labels_controller.rb @@ -98,7 +98,10 @@ class Groups::LabelsController < Groups::ApplicationController end def label_params - params.require(:label).permit(:title, :description, :color) + allowed = [:title, :description, :color] + allowed << :lock_on_merge if @group.supports_lock_on_merge? + + params.require(:label).permit(allowed) end def redirect_back_or_group_labels_path(options = {}) diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index b3539da8429..3600a0fbed5 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -42,6 +42,8 @@ class Groups::RunnersController < Groups::ApplicationController @runner ||= Ci::RunnersFinder.new(current_user: current_user, params: group_params).execute .except(:limit, :offset) .find(params[:id]) + rescue Gitlab::Access::AccessDeniedError + nil end def runner_params diff --git a/app/controllers/groups/work_items_controller.rb b/app/controllers/groups/work_items_controller.rb index d1e15c81471..bd85f12119b 100644 --- a/app/controllers/groups/work_items_controller.rb +++ b/app/controllers/groups/work_items_controller.rb @@ -7,5 +7,9 @@ module Groups def index not_found unless Feature.enabled?(:namespace_level_work_items, group) end + + def show + not_found unless Feature.enabled?(:namespace_level_work_items, group) + end end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 344de886a93..edc590e1370 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -37,7 +37,6 @@ class GroupsController < Groups::ApplicationController push_frontend_feature_flag(:frontend_caching, group) push_force_frontend_feature_flag(:work_items, group.work_items_feature_flag_enabled?) push_frontend_feature_flag(:issues_grid_view) - push_frontend_feature_flag(:new_graphql_users_autocomplete, group) end before_action only: :merge_requests do diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 9635e476510..df8128f24fe 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -9,7 +9,7 @@ class HelpController < ApplicationController # Taken from Jekyll # https://github.com/jekyll/jekyll/blob/3.5-stable/lib/jekyll/document.rb#L13 - YAML_FRONT_MATTER_REGEXP = /\A(---\s*\n.*?\n?)^((---|\.\.\.)\s*$\n?)/m.freeze + YAML_FRONT_MATTER_REGEXP = /\A(---\s*\n.*?\n?)^((---|\.\.\.)\s*$\n?)/m def index @help_index = get_markdown_without_frontmatter(path_to_doc('index.md')) diff --git a/app/controllers/import/bitbucket_server_controller.rb b/app/controllers/import/bitbucket_server_controller.rb index e17cd00d053..ba2743e1002 100644 --- a/app/controllers/import/bitbucket_server_controller.rb +++ b/app/controllers/import/bitbucket_server_controller.rb @@ -22,8 +22,8 @@ class Import::BitbucketServerController < Import::BaseController # (https://community.atlassian.com/t5/Answers-Developer-Questions/stash-repository-names/qaq-p/499054) # # Bitbucket Server starts personal project names with a tilde. - VALID_BITBUCKET_PROJECT_CHARS = /\A~?[\w\-\.\s]+\z/.freeze - VALID_BITBUCKET_CHARS = /\A[\w\-\.\s]+\z/.freeze + VALID_BITBUCKET_PROJECT_CHARS = /\A~?[\w\-\.\s]+\z/ + VALID_BITBUCKET_CHARS = /\A[\w\-\.\s]+\z/ def new end diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 8a8ae38c6f3..c058329680a 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -83,8 +83,6 @@ class InvitesController < ApplicationController def authenticate_user! return if current_user - store_location_for(:user, invite_details[:path]) if member - if user_sign_up? set_session_invite_params diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index a1d4df6ff48..a541e7e703f 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -14,7 +14,7 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController # include the call to session.delete def new if pre_auth.authorizable? - if skip_authorization? || matching_token? + if skip_authorization? || (matching_token? && pre_auth.client.application.confidential?) auth = authorization.authorize parsed_redirect_uri = URI.parse(auth.redirect_uri) session.delete(:user_return_to) diff --git a/app/controllers/organizations/application_controller.rb b/app/controllers/organizations/application_controller.rb index 568cfe6399d..d3c3e878bdf 100644 --- a/app/controllers/organizations/application_controller.rb +++ b/app/controllers/organizations/application_controller.rb @@ -2,7 +2,7 @@ module Organizations class ApplicationController < ::ApplicationController - skip_before_action :authenticate_user! + before_action :check_feature_flag! before_action :organization layout 'organization' @@ -16,11 +16,16 @@ module Organizations end strong_memoize_attr :organization - def authorize_action!(action) - return if Feature.enabled?(:ui_for_organizations, current_user) && - can?(current_user, action, organization) + def check_feature_flag! + access_denied! unless Feature.enabled?(:ui_for_organizations, current_user) + end + + def authorize_create_organization! + access_denied! unless can?(current_user, :create_organization) + end - access_denied! + def authorize_read_organization! + access_denied! unless can?(current_user, :read_organization, organization) end end end diff --git a/app/controllers/organizations/organizations_controller.rb b/app/controllers/organizations/organizations_controller.rb index 650ec97c264..88c6c9b3cef 100644 --- a/app/controllers/organizations/organizations_controller.rb +++ b/app/controllers/organizations/organizations_controller.rb @@ -4,10 +4,20 @@ module Organizations class OrganizationsController < ApplicationController feature_category :cell - before_action { authorize_action!(:read_organization) } + skip_before_action :authenticate_user!, except: [:index, :new] - def show; end + def index; end - def groups_and_projects; end + def new + authorize_create_organization! + end + + def show + authorize_read_organization! + end + + def groups_and_projects + authorize_read_organization! + end end end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 38839497fb6..d1ca16bd8fb 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -43,6 +43,7 @@ class PasswordsController < Devise::PasswordsController resource.password_expires_at = nil resource.save(validate: false) if resource.changed? else + log_audit_reset_failure(@user) track_weak_password_error(@user, self.class.name, 'create') end end @@ -50,6 +51,9 @@ class PasswordsController < Devise::PasswordsController protected + # overriden in EE + def log_audit_reset_failure(_user); end + def resource_from_email email = resource_params[:email] self.resource = resource_class.find_by_email(email) diff --git a/app/controllers/profiles/notifications_controller.rb b/app/controllers/profiles/notifications_controller.rb index 02f7dbf8e6f..57e5ca4d55a 100644 --- a/app/controllers/profiles/notifications_controller.rb +++ b/app/controllers/profiles/notifications_controller.rb @@ -25,7 +25,7 @@ class Profiles::NotificationsController < Profiles::ApplicationController end def user_params - params.require(:user).permit(:notification_email, :email_opted_in, :notified_of_own_activity) + params.require(:user).permit(:notification_email, :notified_of_own_activity) end private diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 4b6e2f768fa..0e4d9f3c154 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -61,6 +61,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController def set_index_vars @scopes = Gitlab::Auth.available_scopes_for(current_user) + @scopes.delete(Gitlab::Auth::K8S_PROXY_SCOPE) unless Feature.enabled?(:k8s_proxy_pat, current_user) @active_access_tokens = active_access_tokens end diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb index 3e8555a4ed1..931070ecdd4 100644 --- a/app/controllers/profiles/preferences_controller.rb +++ b/app/controllers/profiles/preferences_controller.rb @@ -55,6 +55,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController :gitpod_enabled, :render_whitespace_in_code, :project_shortcut_buttons, + :keyboard_shortcuts_enabled, :markdown_surround_selection, :markdown_automatic_lists, :use_new_navigation, diff --git a/app/controllers/projects/alerting/notifications_controller.rb b/app/controllers/projects/alerting/notifications_controller.rb index 281ac14d3ce..b596cd74b03 100644 --- a/app/controllers/projects/alerting/notifications_controller.rb +++ b/app/controllers/projects/alerting/notifications_controller.rb @@ -66,15 +66,11 @@ module Projects def integration AlertManagement::HttpIntegrationsFinder.new( project, - endpoint_identifier: endpoint_identifier, + endpoint_identifier: params[:endpoint_identifier], active: true ).execute.first end - def endpoint_identifier - params[:endpoint_identifier] || AlertManagement::HttpIntegration::LEGACY_IDENTIFIERS - end - def notification_payload @notification_payload ||= params.permit![:notification] end diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index 94cd324f312..2d2712ebe4d 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -45,6 +45,8 @@ class Projects::CommitsController < Projects::ApplicationController # rubocop: enable CodeReuse/ActiveRecord def signatures + Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/424527') + respond_to do |format| format.json do render json: { diff --git a/app/controllers/projects/environments/sample_metrics_controller.rb b/app/controllers/projects/environments/sample_metrics_controller.rb deleted file mode 100644 index 80344c83ab7..00000000000 --- a/app/controllers/projects/environments/sample_metrics_controller.rb +++ /dev/null @@ -1,16 +0,0 @@ -# frozen_string_literal: true - -class Projects::Environments::SampleMetricsController < Projects::ApplicationController - feature_category :metrics - urgency :low - - def query - result = Metrics::SampleMetricsService.new(params[:identifier], range_start: params[:start], range_end: params[:end]).query - - if result - render json: { "status": "success", "data": { "resultType": "matrix", "result": result } } - else - render_404 - end - end -end diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index 127fe40b0e3..aabea122fb6 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -8,14 +8,6 @@ class Projects::EnvironmentsController < Projects::ApplicationController layout 'project' - before_action only: [:show] do - push_frontend_feature_flag(:environment_details_vue, @project) - end - - before_action only: [:index, :edit, :new] do - push_frontend_feature_flag(:flux_resource_for_environment) - end - before_action :authorize_read_environment! before_action :authorize_create_environment!, only: [:new, :create] before_action :authorize_stop_environment!, only: [:stop] @@ -113,10 +105,8 @@ class Projects::EnvironmentsController < Projects::ApplicationController job = stop_actions.first if stop_actions&.count == 1 action_or_env_url = - if job.instance_of?(::Ci::Build) - polymorphic_url([project, job]) - elsif job.instance_of?(::Ci::Bridge) - project_pipeline_url(project, job.pipeline_id) + if job + project_job_url(project, job) else project_environment_url(project, @environment) end diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb index e73e2a38149..fce7de4c0de 100644 --- a/app/controllers/projects/graphs_controller.rb +++ b/app/controllers/projects/graphs_controller.rb @@ -34,7 +34,7 @@ class Projects::GraphsController < Projects::ApplicationController { author_name: commit.author_name, author_email: commit.author_email, - date: commit.committed_date.strftime("%Y-%m-%d") + date: commit.committed_date.to_date.iso8601 } end diff --git a/app/controllers/projects/incidents_controller.rb b/app/controllers/projects/incidents_controller.rb index 6109e29b169..69d349b1f1d 100644 --- a/app/controllers/projects/incidents_controller.rb +++ b/app/controllers/projects/incidents_controller.rb @@ -12,6 +12,7 @@ class Projects::IncidentsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?) push_frontend_feature_flag(:moved_mr_sidebar, project) push_frontend_feature_flag(:move_close_into_dropdown, project) + push_force_frontend_feature_flag(:linked_work_items, @project&.linked_work_items_feature_flag_enabled?) end feature_category :incident_management diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 83947c443f4..9abcc108ace 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -62,7 +62,6 @@ class Projects::IssuesController < Projects::ApplicationController before_action only: [:index, :service_desk] do push_frontend_feature_flag(:or_issuable_queries, project) push_frontend_feature_flag(:frontend_caching, project&.group) - push_frontend_feature_flag(:new_graphql_users_autocomplete, project) end before_action only: :show do @@ -73,7 +72,7 @@ class Projects::IssuesController < Projects::ApplicationController push_frontend_feature_flag(:epic_widget_edit_confirmation, project) push_frontend_feature_flag(:moved_mr_sidebar, project) push_frontend_feature_flag(:move_close_into_dropdown, project) - push_frontend_feature_flag(:action_cable_notes, project) + push_force_frontend_feature_flag(:linked_work_items, project.linked_work_items_feature_flag_enabled?) end around_action :allow_gitaly_ref_name_caching, only: [:discussions] @@ -114,12 +113,6 @@ class Projects::IssuesController < Projects::ApplicationController respond_to do |format| format.html format.atom { render layout: 'xml' } - format.json do - render json: { - html: view_to_html_string("projects/issues/_issues"), - labels: @labels.as_json(methods: :text_color) - } - end end end @@ -282,7 +275,6 @@ class Projects::IssuesController < Projects::ApplicationController def service_desk @issues = @issuables - @users.push(User.support_bot) end protected @@ -433,7 +425,7 @@ class Projects::IssuesController < Projects::ApplicationController if service_desk? options.reject! { |key| key == 'author_username' || key == 'author_id' } - options[:author_id] = User.support_bot + options[:author_id] = Users::Internal.support_bot end options diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb index 4e0b304a2ee..802ffd99e41 100644 --- a/app/controllers/projects/jobs_controller.rb +++ b/app/controllers/projects/jobs_controller.rb @@ -8,8 +8,8 @@ class Projects::JobsController < Projects::ApplicationController urgency :low, [:index, :show, :trace, :retry, :play, :cancel, :unschedule, :erase, :raw] - before_action :find_job_as_build, except: [:index, :play, :retry] - before_action :find_job_as_processable, only: [:play, :retry] + before_action :find_job_as_build, except: [:index, :play, :retry, :show] + before_action :find_job_as_processable, only: [:play, :retry, :show] before_action :authorize_read_build_trace!, only: [:trace, :raw] before_action :authorize_read_build! before_action :authorize_update_build!, @@ -27,17 +27,13 @@ class Projects::JobsController < Projects::ApplicationController feature_category :continuous_integration urgency :low - def index - # We need all builds for tabs counters - @all_builds = Ci::JobsFinder.new(current_user: current_user, project: @project).execute - - @scope = params[:scope] - @builds = Ci::JobsFinder.new(current_user: current_user, project: @project, params: params).execute - @builds = @builds.eager_load_everything - @builds = @builds.page(params[:page]).per(30).without_count - end + def index; end def show + if @build.instance_of?(::Ci::Bridge) + redirect_to project_pipeline_path(@build.downstream_pipeline.project, @build.downstream_pipeline.id) + end + respond_to do |format| format.html format.json do @@ -74,6 +70,8 @@ class Projects::JobsController < Projects::ApplicationController end def retry + Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/424184') + response = Ci::RetryJobService.new(project, current_user).execute(@build) if response.success? diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index 67cff16a76b..e62f912e0f7 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -155,7 +155,10 @@ class Projects::LabelsController < Projects::ApplicationController protected def label_params - params.require(:label).permit(:title, :description, :color) + allowed = [:title, :description, :color] + allowed << :lock_on_merge if @project.supports_lock_on_merge? + + params.require(:label).permit(allowed) end def label diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index 6d1b1ced4eb..81ff6c215f9 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -14,6 +14,18 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont private + # Normally the methods with `check_(\w+)_available!` pattern are + # handled by the `method_missing` defined in `ProjectsController::ApplicationController` + # but that logic does not take the member roles into account, therefore, we handle this + # case here manually. + def check_merge_requests_available! + render_404 if project_policy.merge_requests_disabled? + end + + def project_policy + ProjectPolicy.new(current_user, project) + end + def merge_request @issuable = @merge_request ||= diff --git a/app/controllers/projects/merge_requests/conflicts_controller.rb b/app/controllers/projects/merge_requests/conflicts_controller.rb index 66a358963e2..26f4286233a 100644 --- a/app/controllers/projects/merge_requests/conflicts_controller.rb +++ b/app/controllers/projects/merge_requests/conflicts_controller.rb @@ -67,7 +67,7 @@ class Projects::MergeRequests::ConflictsController < Projects::MergeRequests::Ap flash[:notice] = _('All merge conflicts were resolved. The merge request can now be merged.') - render json: { redirect_to: project_merge_request_url(@project, @merge_request, resolved_conflicts: true) } + render json: { redirect_to: project_merge_request_path(@project, @merge_request, resolved_conflicts: true) } rescue Gitlab::Git::Conflict::Resolver::ResolutionError => e render status: :bad_request, json: { message: e.message } end diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 30168558eff..53fd7256b19 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -45,12 +45,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo push_frontend_feature_flag(:sast_reports_in_inline_diff, project) push_frontend_feature_flag(:mr_experience_survey, project) push_frontend_feature_flag(:saved_replies, current_user) - push_frontend_feature_flag(:code_quality_inline_drawer, project) push_force_frontend_feature_flag(:summarize_my_code_review, summarize_my_code_review_enabled?) push_frontend_feature_flag(:mr_activity_filters, current_user) - push_frontend_feature_flag(:review_apps_redeploy_mr_widget, project) push_frontend_feature_flag(:ci_job_failures_in_mr, project) - push_frontend_feature_flag(:action_cable_notes, project) + push_frontend_feature_flag(:mr_pipelines_graphql, project) end before_action only: [:edit] do @@ -106,11 +104,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo respond_to do |format| format.html format.atom { render layout: 'xml' } - format.json do - render json: { - html: view_to_html_string("projects/merge_requests/_merge_requests") - } - end end end @@ -389,20 +382,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo private - # NOTE: Remove this disable with add_prepared_state_to_mr FF removal - # rubocop: disable Metrics/AbcSize def show_merge_request close_merge_request_if_no_source_project @merge_request.check_mergeability(async: true) - # NOTE: Remove the created_at check when removing the FF check - if ::Feature.enabled?(:add_prepared_state_to_mr, @merge_request.project) && - @merge_request.created_at < 5.minutes.ago && - !@merge_request.prepared? - - @merge_request.prepare - end - respond_to do |format| format.html do # use next to appease Rubocop @@ -446,7 +429,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end end end - # rubocop: enable Metrics/AbcSize def render_html_page preload_assignees_for_render(@merge_request) diff --git a/app/controllers/projects/mirrors_controller.rb b/app/controllers/projects/mirrors_controller.rb index acbd26cbdf6..a24273488fb 100644 --- a/app/controllers/projects/mirrors_controller.rb +++ b/app/controllers/projects/mirrors_controller.rb @@ -81,6 +81,7 @@ class Projects::MirrorsController < Projects::ApplicationController only_protected_branches keep_divergent_refs auth_method + user password ssh_known_hosts regenerate_ssh_private_key diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index 7fcdf220bd2..3d8a787afcb 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -14,8 +14,7 @@ class Projects::NotesController < Projects::ApplicationController feature_category :team_planning, [:index, :create, :update, :destroy, :delete_attachment, :toggle_award_emoji] feature_category :code_review_workflow, [:resolve, :unresolve, :outdated_line_change] - urgency :medium, [:index] - urgency :low, [:create, :update, :destroy, :resolve, :unresolve, :toggle_award_emoji, :outdated_line_change] + urgency :low override :feature_category def feature_category diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb index 02579cd4283..5b32eb8e58e 100644 --- a/app/controllers/projects/pages_controller.rb +++ b/app/controllers/projects/pages_controller.rb @@ -65,7 +65,15 @@ class Projects::PagesController < Projects::ApplicationController end def project_params_attributes - [:pages_https_only, { project_setting_attributes: [:pages_unique_domain_enabled] }] + [ + :pages_https_only, + { project_setting_attributes: project_setting_attributes } + ] + end + + # overridden in EE + def project_setting_attributes + [:pages_unique_domain_enabled] end end diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 42b6d83ee85..83a64579446 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -9,7 +9,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController before_action :authorize_create_pipeline_schedule!, only: [:new, :create] before_action :authorize_update_pipeline_schedule!, only: [:edit, :update] before_action :authorize_admin_pipeline_schedule!, only: [:take_ownership, :destroy] - before_action :push_schedule_feature_flag, only: [:index, :new, :edit] feature_category :continuous_integration urgency :low @@ -120,8 +119,4 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController def authorize_admin_pipeline_schedule! return access_denied! unless can?(current_user, :admin_pipeline_schedule, schedule) end - - def push_schedule_feature_flag - push_frontend_feature_flag(:pipeline_schedules_vue, @project) - end end diff --git a/app/controllers/projects/pipelines/tests_controller.rb b/app/controllers/projects/pipelines/tests_controller.rb index d77cf095a4f..4b522c88023 100644 --- a/app/controllers/projects/pipelines/tests_controller.rb +++ b/app/controllers/projects/pipelines/tests_controller.rb @@ -50,7 +50,7 @@ module Projects end def test_suite - suite = builds.sum do |build| + suite = builds.sum(Gitlab::Ci::Reports::TestSuite.new) do |build| test_report = build.collect_test_reports!(Gitlab::Ci::Reports::TestReport.new) test_report.get_suite(build.test_suite_name) end diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb index a96ee2215c2..036ea45cc78 100644 --- a/app/controllers/projects/pipelines_controller.rb +++ b/app/controllers/projects/pipelines_controller.rb @@ -3,7 +3,6 @@ class Projects::PipelinesController < Projects::ApplicationController include ::Gitlab::Utils::StrongMemoize include ProductAnalyticsTracking - include ProductAnalyticsTracking include ProjectStatsRefreshConflictsGuard urgency :low, [ @@ -34,9 +33,9 @@ class Projects::PipelinesController < Projects::ApplicationController label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', destinations: %i[redis_hll snowplow] - track_event :charts, name: 'p_analytics_ci_cd_pipelines', conditions: -> { should_track_ci_cd_pipelines? } - track_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', conditions: -> { should_track_ci_cd_deployment_frequency? } - track_event :charts, name: 'p_analytics_ci_cd_lead_time', conditions: -> { should_track_ci_cd_lead_time? } + track_internal_event :charts, name: 'p_analytics_ci_cd_pipelines', conditions: -> { should_track_ci_cd_pipelines? } + track_internal_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', conditions: -> { should_track_ci_cd_deployment_frequency? } + track_internal_event :charts, name: 'p_analytics_ci_cd_lead_time', conditions: -> { should_track_ci_cd_lead_time? } track_event :charts, name: 'p_analytics_ci_cd_time_to_restore_service', conditions: -> { should_track_ci_cd_time_to_restore_service? } track_event :charts, name: 'p_analytics_ci_cd_change_failure_rate', conditions: -> { should_track_ci_cd_change_failure_rate? } diff --git a/app/controllers/projects/prometheus/alerts_controller.rb b/app/controllers/projects/prometheus/alerts_controller.rb deleted file mode 100644 index 80a8dbf4729..00000000000 --- a/app/controllers/projects/prometheus/alerts_controller.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: true - -module Projects - module Prometheus - class AlertsController < Projects::ApplicationController - respond_to :json - - protect_from_forgery except: [:notify] - - skip_before_action :project, only: [:notify] - - prepend_before_action :repository, :project_without_auth, only: [:notify] - - before_action :authorize_read_prometheus_alerts!, except: [:notify] - - feature_category :incident_management - urgency :low - - def notify - token = extract_alert_manager_token(request) - result = notify_service.execute(token) - - head result.http_status - end - - private - - def notify_service - Projects::Prometheus::Alerts::NotifyService - .new(project, params.permit!) - end - - def extract_alert_manager_token(request) - Doorkeeper::OAuth::Token.from_bearer_authorization(request) - end - - def project_without_auth - @project ||= Project - .find_by_full_path("#{params[:namespace_id]}/#{params[:project_id]}") - end - end - end -end diff --git a/app/controllers/projects/service_desk_controller.rb b/app/controllers/projects/service_desk_controller.rb index b1e30e7a45b..ca3cecf5949 100644 --- a/app/controllers/projects/service_desk_controller.rb +++ b/app/controllers/projects/service_desk_controller.rb @@ -36,7 +36,7 @@ class Projects::ServiceDeskController < Projects::ApplicationController service_desk_settings = project.service_desk_setting { - service_desk_address: project.service_desk_address, + service_desk_address: project.service_desk_system_address, service_desk_enabled: project.service_desk_enabled, issue_template_key: service_desk_settings&.issue_template_key, template_file_missing: service_desk_settings&.issue_template_missing?, diff --git a/app/controllers/projects/tracing_controller.rb b/app/controllers/projects/tracing_controller.rb deleted file mode 100644 index 45e773bf62b..00000000000 --- a/app/controllers/projects/tracing_controller.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -module Projects - class TracingController < Projects::ApplicationController - include ::Observability::ContentSecurityPolicy - - feature_category :tracing - - before_action :check_tracing_enabled - - def index; end - - def show - @trace_id = params[:id] - end - - private - - def check_tracing_enabled - render_404 unless Gitlab::Observability.tracing_enabled?(project) - end - end -end diff --git a/app/controllers/projects/work_items_controller.rb b/app/controllers/projects/work_items_controller.rb index 7da31c199a1..c3986be31b0 100644 --- a/app/controllers/projects/work_items_controller.rb +++ b/app/controllers/projects/work_items_controller.rb @@ -12,6 +12,7 @@ class Projects::WorkItemsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) push_force_frontend_feature_flag(:saved_replies, current_user) + push_force_frontend_feature_flag(:linked_work_items, project&.linked_work_items_feature_flag_enabled?) end feature_category :team_planning diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 2ad0f11dc91..6a246219f7d 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -46,6 +46,7 @@ class ProjectsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc, @project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?) + push_force_frontend_feature_flag(:linked_work_items, @project&.linked_work_items_feature_flag_enabled?) end layout :determine_layout diff --git a/app/controllers/pwa_controller.rb b/app/controllers/pwa_controller.rb index bb47bdc8050..8de1b10e1f1 100644 --- a/app/controllers/pwa_controller.rb +++ b/app/controllers/pwa_controller.rb @@ -6,7 +6,7 @@ class PwaController < ApplicationController # rubocop:disable Gitlab/NamespacedC feature_category :navigation urgency :low - skip_before_action :authenticate_user!, :required_signup_info + skip_before_action :authenticate_user! def manifest end diff --git a/app/controllers/registrations/welcome_controller.rb b/app/controllers/registrations/welcome_controller.rb index 68f8248d114..f7a601ec0bd 100644 --- a/app/controllers/registrations/welcome_controller.rb +++ b/app/controllers/registrations/welcome_controller.rb @@ -8,7 +8,9 @@ module Registrations include ::Gitlab::Utils::StrongMemoize layout 'minimal' - skip_before_action :required_signup_info, :check_two_factor_requirement + # TODO: Once this is an ee + SaaS only feature, we can remove this. + # To be completed in https://gitlab.com/gitlab-org/gitlab/-/issues/411858 + skip_before_action :check_two_factor_requirement helper_method :welcome_update_params helper_method :onboarding_status @@ -43,7 +45,7 @@ module Registrations end def completed_welcome_step? - current_user.role.present? && !current_user.setup_for_company.nil? + !current_user.setup_for_company.nil? end def update_params @@ -61,9 +63,7 @@ module Registrations end def update_success_path - if onboarding_status.invite_with_tasks_to_be_done? - issues_dashboard_path(assignee_username: current_user.username) - elsif onboarding_status.continue_full_onboarding? # trials/regular registration on .com + if onboarding_status.continue_full_onboarding? # trials/regular registration on .com signup_onboarding_path elsif onboarding_status.single_invite? # invites w/o tasks due to order flash[:notice] = helpers.invite_accepted_notice(onboarding_status.last_invited_member) diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index d8064bbbe82..a8b5ca81f49 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -12,6 +12,8 @@ class RegistrationsController < Devise::RegistrationsController include PreferredLanguageSwitcher include Gitlab::Tracking::Helpers::WeakPasswordErrorEvent include SkipsAlreadySignedInMessage + include Gitlab::RackLoadBalancingHelpers + include ::Gitlab::Utils::StrongMemoize layout 'devise' @@ -46,7 +48,6 @@ class RegistrationsController < Devise::RegistrationsController accept_pending_invitations if new_user.persisted? persist_accepted_terms_if_required(new_user) - set_role_required(new_user) send_custom_confirmation_instructions track_weak_password_error(new_user, self.class.name, 'create') @@ -89,10 +90,6 @@ class RegistrationsController < Devise::RegistrationsController Users::RespondToTermsService.new(new_user, terms).execute(accepted: true) end - def set_role_required(new_user) - new_user.set_role_required! if new_user.persisted? - end - def destroy_confirmation_valid? if current_user.confirm_deletion_with_password? current_user.valid_password?(params[:password]) @@ -138,7 +135,7 @@ class RegistrationsController < Devise::RegistrationsController if identity_verification_enabled? session[:verification_user_id] = resource.id # This is needed to find the user on the identity verification page - User.sticking.stick_or_unstick_request(request.env, :user, resource.id) + load_balancer_stick_request(::User, :user, resource.id) return identity_verification_redirect_path end @@ -251,6 +248,7 @@ class RegistrationsController < Devise::RegistrationsController sign_up_params[:email] == invite_email end + strong_memoize_attr :registered_with_invite_email? def load_recaptcha Gitlab::Recaptcha.load_configurations! diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 6c1d9a20570..d247490402f 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -35,10 +35,6 @@ class SearchController < ApplicationController update_scope_for_code_search end - before_action only: :show do - push_frontend_feature_flag(:search_projects_hide_archived, current_user) - end - rescue_from ActiveRecord::QueryCanceled, with: :render_timeout layout 'search' diff --git a/app/controllers/sent_notifications_controller.rb b/app/controllers/sent_notifications_controller.rb index 6c5e709a98a..4f61088ab17 100644 --- a/app/controllers/sent_notifications_controller.rb +++ b/app/controllers/sent_notifications_controller.rb @@ -29,7 +29,7 @@ class SentNotificationsController < ApplicationController def unsubscribe_and_redirect noteable.unsubscribe(@sent_notification.recipient, @sent_notification.project) - if noteable.is_a?(Issue) && @sent_notification.recipient_id == User.support_bot.id + if noteable.is_a?(Issue) && @sent_notification.recipient_id == Users::Internal.support_bot.id noteable.unsubscribe_email_participant(noteable.external_author) end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 66ace16400a..afbadc7f4ac 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -16,6 +16,8 @@ class SessionsController < Devise::SessionsController include GoogleSyndicationCSP include PreferredLanguageSwitcher include SkipsAlreadySignedInMessage + include AcceptsPendingInvitations + extend ::Gitlab::Utils::Override skip_before_action :check_two_factor_requirement, only: [:destroy] skip_before_action :check_password_expiration, only: [:destroy] @@ -78,6 +80,8 @@ class SessionsController < Devise::SessionsController flash[:notice] = nil end + accept_pending_invitations + log_audit_event(current_user, resource, with: authentication_method) log_user_activity(current_user) end @@ -94,6 +98,13 @@ class SessionsController < Devise::SessionsController private + override :after_pending_invitations_hook + def after_pending_invitations_hook + member = resource.members.last + + store_location_for(:user, member.source.activity_path) if member + end + def captcha_enabled? request.headers[CAPTCHA_HEADER] && helpers.recaptcha_enabled? end diff --git a/app/controllers/users/namespace_visits_controller.rb b/app/controllers/users/namespace_visits_controller.rb new file mode 100644 index 00000000000..7c96d78e26e --- /dev/null +++ b/app/controllers/users/namespace_visits_controller.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +module Users + class NamespaceVisitsController < ApplicationController + feature_category :navigation + + def create + return head :not_found unless Feature.enabled?(:server_side_frecent_namespaces, current_user) + return head :bad_request unless params[:type].present? && params[:id].present? + + Users::TrackNamespaceVisitsWorker.perform_async(params[:type], params[:id], current_user.id, DateTime.now) # rubocop:disable CodeReuse/Worker + head :ok + end + end +end |