Merge remote-tracking branch 'origin/master' into dev-master

author: DJ Mountney <david@twkie.net> 2018-10-30 00:37:19 +0300
committer: DJ Mountney <david@twkie.net> 2018-10-30 00:37:19 +0300
commit: 06b6daacb15b92b04e05538b37aadfdb04fc5a4b (patch)
tree: 0500cf47f7d8d2e6bc7ed53cbf9ad957f07fb31a /app/controllers
parent: c847f172d25efc211045c363f4e55402ad250c09 (diff)
parent: 45b61a9ece48550f51432c8cca7de7e1a298ca08 (diff)
11 files changed, 110 insertions, 12 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb
index b7e4f9b81f1..3cdf4ddf8bb 100644
--- a/app/controllers/concerns/boards_responses.rb
+++ b/app/controllers/concerns/boards_responses.rb
@@ -50,7 +50,10 @@ module BoardsResponses
   end
 
   def authorize_create_issue
-    authorize_action_for!(project, :admin_issue)
+    list = List.find(issue_params[:list_id])
+    action = list.backlog? ? :create_issue : :admin_issue
+
+    authorize_action_for!(project, action)
   end
 
   def authorize_admin_list
diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb
index b3777fd2b0f..f644702cbdb 100644
--- a/app/controllers/concerns/creates_commit.rb
+++ b/app/controllers/concerns/creates_commit.rb
@@ -86,10 +86,10 @@ module CreatesCommit
   def new_merge_request_path
     project_new_merge_request_path(
       @project_to_commit_into,
+      merge_request_source_branch: @branch_name,
       merge_request: {
         source_project_id: @project_to_commit_into.id,
         target_project_id: @project.id,
-        source_branch: @branch_name,
         target_branch: @start_branch
       }
     )
diff --git a/app/controllers/dashboard/milestones_controller.rb b/app/controllers/dashboard/milestones_controller.rb
index 6e17bc212e4..3802aa5f40f 100644
--- a/app/controllers/dashboard/milestones_controller.rb
+++ b/app/controllers/dashboard/milestones_controller.rb
@@ -4,12 +4,13 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController
   include MilestoneActions
 
   before_action :projects
+  before_action :groups, only: :index
   before_action :milestone, only: [:show, :merge_requests, :participants, :labels]
 
   def index
     respond_to do |format|
       format.html do
-        @milestone_states = GlobalMilestone.states_count(@projects)
+        @milestone_states = Milestone.states_count(@projects.select(:id), @groups.select(:id))
         @milestones = Kaminari.paginate_array(milestones).page(params[:page])
       end
       format.json do
@@ -42,4 +43,8 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController
     @milestone = DashboardMilestone.build(@projects, params[:title])
     render_404 unless @milestone
   end
+
+  def groups
+    @groups ||= GroupsFinder.new(current_user, state_all: true).execute
+  end
 end
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 8d259b4052e..cdc6f53df8e 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -5,6 +5,7 @@ class Groups::BoardsController < Groups::ApplicationController
 
   before_action :assign_endpoint_vars
   before_action :boards, only: :index
+  before_action :redirect_to_recent_board, only: :index
 
   def index
     respond_with_boards
@@ -13,6 +14,9 @@ class Groups::BoardsController < Groups::ApplicationController
   def show
     @board = boards.find(params[:id])
 
+    # add/update the board in the recent visited table
+    Boards::Visits::CreateService.new(@board.group, current_user).execute(@board) if request.format.html?
+
     respond_with_board
   end
 
@@ -31,4 +35,18 @@ class Groups::BoardsController < Groups::ApplicationController
   def serialize_as_json(resource)
     resource.as_json(only: [:id])
   end
+
+  def includes_board?(board_id)
+    boards.any? { |board| board.id == board_id }
+  end
+
+  def redirect_to_recent_board
+    return if request.format.json?
+
+    recently_visited = Boards::Visits::LatestService.new(group, current_user).execute
+
+    if recently_visited && includes_board?(recently_visited.board_id)
+      redirect_to(group_board_path(id: recently_visited.board_id), status: :found)
+    end
+  end
 end
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index a7cee426cf1..b42116b0f36 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -10,7 +10,7 @@ class Groups::MilestonesController < Groups::ApplicationController
   def index
     respond_to do |format|
       format.html do
-        @milestone_states = GlobalMilestone.states_count(group_projects, group)
+        @milestone_states = Milestone.states_count(group_projects, [group])
         @milestones = Kaminari.paginate_array(milestones).page(params[:page])
       end
       format.json do
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 77b818347c7..8189b5d182a 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -8,6 +8,7 @@ class Projects::BoardsController < Projects::ApplicationController
   before_action :authorize_read_board!, only: [:index, :show]
   before_action :boards, only: :index
   before_action :assign_endpoint_vars
+  before_action :redirect_to_recent_board, only: :index
 
   def index
     respond_with_boards
@@ -16,6 +17,9 @@ class Projects::BoardsController < Projects::ApplicationController
   def show
     @board = boards.find(params[:id])
 
+    # add/update the board in the recent visited table
+    Boards::Visits::CreateService.new(@board.project, current_user).execute(@board) if request.format.html?
+
     respond_with_board
   end
 
@@ -33,10 +37,24 @@ class Projects::BoardsController < Projects::ApplicationController
   end
 
   def authorize_read_board!
-    return access_denied! unless can?(current_user, :read_board, project)
+    access_denied! unless can?(current_user, :read_board, project)
   end
 
   def serialize_as_json(resource)
     resource.as_json(only: [:id])
   end
+
+  def includes_board?(board_id)
+    boards.any? { |board| board.id == board_id }
+  end
+
+  def redirect_to_recent_board
+    return if request.format.json?
+
+    recently_visited = Boards::Visits::LatestService.new(project, current_user).execute
+
+    if recently_visited && includes_board?(recently_visited.board_id)
+      redirect_to(namespace_project_board_path(id: recently_visited.board_id), status: :found)
+    end
+  end
 end
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb
index be708835e30..c0aa39d87c6 100644
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -8,6 +8,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController
   rescue_from Gitlab::GitAccess::UnauthorizedError, with: :render_403
   rescue_from Gitlab::GitAccess::NotFoundError, with: :render_404
   rescue_from Gitlab::GitAccess::ProjectCreationError, with: :render_422
+  rescue_from Gitlab::GitAccess::TimeoutError, with: :render_503
 
   # GET /foo/bar.git/info/refs?service=git-upload-pack (git pull)
   # GET /foo/bar.git/info/refs?service=git-receive-pack (git push)
@@ -62,6 +63,10 @@ class Projects::GitHttpController < Projects::GitHttpClientController
     render plain: exception.message, status: :unprocessable_entity
   end
 
+  def render_503(exception)
+    render plain: exception.message, status: :service_unavailable
+  end
+
   def access
     @access ||= access_klass.new(access_actor, project,
       'http', authentication_abilities: authentication_abilities,
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index b06a6f3bb0d..308f666394c 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -9,12 +9,25 @@ class Projects::IssuesController < Projects::ApplicationController
   include IssuesCalendar
   include SpammableActions
 
-  prepend_before_action :authenticate_user!, only: [:new]
+  def self.authenticate_user_only_actions
+    %i[new]
+  end
+
+  def self.issue_except_actions
+    %i[index calendar new create bulk_update]
+  end
+
+  def self.set_issuables_index_only_actions
+    %i[index calendar]
+  end
+
+  prepend_before_action :authenticate_user!, only: authenticate_user_only_actions
 
   before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update]
   before_action :check_issues_available!
-  before_action :issue, except: [:index, :calendar, :new, :create, :bulk_update]
-  before_action :set_issuables_index, only: [:index, :calendar]
+  before_action :issue, except: issue_except_actions
+
+  before_action :set_issuables_index, only: set_issuables_index_only_actions
 
   # Allow write(create) issue
   before_action :authorize_create_issue!, only: [:new, :create]
diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb
index 5639402a1e9..bbf662a63c8 100644
--- a/app/controllers/projects/merge_requests/creations_controller.rb
+++ b/app/controllers/projects/merge_requests/creations_controller.rb
@@ -89,6 +89,8 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
 
   def build_merge_request
     params[:merge_request] ||= ActionController::Parameters.new(source_project: @project)
+    params[:merge_request][:source_branch] ||= params[:merge_request_source_branch].presence
+
     @merge_request = ::MergeRequests::BuildService.new(project, current_user, merge_request_params.merge(diff_options: diff_options)).execute
   end
 
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 757b03d0b0e..27b83da4f54 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -168,7 +168,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   end
 
   def merge
-    return access_denied! unless @merge_request.can_be_merged_by?(current_user)
+    access_check_result = merge_access_check
+
+    return access_check_result if access_check_result
 
     status = merge!
 
@@ -201,9 +203,11 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   end
 
   def ci_environments_status
-    environments = @merge_request.environments_for(current_user).map do |environment|
-      EnvironmentStatus.new(environment, @merge_request)
-    end
+    environments = if ci_environments_status_on_merge_result?
+                     EnvironmentStatus.after_merge_request(@merge_request, current_user)
+                   else
+                     EnvironmentStatus.for_merge_request(@merge_request, current_user)
+                   end
 
     render json: EnvironmentStatusSerializer.new(current_user: current_user).represent(environments)
   end
@@ -241,6 +245,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
 
   private
 
+  def ci_environments_status_on_merge_result?
+    params[:environment_target] == 'merge_commit'
+  end
+
   def target_branch_missing?
     @merge_request.has_no_commits? && !@merge_request.target_branch_exists?
   end
@@ -256,6 +264,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
       return :failed
     end
 
+    merge_service = ::MergeRequests::MergeService.new(@project, current_user, merge_params)
+
+    unless merge_service.hooks_validation_pass?(@merge_request)
+      return :hook_validation_error
+    end
+
     return :sha_mismatch if params[:sha] != @merge_request.diff_head_sha
 
     @merge_request.update(merge_error: nil, squash: merge_params.fetch(:squash, false))
@@ -318,6 +332,10 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     access_denied! unless access_check
   end
 
+  def merge_access_check
+    access_denied! unless @merge_request.can_be_merged_by?(current_user)
+  end
+
   def whitelist_query_limiting
     # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42441
     Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42438')
diff --git a/app/controllers/projects/mirrors_controller.rb b/app/controllers/projects/mirrors_controller.rb
index 78d5faf2326..53176978416 100644
--- a/app/controllers/projects/mirrors_controller.rb
+++ b/app/controllers/projects/mirrors_controller.rb
@@ -44,6 +44,22 @@ class Projects::MirrorsController < Projects::ApplicationController
     redirect_to_repository_settings(project, anchor: 'js-push-remote-settings')
   end
 
+  def ssh_host_keys
+    lookup = SshHostKey.new(project: project, url: params[:ssh_url], compare_host_keys: params[:compare_host_keys])
+
+    if lookup.error.present?
+      # Failed to read keys
+      render json: { message: lookup.error }, status: :bad_request
+    elsif lookup.known_hosts.nil?
+      # Still working, come back later
+      render body: nil, status: :no_content
+    else
+      render json: lookup
+    end
+  rescue ArgumentError => err
+    render json: { message: err.message }, status: :bad_request
+  end
+
   private
 
   def remote_mirror
author	DJ Mountney <david@twkie.net>	2018-10-30 00:37:19 +0300
committer	DJ Mountney <david@twkie.net>	2018-10-30 00:37:19 +0300
commit	06b6daacb15b92b04e05538b37aadfdb04fc5a4b (patch)
tree	0500cf47f7d8d2e6bc7ed53cbf9ad957f07fb31a /app/controllers
parent	c847f172d25efc211045c363f4e55402ad250c09 (diff)
parent	45b61a9ece48550f51432c8cca7de7e1a298ca08 (diff)