diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-14 11:41:52 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-14 11:41:52 +0300 |
| commit | 585826cb22ecea5998a2c2a4675735c94bdeedac (patch) | |
| tree | 5b05f0b30d33cef48963609e8a18a4dff260eab3 /app/controllers | |
| parent | df221d036e5d0c6c0ee4d55b9c97f481ee05dee8 (diff) | |
Add latest changes from gitlab-org/gitlab@16-6-stable-eev16.6.0-rc42
Diffstat (limited to 'app/controllers')
55 files changed, 402 insertions, 237 deletions
diff --git a/app/controllers/acme_challenges_controller.rb b/app/controllers/acme_challenges_controller.rb index a187e43b3df..4a7706db94e 100644 --- a/app/controllers/acme_challenges_controller.rb +++ b/app/controllers/acme_challenges_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true -class AcmeChallengesController < BaseActionController +# rubocop:disable Rails/ApplicationController +class AcmeChallengesController < ActionController::Base def show if acme_order render plain: acme_order.challenge_file_content, content_type: 'text/plain' @@ -15,3 +16,4 @@ class AcmeChallengesController < BaseActionController @acme_order ||= PagesDomainAcmeOrder.find_by_domain_and_token(params[:domain], params[:token]) end end +# rubocop:enable Rails/ApplicationController diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb index b48d6f4f7c2..d5c505ba1dd 100644 --- a/app/controllers/admin/abuse_reports_controller.rb +++ b/app/controllers/admin/abuse_reports_controller.rb @@ -7,6 +7,7 @@ class Admin::AbuseReportsController < Admin::ApplicationController before_action :find_abuse_report, only: [:show, :moderate_user, :update, :destroy] before_action only: :show do push_frontend_feature_flag(:abuse_report_labels) + push_frontend_feature_flag(:abuse_report_notes) end def index diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index be1edeb0d37..8cf0ab60fd3 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -12,10 +12,10 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController before_action :set_application_setting, except: :integrations before_action :disable_query_limiting, only: [:usage_data] + before_action :prerecorded_service_ping_data, only: [:metrics_and_profiling] # rubocop:disable Rails/LexicallyScopedActionFilter before_action do push_frontend_feature_flag(:ci_variables_pages, current_user) - push_frontend_feature_flag(:ci_variable_drawer, current_user) end feature_category :not_owned, [ # rubocop:todo Gitlab/AvoidFeatureCategoryNotOwned @@ -30,7 +30,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController feature_category :source_code_management, [:repository, :clear_repository_check_states] feature_category :continuous_integration, [:ci_cd, :reset_registration_token] urgency :low, [:ci_cd, :reset_registration_token] - feature_category :service_ping, [:usage_data, :service_usage_data] + feature_category :service_ping, [:usage_data] feature_category :integrations, [:integrations, :slack_app_manifest_share, :slack_app_manifest_download] feature_category :pages, [:lets_encrypt_terms_of_service] feature_category :error_tracking, [:reset_error_tracking_access_token] @@ -56,18 +56,16 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController @integrations = Integration.find_or_initialize_all_non_project_specific(Integration.for_instance).sort_by(&:title) end - def service_usage_data - @service_ping_data_present = prerecorded_service_ping_data.present? - end - def update perform_update end def usage_data + return not_found unless prerecorded_service_ping_data.present? + respond_to do |format| format.html do - usage_data_json = Gitlab::Json.pretty_generate(service_ping_data) + usage_data_json = Gitlab::Json.pretty_generate(prerecorded_service_ping_data) render html: Gitlab::Highlight.highlight('payload.json', usage_data_json, language: 'json') end @@ -75,7 +73,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController format.json do Gitlab::UsageDataCounters::ServiceUsageDataCounter.count(:download_payload_click) - render json: Gitlab::Json.dump(service_ping_data) + render json: Gitlab::Json.dump(prerecorded_service_ping_data) end end end @@ -243,12 +241,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController VALID_SETTING_PANELS end - def service_ping_data - prerecorded_service_ping_data || Gitlab::Usage::ServicePingReport.for(output: :all_metrics_values) - end - def prerecorded_service_ping_data - Rails.cache.fetch(Gitlab::Usage::ServicePingReport::CACHE_KEY) || ::RawUsageData.for_current_reporting_cycle.first&.payload + @service_ping_data ||= Rails.cache.fetch(Gitlab::Usage::ServicePingReport::CACHE_KEY) || + ::RawUsageData.for_current_reporting_cycle.first&.payload end end diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index dab0f3e870a..a03e0c0807f 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -13,8 +13,7 @@ class Admin::DashboardController < Admin::ApplicationController @projects = Project.order_id_desc.without_deleted.with_route.limit(10) @users = User.order_id_desc.limit(10) @groups = Group.order_id_desc.with_route.limit(10) - @notices = Gitlab::ConfigChecker::PumaRuggedChecker.check - @notices += Gitlab::ConfigChecker::ExternalDatabaseChecker.check + @notices = Gitlab::ConfigChecker::ExternalDatabaseChecker.check @redis_versions = Gitlab::Redis::ALL_CLASSES.map(&:version).uniq end diff --git a/app/controllers/admin/spam_logs_controller.rb b/app/controllers/admin/spam_logs_controller.rb index b27185a6add..d7ed6aa33ef 100644 --- a/app/controllers/admin/spam_logs_controller.rb +++ b/app/controllers/admin/spam_logs_controller.rb @@ -5,7 +5,9 @@ class Admin::SpamLogsController < Admin::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def index - @spam_logs = SpamLog.includes(:user).order(id: :desc).page(params[:page]).without_count + @spam_logs = SpamLog.preload(user: [:trusted_with_spam_attribute]) + .order(id: :desc) + .page(params[:page]).without_count end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 1f05e4e7b21..ee78d5a8c35 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -164,6 +164,26 @@ class Admin::UsersController < Admin::ApplicationController end end + def trust + result = Users::TrustService.new(current_user).execute(user) + + if result[:status] == :success + redirect_back_or_admin_user(notice: _("Successfully trusted")) + else + redirect_back_or_admin_user(alert: _("Error occurred. User was not updated")) + end + end + + def untrust + result = Users::UntrustService.new(current_user).execute(user) + + if result[:status] == :success + redirect_back_or_admin_user(notice: _("Successfully untrusted")) + else + redirect_back_or_admin_user(alert: _("Error occurred. User was not updated")) + end + end + def confirm if update_user(&:force_confirm) redirect_back_or_admin_user(notice: _("Successfully confirmed")) @@ -290,7 +310,7 @@ class Admin::UsersController < Admin::ApplicationController end def users_with_included_associations(users) - users.includes(:authorized_projects) # rubocop: disable CodeReuse/ActiveRecord + users.includes(:authorized_projects, :trusted_with_spam_attribute) # rubocop: disable CodeReuse/ActiveRecord end def admin_making_changes_for_another_user? @@ -342,6 +362,7 @@ class Admin::UsersController < Admin::ApplicationController :bio, :can_create_group, :color_scheme_id, + :discord, :email, :extern_uid, :external, @@ -350,6 +371,7 @@ class Admin::UsersController < Admin::ApplicationController :hide_no_ssh_key, :key_id, :linkedin, + :mastodon, :name, :password_expires_at, :projects_limit, @@ -358,7 +380,6 @@ class Admin::UsersController < Admin::ApplicationController :skype, :theme_id, :twitter, - :discord, :username, :website_url, :note, diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f60da46826a..6739fc57a1f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,7 +3,7 @@ require 'gon' require 'fogbugz' -class ApplicationController < BaseActionController +class ApplicationController < ActionController::Base include Gitlab::GonHelper include Gitlab::NoCacheHeaders include GitlabRoutingHelper diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index c9cb1ca14e2..1c2bd10bc81 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -3,16 +3,18 @@ class AutocompleteController < ApplicationController include SearchRateLimitable - skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches] + skip_before_action :authenticate_user!, only: [ + :users, :award_emojis, :merge_request_target_branches, :merge_request_source_branches + ] before_action :check_search_rate_limit!, only: [:users, :projects] feature_category :user_profile, [:users, :user] feature_category :groups_and_projects, [:projects] feature_category :team_planning, [:award_emojis] - feature_category :code_review_workflow, [:merge_request_target_branches] + feature_category :code_review_workflow, [:merge_request_target_branches, :merge_request_source_branches] feature_category :continuous_delivery, [:deploy_keys_with_owners] - urgency :low, [:merge_request_target_branches, :deploy_keys_with_owners, :users] + urgency :low, [:merge_request_target_branches, :merge_request_source_branches, :deploy_keys_with_owners, :users] urgency :low, [:award_emojis] urgency :medium, [:projects] @@ -62,14 +64,11 @@ class AutocompleteController < ApplicationController end def merge_request_target_branches - if target_branch_params.present? - merge_requests = MergeRequestsFinder.new(current_user, target_branch_params).execute - target_branches = merge_requests.recent_target_branches + merge_request_branches(target: true) + end - render json: target_branches.map { |target_branch| { title: target_branch } } - else - render json: { error: _('At least one of group_id or project_id must be specified') }, status: :bad_request - end + def merge_request_source_branches + merge_request_branches(source: true) end def deploy_keys_with_owners @@ -90,7 +89,7 @@ class AutocompleteController < ApplicationController .execute end - def target_branch_params + def branch_params params.permit(:group_id, :project_id).select { |_, v| v.present? } end @@ -98,6 +97,21 @@ class AutocompleteController < ApplicationController def presented_suggested_users [] end + + def merge_request_branches(source: false, target: false) + if branch_params.present? + merge_requests = MergeRequestsFinder.new(current_user, branch_params).execute + + branches = [] + + branches.concat(merge_requests.recent_source_branches) if source + branches.concat(merge_requests.recent_target_branches) if target + + render json: branches.map { |branch| { title: branch } } + else + render json: { error: _('At least one of group_id or project_id must be specified') }, status: :bad_request + end + end end AutocompleteController.prepend_mod_with('AutocompleteController') diff --git a/app/controllers/base_action_controller.rb b/app/controllers/base_action_controller.rb deleted file mode 100644 index af2c9e98778..00000000000 --- a/app/controllers/base_action_controller.rb +++ /dev/null @@ -1,31 +0,0 @@ -# frozen_string_literal: true - -# GitLab lightweight base action controller -# -# This class should be limited to content that -# is desired/required for *all* controllers in -# GitLab. -# -# Most controllers inherit from `ApplicationController`. -# Some controllers don't want or need all of that -# logic and instead inherit from `ActionController::Base`. -# This makes it difficult to set security headers and -# handle other critical logic across *all* controllers. -# -# Between this controller and `ApplicationController` -# no controller should ever inherit directly from -# `ActionController::Base` -# -# rubocop:disable Rails/ApplicationController -# rubocop:disable Gitlab/NamespacedClass -class BaseActionController < ActionController::Base - before_action :security_headers - - private - - def security_headers - headers['Cross-Origin-Opener-Policy'] = 'same-origin' if ::Feature.enabled?(:coop_header) - end -end -# rubocop:enable Gitlab/NamespacedClass -# rubocop:enable Rails/ApplicationController diff --git a/app/controllers/chaos_controller.rb b/app/controllers/chaos_controller.rb index b61a8c5ff12..7328b793b09 100644 --- a/app/controllers/chaos_controller.rb +++ b/app/controllers/chaos_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true -class ChaosController < BaseActionController +# rubocop:disable Rails/ApplicationController +class ChaosController < ActionController::Base before_action :validate_chaos_secret, unless: :development_or_test? def leakmem @@ -94,3 +95,4 @@ class ChaosController < BaseActionController Rails.env.development? || Rails.env.test? end end +# rubocop:enable Rails/ApplicationController diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb index 27f1d1f5528..5009bf7ff0c 100644 --- a/app/controllers/concerns/creates_commit.rb +++ b/app/controllers/concerns/creates_commit.rb @@ -3,6 +3,7 @@ module CreatesCommit extend ActiveSupport::Concern include Gitlab::Utils::StrongMemoize + include SafeFormatHelper # rubocop:disable Gitlab/ModuleWithInstanceVariables def create_commit(service, success_path:, failure_path:, failure_view: nil, success_notice: nil, target_project: nil) @@ -31,10 +32,10 @@ module CreatesCommit result = service.new(@project_to_commit_into, current_user, commit_params).execute if result[:status] == :success - update_flash_notice(success_notice) - success_path = final_success_path(success_path, target_project) + update_flash_notice(success_notice, success_path) + respond_to do |format| format.html { redirect_to success_path } format.json { render json: { message: _("success"), filePath: success_path } } @@ -65,8 +66,13 @@ module CreatesCommit private - def update_flash_notice(success_notice) - flash[:notice] = success_notice || _("Your changes have been successfully committed.") + def update_flash_notice(success_notice, success_path) + changes_link = ActionController::Base.helpers.link_to _('changes'), success_path, class: 'gl-link' + + default_message = safe_format(_("Your %{changes_link} have been committed successfully."), + changes_link: changes_link) + + flash[:notice] = success_notice || default_message if create_merge_request? flash[:notice] = diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 28e1056092d..cd2372825ac 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -147,6 +147,8 @@ module IssuableActions finder = Issuable::DiscussionsListService.new(current_user, issuable, finder_params_for_issuable) discussion_notes = finder.execute + yield discussion_notes if block_given? + if finder.paginator.present? && finder.paginator.has_next_page? response.headers['X-Next-Page-Cursor'] = finder.paginator.cursor_for_next_page end diff --git a/app/controllers/concerns/render_access_tokens.rb b/app/controllers/concerns/render_access_tokens.rb index b0bbad7e37f..43e4686e66f 100644 --- a/app/controllers/concerns/render_access_tokens.rb +++ b/app/controllers/concerns/render_access_tokens.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + module RenderAccessTokens extend ActiveSupport::Concern diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index c606ccf4a07..f8c3e125c3b 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -246,7 +246,7 @@ module WikiActions @sidebar_page = wiki.find_sidebar(params[:version_id]) unless @sidebar_page # Fallback to default sidebar - @sidebar_wiki_entries, @sidebar_limited = wiki.sidebar_entries + @sidebar_wiki_entries, @sidebar_limited = wiki.sidebar_entries(load_content: Feature.enabled?(:wiki_front_matter_title, container)) end rescue ::Gitlab::Git::CommandTimedOut => e @sidebar_error = e @@ -326,7 +326,9 @@ module WikiActions end def load_content? - return false if %w[history destroy diff show].include?(params[:action]) + skip_actions = Feature.enabled?(:wiki_front_matter_title, container) ? %w[history destroy diff] : %w[history destroy diff show] + + return false if skip_actions.include?(params[:action]) true end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 188a8540a58..a0997484c58 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -14,6 +14,7 @@ class DashboardController < Dashboard::ApplicationController before_action only: :issues do push_frontend_feature_flag(:frontend_caching) + push_frontend_feature_flag(:group_multi_select_tokens) end before_action only: :merge_requests do diff --git a/app/controllers/explore/catalog_controller.rb b/app/controllers/explore/catalog_controller.rb new file mode 100644 index 00000000000..3cd3771129e --- /dev/null +++ b/app/controllers/explore/catalog_controller.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module Explore + class CatalogController < Explore::ApplicationController + feature_category :pipeline_composition + before_action :check_feature_flag + + def show; end + + def index + render 'show' + end + + private + + def check_feature_flag + render_404 unless Feature.enabled?(:global_ci_catalog, current_user) + end + end +end diff --git a/app/controllers/external_redirect/external_redirect_controller.rb b/app/controllers/external_redirect/external_redirect_controller.rb new file mode 100644 index 00000000000..532196157b7 --- /dev/null +++ b/app/controllers/external_redirect/external_redirect_controller.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +module ExternalRedirect + class ExternalRedirectController < ApplicationController + feature_category :navigation + skip_before_action :authenticate_user! + before_action :check_url_param + + def index + if known_url? + redirect_to url_param + else + render layout: 'fullscreen', locals: { + minimal: true, + url: url_param + } + end + end + + private + + def url_param + params['url']&.strip + end + + def known_url? + uri_data = Addressable::URI.parse(url_param) + + uri_data.site == Gitlab.config.gitlab.url + end + + def check_url_param + render_404 unless ::Gitlab::UrlSanitizer.valid_web?(url_param) + end + end +end diff --git a/app/controllers/groups/settings/applications_controller.rb b/app/controllers/groups/settings/applications_controller.rb index 3ae1ae824a0..5aea078db17 100644 --- a/app/controllers/groups/settings/applications_controller.rb +++ b/app/controllers/groups/settings/applications_controller.rb @@ -5,7 +5,7 @@ module Groups class ApplicationsController < Groups::ApplicationController include OauthApplications - prepend_before_action :authorize_admin_group! + before_action :authorize_admin_group! before_action :set_application, only: [:show, :edit, :update, :renew, :destroy] before_action :load_scopes, only: [:index, :create, :edit, :update] diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index f50cdd2b1de..371db7b30b6 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -15,7 +15,6 @@ module Groups before_action do push_frontend_feature_flag(:ci_variables_pages, current_user) - push_frontend_feature_flag(:ci_variable_drawer, current_user) end urgency :low diff --git a/app/controllers/groups/work_items_controller.rb b/app/controllers/groups/work_items_controller.rb index bd85f12119b..ece279da778 100644 --- a/app/controllers/groups/work_items_controller.rb +++ b/app/controllers/groups/work_items_controller.rb @@ -4,6 +4,13 @@ module Groups class WorkItemsController < Groups::ApplicationController feature_category :team_planning + before_action do + push_force_frontend_feature_flag(:work_items, group&.work_items_feature_flag_enabled?) + push_force_frontend_feature_flag(:work_items_mvc, group&.work_items_mvc_feature_flag_enabled?) + push_force_frontend_feature_flag(:work_items_mvc_2, group&.work_items_mvc_2_feature_flag_enabled?) + push_force_frontend_feature_flag(:linked_work_items, group&.linked_work_items_feature_flag_enabled?) + end + def index not_found unless Feature.enabled?(:namespace_level_work_items, group) end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index edc590e1370..5b9b3b7de11 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -36,7 +36,11 @@ class GroupsController < Groups::ApplicationController push_frontend_feature_flag(:or_issuable_queries, group) push_frontend_feature_flag(:frontend_caching, group) push_force_frontend_feature_flag(:work_items, group.work_items_feature_flag_enabled?) + push_force_frontend_feature_flag(:work_items_mvc, group.work_items_mvc_feature_flag_enabled?) + push_force_frontend_feature_flag(:work_items_mvc_2, group.work_items_mvc_2_feature_flag_enabled?) + push_force_frontend_feature_flag(:linked_work_items, group.linked_work_items_feature_flag_enabled?) push_frontend_feature_flag(:issues_grid_view) + push_frontend_feature_flag(:group_multi_select_tokens, group) end before_action only: :merge_requests do @@ -275,6 +279,7 @@ class GroupsController < Groups::ApplicationController :avatar, :description, :emails_disabled, + :emails_enabled, :show_diff_preview_in_email, :mentions_disabled, :lfs_enabled, diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb index 2b2db2f950c..1381999ab4c 100644 --- a/app/controllers/health_controller.rb +++ b/app/controllers/health_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true -class HealthController < BaseActionController +# rubocop:disable Rails/ApplicationController +class HealthController < ActionController::Base protect_from_forgery with: :exception, prepend: true include RequiresAllowlistedMonitoringClient @@ -39,3 +40,4 @@ class HealthController < BaseActionController render json: result.json, status: result.http_status end end +# rubocop:enable Rails/ApplicationController diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb index a8ec738caf4..bc425323d6f 100644 --- a/app/controllers/import/bulk_imports_controller.rb +++ b/app/controllers/import/bulk_imports_controller.rb @@ -6,6 +6,10 @@ class Import::BulkImportsController < ApplicationController before_action :ensure_bulk_import_enabled before_action :verify_blocked_uri, only: :status + before_action only: [:history] do + push_frontend_feature_flag(:bulk_import_details_page) + end + feature_category :importers urgency :low @@ -49,6 +53,10 @@ class Import::BulkImportsController < ApplicationController end end + def details + render_404 unless Feature.enabled?(:bulk_import_details_page) + end + def create return render json: { success: false }, status: :too_many_requests if throttled_request? return render json: { success: false }, status: :unprocessable_entity unless valid_create_params? diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb index 773ef2bddca..17a79f83a78 100644 --- a/app/controllers/jira_connect/subscriptions_controller.rb +++ b/app/controllers/jira_connect/subscriptions_controller.rb @@ -48,7 +48,7 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController def destroy subscription = current_jira_installation.subscriptions.find(params[:id]) - if !jira_user&.site_admin? + if !jira_user&.jira_admin? render json: { error: 'forbidden' }, status: :forbidden elsif subscription.destroy render json: { success: true } diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 84ccfbc603a..83409c7e096 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -33,7 +33,7 @@ class JwtController < ApplicationController @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_only_authentication_abilities) authenticate_with_http_basic do |login, password| - @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) + @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, request: request) if @authentication_result.failed? log_authentication_failed(login, @authentication_result) @@ -98,11 +98,7 @@ class JwtController < ApplicationController return unless params[:scope].present? scopes = Array(Rack::Utils.parse_query(request.query_string)['scope']) - if Feature.enabled?(:jwt_auth_space_delimited_scopes, Feature.current_request) - scopes.flat_map(&:split) - else - scopes - end + scopes.flat_map(&:split) end def auth_user diff --git a/app/controllers/metrics_controller.rb b/app/controllers/metrics_controller.rb index 61851fd1c60..9f41c092fa0 100644 --- a/app/controllers/metrics_controller.rb +++ b/app/controllers/metrics_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true -class MetricsController < BaseActionController +# rubocop:disable Rails/ApplicationController +class MetricsController < ActionController::Base include RequiresAllowlistedMonitoringClient protect_from_forgery with: :exception, prepend: true @@ -35,3 +36,4 @@ class MetricsController < BaseActionController ) end end +# rubocop:enable Rails/ApplicationController diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb deleted file mode 100644 index ba587944a36..00000000000 --- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb +++ /dev/null @@ -1,86 +0,0 @@ -# frozen_string_literal: true - -# This controller's role is to mimic and rewire the GitLab OAuth -# flow routes for Jira DVCS integration. -# See https://gitlab.com/gitlab-org/gitlab/issues/2381 -# -class Oauth::JiraDvcs::AuthorizationsController < ApplicationController - skip_before_action :authenticate_user! - skip_before_action :verify_authenticity_token - - before_action :reversible_end_of_life! - before_action :validate_redirect_uri, only: :new - - feature_category :integrations - - # 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL. - def new - session[:redirect_uri] = params['redirect_uri'] - - redirect_to oauth_authorization_path( - client_id: params['client_id'], - response_type: 'code', - scope: normalize_scope(params['scope']), - redirect_uri: oauth_jira_dvcs_callback_url - ) - end - - # 2. Handle the callback call as we were a Github Enterprise instance client. - def callback - # Handling URI query params concatenation. - redirect_uri = URI.parse(session['redirect_uri']) - new_query = URI.decode_www_form(String(redirect_uri.query)) << ['code', params[:code]] - redirect_uri.query = URI.encode_www_form(new_query) - - redirect_to redirect_uri.to_s - end - - # 3. Rewire and adjust access_token request accordingly. - def access_token - # We have to modify request.parameters because Doorkeeper::Server reads params from there - request.parameters[:redirect_uri] = oauth_jira_dvcs_callback_url - - strategy = Doorkeeper::Server.new(self).token_request('authorization_code') - response = strategy.authorize - - if response.status == :ok - access_token, scope, token_type = response.body.values_at('access_token', 'scope', 'token_type') - - render body: "access_token=#{access_token}&scope=#{scope}&token_type=#{token_type}" - else - render status: response.status, body: response.body - end - rescue Doorkeeper::Errors::DoorkeeperError => e - render status: :unauthorized, body: e.type - end - - private - - # The endpoints in this controller have been deprecated since 15.1. - # - # Due to uncertainty about the impact of a full removal in 16.0, all endpoints return `404` - # by default but we allow customers to toggle a flag to reverse this breaking change. - # See https://gitlab.com/gitlab-org/gitlab/-/issues/362168#note_1347692683. - # - # TODO Make the breaking change irreversible https://gitlab.com/gitlab-org/gitlab/-/issues/408148. - def reversible_end_of_life! - render_404 unless Feature.enabled?(:jira_dvcs_end_of_life_amnesty) - end - - # When using the GitHub Enterprise connector in Jira we receive the "repo" scope, - # this doesn't exist in GitLab but we can map it to our "api" scope. - def normalize_scope(scope) - scope == 'repo' ? 'api' : scope - end - - def validate_redirect_uri - client = Doorkeeper::OAuth::Client.find(params[:client_id]) - return render_404 unless client - - return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?( - params['redirect_uri'], client.redirect_uri - ) - - render_403 - end -end diff --git a/app/controllers/organizations/organizations_controller.rb b/app/controllers/organizations/organizations_controller.rb index 88c6c9b3cef..3085f0c07d1 100644 --- a/app/controllers/organizations/organizations_controller.rb +++ b/app/controllers/organizations/organizations_controller.rb @@ -19,5 +19,9 @@ module Organizations def groups_and_projects authorize_read_organization! end + + def users + authorize_read_organization! + end end end diff --git a/app/controllers/profiles/comment_templates_controller.rb b/app/controllers/profiles/comment_templates_controller.rb index d6725c27f76..f7c1f8733de 100644 --- a/app/controllers/profiles/comment_templates_controller.rb +++ b/app/controllers/profiles/comment_templates_controller.rb @@ -5,8 +5,6 @@ module Profiles feature_category :user_profile before_action do - render_404 unless Feature.enabled?(:saved_replies, current_user) - @hide_search_settings = true end end diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb index 931070ecdd4..7059e2a0371 100644 --- a/app/controllers/profiles/preferences_controller.rb +++ b/app/controllers/profiles/preferences_controller.rb @@ -48,6 +48,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController :first_day_of_week, :preferred_language, :time_display_relative, + :time_display_format, :show_whitespace_in_diffs, :view_diffs_file_by_file, :tab_width, diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index da15b393e6c..cb29f0f3539 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -111,6 +111,7 @@ class ProfilesController < Profiles::ApplicationController [ :avatar, :bio, + :discord, :email, :role, :gitpod_enabled, @@ -119,12 +120,12 @@ class ProfilesController < Profiles::ApplicationController :hide_project_limit, :linkedin, :location, + :mastodon, :name, :public_email, :commit_email, :skype, :twitter, - :discord, :username, :website_url, :organization, diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index 30c6f4d865a..4bfee0c9c82 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -91,6 +91,19 @@ class Projects::ApplicationController < ApplicationController def check_issues_available! return render_404 unless @project.feature_available?(:issues, current_user) end + + def set_is_ambiguous_ref + return @is_ambiguous_ref if defined? @is_ambiguous_ref + + @is_ambiguous_ref = if Feature.enabled?(:ambiguous_ref_modal, @project) + ExtractsRef::RequestedRef + .new(@project.repository, ref_type: ref_type, ref: @ref) + .find + .fetch(:ambiguous, false) + else + false + end + end end Projects::ApplicationController.prepend_mod_with('Projects::ApplicationController') diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index 2828d17c36f..85bdeb07b00 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -62,7 +62,11 @@ class Projects::ArtifactsController < Projects::ApplicationController conditionally_expand_blob(blob) if blob.external_link?(build) - redirect_to external_file_project_job_artifacts_path(@project, @build, path: params[:path]) + if Gitlab::CurrentSettings.enable_artifact_external_redirect_warning_page + redirect_to external_file_project_job_artifacts_path(@project, @build, path: params[:path]) + else + redirect_to blob.external_url(build) + end else respond_to do |format| format.html do diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 015e56db012..7371902a6bd 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -31,6 +31,7 @@ class Projects::BlobController < Projects::ApplicationController before_action :authorize_edit_tree!, only: [:new, :create, :update, :destroy] before_action :commit, except: [:new, :create] + before_action :set_is_ambiguous_ref, only: [:show] before_action :check_for_ambiguous_ref, only: [:show] before_action :blob, except: [:new, :create] before_action :require_branch_head, only: [:edit, :update] @@ -48,6 +49,7 @@ class Projects::BlobController < Projects::ApplicationController urgency :low, [:create, :show, :edit, :update, :diff] before_action do + push_frontend_feature_flag(:blob_blame_info, @project) push_frontend_feature_flag(:highlight_js_worker, @project) push_frontend_feature_flag(:explain_code_chat, current_user) push_licensed_feature(:file_locks) if @project.licensed_feature_available?(:file_locks) diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index aabea122fb6..4b2749dc716 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -2,12 +2,18 @@ class Projects::EnvironmentsController < Projects::ApplicationController MIN_SEARCH_LENGTH = 3 + ACTIVE_STATES = %i[available stopping].freeze + SCOPES_TO_STATES = { "active" => ACTIVE_STATES, "stopped" => %i[stopped] }.freeze include ProductAnalyticsTracking include KasCookie layout 'project' + before_action only: [:index] do + push_frontend_feature_flag(:k8s_watch_api, project) + end + before_action :authorize_read_environment! before_action :authorize_create_environment!, only: [:new, :create] before_action :authorize_stop_environment!, only: [:stop] @@ -31,7 +37,9 @@ class Projects::EnvironmentsController < Projects::ApplicationController respond_to do |format| format.html format.json do - @environments = search_environments.with_state(params[:scope] || :available) + states = SCOPES_TO_STATES.fetch(params[:scope], ACTIVE_STATES) + @environments = search_environments.with_state(states) + environments_count_by_state = search_environments.count_by_state Gitlab::PollingInterval.set_header(response, interval: 3_000) @@ -40,6 +48,7 @@ class Projects::EnvironmentsController < Projects::ApplicationController review_app: serialize_review_app, can_stop_stale_environments: can?(current_user, :stop_environment, @project), available_count: environments_count_by_state[:available], + active_count: environments_count_by_state[:available] + environments_count_by_state[:stopping], stopped_count: environments_count_by_state[:stopped] } end @@ -54,14 +63,16 @@ class Projects::EnvironmentsController < Projects::ApplicationController respond_to do |format| format.html format.json do + states = SCOPES_TO_STATES.fetch(params[:scope], ACTIVE_STATES) folder_environments = search_environments(type: params[:id]) - @environments = folder_environments.with_state(params[:scope] || :available) + @environments = folder_environments.with_state(states) .order(:name) render json: { environments: serialize_environments(request, response), available_count: folder_environments.available.count, + active_count: folder_environments.active.count, stopped_count: folder_environments.stopped.count } end diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb index 60300f78bbb..5f8bf423219 100644 --- a/app/controllers/projects/group_links_controller.rb +++ b/app/controllers/projects/group_links_controller.rb @@ -9,30 +9,47 @@ class Projects::GroupLinksController < Projects::ApplicationController feature_category :groups_and_projects def update - Projects::GroupLinks::UpdateService.new(group_link, current_user).execute(group_link_params) + result = Projects::GroupLinks::UpdateService.new(group_link, current_user).execute(group_link_params) - if group_link.expires? - render json: { - expires_in: helpers.time_ago_with_tooltip(group_link.expires_at), - expires_soon: group_link.expires_soon? - } - else - render json: {} + if result.success? + if group_link.expires? + render json: { + expires_in: helpers.time_ago_with_tooltip(group_link.expires_at), + expires_soon: group_link.expires_soon? + } + else + render json: {} + end + elsif result.reason == :not_found + render json: { message: result.message }, status: :not_found end end def destroy - ::Projects::GroupLinks::DestroyService.new(project, current_user).execute(group_link) - - respond_to do |format| - format.html do - if can?(current_user, :admin_group, group_link.group) - redirect_to group_path(group_link.group), status: :found - elsif can?(current_user, :admin_project, group_link.project) - redirect_to project_project_members_path(project), status: :found + result = ::Projects::GroupLinks::DestroyService.new(project, current_user).execute(group_link) + + if result.success? + respond_to do |format| + format.html do + if can?(current_user, :admin_group, group_link.group) + redirect_to group_path(group_link.group), status: :found + elsif can?(current_user, :admin_project, group_link.project) + redirect_to project_project_members_path(project), status: :found + end + end + format.js { head :ok } + end + else + respond_to do |format| + format.html do + redirect_to project_project_members_path(project, tab: :groups), status: :found, + alert: _('The project-group link could not be removed.') + end + + format.js do + render json: { message: result.message }, status: :not_found if result.reason == :not_found end end - format.js { head :ok } end end diff --git a/app/controllers/projects/incidents_controller.rb b/app/controllers/projects/incidents_controller.rb index bacf3192ee6..a3c1fd64a9d 100644 --- a/app/controllers/projects/incidents_controller.rb +++ b/app/controllers/projects/incidents_controller.rb @@ -12,7 +12,7 @@ class Projects::IncidentsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?) push_frontend_feature_flag(:moved_mr_sidebar, project) push_force_frontend_feature_flag(:linked_work_items, @project&.linked_work_items_feature_flag_enabled?) - push_frontend_feature_flag(:notifications_todos_buttons, project) + push_frontend_feature_flag(:notifications_todos_buttons, current_user) end feature_category :incident_management diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 4849cccac52..a6444dc038c 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -45,8 +45,6 @@ class Projects::IssuesController < Projects::ApplicationController before_action do push_frontend_feature_flag(:preserve_unchanged_markdown, project) - push_frontend_feature_flag(:service_desk_new_note_email_native_attachments, project) - push_frontend_feature_flag(:saved_replies, current_user) push_frontend_feature_flag(:issues_grid_view) push_frontend_feature_flag(:service_desk_ticket) push_frontend_feature_flag(:issues_list_drawer, project) @@ -60,17 +58,17 @@ class Projects::IssuesController < Projects::ApplicationController before_action only: [:index, :service_desk] do push_frontend_feature_flag(:or_issuable_queries, project) push_frontend_feature_flag(:frontend_caching, project&.group) + push_frontend_feature_flag(:group_multi_select_tokens, project) end before_action only: :show do - push_frontend_feature_flag(:issue_assignees_widget, project) push_frontend_feature_flag(:work_items_mvc, project&.group) push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) push_frontend_feature_flag(:epic_widget_edit_confirmation, project) push_frontend_feature_flag(:moved_mr_sidebar, project) push_force_frontend_feature_flag(:linked_work_items, project.linked_work_items_feature_flag_enabled?) - push_frontend_feature_flag(:notifications_todos_buttons, project) + push_frontend_feature_flag(:notifications_todos_buttons, current_user) end around_action :allow_gitaly_ref_name_caching, only: [:discussions] diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb index 802ffd99e41..d5a7f25d4ce 100644 --- a/app/controllers/projects/jobs_controller.rb +++ b/app/controllers/projects/jobs_controller.rb @@ -6,14 +6,16 @@ class Projects::JobsController < Projects::ApplicationController include ContinueParams include ProjectStatsRefreshConflictsGuard - urgency :low, [:index, :show, :trace, :retry, :play, :cancel, :unschedule, :erase, :raw] + urgency :low, [:index, :show, :trace, :retry, :play, :cancel, :unschedule, :erase, :raw, :test_report_summary] before_action :find_job_as_build, except: [:index, :play, :retry, :show] before_action :find_job_as_processable, only: [:play, :retry, :show] before_action :authorize_read_build_trace!, only: [:trace, :raw] - before_action :authorize_read_build! + before_action :authorize_read_build!, except: [:test_report_summary] + before_action :authorize_read_build_report_results!, only: [:test_report_summary] before_action :authorize_update_build!, - except: [:index, :show, :raw, :trace, :erase, :cancel, :unschedule] + except: [:index, :show, :raw, :trace, :erase, :cancel, :unschedule, :test_report_summary] + before_action :authorize_cancel_build!, only: [:cancel] before_action :authorize_erase_build!, only: [:erase] before_action :authorize_use_build_terminal!, only: [:terminal, :terminal_websocket_authorize] before_action :verify_api_request!, only: :terminal_websocket_authorize @@ -153,6 +155,20 @@ class Projects::JobsController < Projects::ApplicationController end end + def test_report_summary + return not_found unless @build.report_results.present? + + summary = Gitlab::Ci::Reports::TestReportSummary.new(@build.report_results) + + respond_to do |format| + format.json do + render json: TestReportSummarySerializer + .new(project: project, current_user: @current_user) + .represent(summary) + end + end + end + def terminal end @@ -170,10 +186,18 @@ class Projects::JobsController < Projects::ApplicationController attr_reader :build + def authorize_read_build_report_results! + return access_denied! unless can?(current_user, :read_build_report_results, build) + end + def authorize_update_build! return access_denied! unless can?(current_user, :update_build, @build) end + def authorize_cancel_build! + return access_denied! unless can?(current_user, :cancel_build, @build) + end + def authorize_erase_build! return access_denied! unless can?(current_user, :erase_build, @build) end diff --git a/app/controllers/projects/merge_requests/drafts_controller.rb b/app/controllers/projects/merge_requests/drafts_controller.rb index 74c495261a3..fb0073e0ad4 100644 --- a/app/controllers/projects/merge_requests/drafts_controller.rb +++ b/app/controllers/projects/merge_requests/drafts_controller.rb @@ -61,7 +61,9 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli merge_request_activity_counter.track_submit_review_comment(user: current_user) end - if Gitlab::Utils.to_boolean(approve_params[:approve]) + if Feature.enabled?(:mr_request_changes, current_user) && reviewer_state_params[:reviewer_state] + update_reviewer_state + elsif Gitlab::Utils.to_boolean(approve_params[:approve]) unless merge_request.approved_by?(current_user) success = ::MergeRequests::ApprovalService .new(project: @project, current_user: current_user, params: approve_params) @@ -144,6 +146,10 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli params.permit(:approve) end + def reviewer_state_params + params.permit(:reviewer_state) + end + def prepare_notes_for_rendering(notes) return [] unless notes @@ -180,6 +186,18 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli def merge_request_activity_counter Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter end + + def update_reviewer_state + if reviewer_state_params[:reviewer_state] === 'approved' + ::MergeRequests::ApprovalService + .new(project: @project, current_user: current_user, params: approve_params) + .execute(merge_request) + else + ::MergeRequests::UpdateReviewerStateService + .new(project: @project, current_user: current_user) + .execute(merge_request, reviewer_state_params[:reviewer_state]) + end + end end Projects::MergeRequests::DraftsController.prepend_mod diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index ad7b7221e44..eb7505bd81f 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -11,6 +11,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo include SourcegraphDecorator include DiffHelper include Gitlab::Cache::Helpers + include MergeRequestsHelper prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) } skip_before_action :merge_request, only: [:index, :bulk_update, :export_csv] @@ -37,15 +38,15 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo before_action only: [:show, :diffs] do push_frontend_feature_flag(:core_security_mr_widget_counts, project) - push_frontend_feature_flag(:issue_assignees_widget, @project) push_frontend_feature_flag(:moved_mr_sidebar, project) push_frontend_feature_flag(:sast_reports_in_inline_diff, project) push_frontend_feature_flag(:mr_experience_survey, project) - push_frontend_feature_flag(:saved_replies, current_user) push_force_frontend_feature_flag(:summarize_my_code_review, summarize_my_code_review_enabled?) push_frontend_feature_flag(:ci_job_failures_in_mr, project) push_frontend_feature_flag(:mr_pipelines_graphql, project) - push_frontend_feature_flag(:notifications_todos_buttons, project) + push_frontend_feature_flag(:notifications_todos_buttons, current_user) + push_frontend_feature_flag(:widget_pipeline_pass_subscription_update, project) + push_frontend_feature_flag(:mr_request_changes, current_user) end before_action only: [:edit] do @@ -159,7 +160,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo .represent( @pipelines, preload: true, - disable_failed_builds: ::Feature.enabled?(:ci_fix_performance_pipelines_json_endpoint, @project) + disable_failed_builds: true ), count: { all: @pipelines.count @@ -344,9 +345,16 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def discussions - merge_request.discussions_diffs.load_highlight + if Feature.enabled?(:only_highlight_discussions_requested, project) + super do |discussion_notes| + note_ids = discussion_notes.flat_map { |x| x.notes.collect(&:id) } + merge_request.discussions_diffs.load_highlight(diff_note_ids: note_ids) + end + else + merge_request.discussions_diffs.load_highlight - super + super + end end def export_csv @@ -617,7 +625,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def endpoint_diff_batch_url(project, merge_request) - per_page = current_user&.view_diffs_file_by_file ? '1' : '5' + per_page = current_user&.view_diffs_file_by_file ? '1' : DIFF_BATCH_ENDPOINT_PER_PAGE.to_s params = request .query_parameters .merge(view: 'inline', diff_head: true, w: show_whitespace, page: '0', per_page: per_page) diff --git a/app/controllers/projects/ml/model_versions_controller.rb b/app/controllers/projects/ml/model_versions_controller.rb new file mode 100644 index 00000000000..bc69f5bf144 --- /dev/null +++ b/app/controllers/projects/ml/model_versions_controller.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module Projects + module Ml + class ModelVersionsController < ::Projects::ApplicationController + before_action :authorize_read_model_registry! + feature_category :mlops + + def show + @model_version = ::Ml::ModelVersion.by_project_id_and_id(@project, params[:model_version_id]) + + return render_404 unless @model_version + + @model = @model_version.model + end + + private + + def authorize_read_model_registry! + render_404 unless can?(current_user, :read_model_registry, @project) + end + end + end +end diff --git a/app/controllers/projects/ml/models_controller.rb b/app/controllers/projects/ml/models_controller.rb index 4ff7d014723..68a8b7a1686 100644 --- a/app/controllers/projects/ml/models_controller.rb +++ b/app/controllers/projects/ml/models_controller.rb @@ -3,26 +3,45 @@ module Projects module Ml class ModelsController < ::Projects::ApplicationController - before_action :check_feature_enabled - before_action :set_model, only: [:show] + before_action :authorize_read_model_registry! + before_action :authorize_write_model_registry!, only: [:destroy] + before_action :set_model, only: [:show, :destroy] feature_category :mlops MAX_MODELS_PER_PAGE = 20 def index - @paginator = ::Projects::Ml::ModelFinder.new(@project) - .execute - .keyset_paginate(cursor: params[:cursor], per_page: MAX_MODELS_PER_PAGE) + find_params = params + .transform_keys(&:underscore) + .permit(:name, :order_by, :sort) + + finder = ::Projects::Ml::ModelFinder.new(@project, find_params) + + @paginator = finder.execute.keyset_paginate(cursor: params[:cursor], per_page: MAX_MODELS_PER_PAGE) + + @model_count = finder.count end def show; end + def destroy + @model.destroy! + + redirect_to project_ml_models_path(@project), + status: :found, + notice: s_("MlExperimentTracking|Model removed") + end + private - def check_feature_enabled + def authorize_read_model_registry! render_404 unless can?(current_user, :read_model_registry, @project) end + def authorize_write_model_registry! + render_404 unless can?(current_user, :write_model_registry, @project) + end + def set_model @model = ::Ml::Model.by_project_id_and_id(@project, params[:model_id]) diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb index 036ea45cc78..cd2db2dad2c 100644 --- a/app/controllers/projects/pipelines_controller.rb +++ b/app/controllers/projects/pipelines_controller.rb @@ -18,7 +18,8 @@ class Projects::PipelinesController < Projects::ApplicationController before_action :authorize_read_build!, only: [:index, :show] before_action :authorize_read_ci_cd_analytics!, only: [:charts] before_action :authorize_create_pipeline!, only: [:new, :create] - before_action :authorize_update_pipeline!, only: [:retry, :cancel] + before_action :authorize_update_pipeline!, only: [:retry] + before_action :authorize_cancel_pipeline!, only: [:cancel] before_action :ensure_pipeline, only: [:show, :downloadable_artifacts] before_action :reject_if_build_artifacts_size_refreshing!, only: [:destroy] @@ -303,6 +304,10 @@ class Projects::PipelinesController < Projects::ApplicationController return access_denied! unless can?(current_user, :update_pipeline, @pipeline) end + def authorize_cancel_pipeline! + return access_denied! unless can?(current_user, :cancel_pipeline, @pipeline) + end + def limited_pipelines_count(project, scope = nil) finder = Ci::PipelinesFinder.new(project, current_user, index_params.merge(scope: scope)) diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 79b5990abba..d0a80c6aa07 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -19,7 +19,8 @@ class Projects::RawController < Projects::ApplicationController def show @blob = @repository.blob_at(@ref, @path, limit: Gitlab::Git::Blob::LFS_POINTER_MAX_SIZE) - send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:read_code, @project)) + send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: +::Users::Anonymous.can?(:read_code, @project)) end private diff --git a/app/controllers/projects/repositories_controller.rb b/app/controllers/projects/repositories_controller.rb index 4a9282432fd..406e3bd62c2 100644 --- a/app/controllers/projects/repositories_controller.rb +++ b/app/controllers/projects/repositories_controller.rb @@ -48,7 +48,7 @@ class Projects::RepositoriesController < Projects::ApplicationController expires_in( cache_max_age(commit_id), - public: Guest.can?(:download_code, project), + public: ::Users::Anonymous.can?(:download_code, project), must_revalidate: true, stale_if_error: 5.minutes, stale_while_revalidate: 1.minute, diff --git a/app/controllers/projects/service_desk_controller.rb b/app/controllers/projects/service_desk_controller.rb index ca3cecf5949..70cb439c4f3 100644 --- a/app/controllers/projects/service_desk_controller.rb +++ b/app/controllers/projects/service_desk_controller.rb @@ -29,7 +29,7 @@ class Projects::ServiceDeskController < Projects::ApplicationController end def allowed_update_attributes - %i[issue_template_key outgoing_name project_key] + %i[issue_template_key outgoing_name project_key add_external_participants_from_cc] end def service_desk_attributes @@ -41,7 +41,8 @@ class Projects::ServiceDeskController < Projects::ApplicationController issue_template_key: service_desk_settings&.issue_template_key, template_file_missing: service_desk_settings&.issue_template_missing?, outgoing_name: service_desk_settings&.outgoing_name, - project_key: service_desk_settings&.project_key + project_key: service_desk_settings&.project_key, + add_external_participants_from_cc: service_desk_settings&.add_external_participants_from_cc } end diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index 0845fbc9713..9a128adb926 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -14,7 +14,6 @@ module Projects before_action do push_frontend_feature_flag(:ci_variables_pages, current_user) - push_frontend_feature_flag(:ci_variable_drawer, current_user) end helper_method :highlight_badge diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index 0371fb21ac8..cfcc27edf3e 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -12,12 +12,14 @@ class Projects::TreeController < Projects::ApplicationController before_action :require_non_empty_project, except: [:new, :create] before_action :assign_ref_vars + before_action :set_is_ambiguous_ref, only: [:show] before_action :find_requested_ref, only: [:show] before_action :assign_dir_vars, only: [:create_dir] before_action :authorize_read_code! before_action :authorize_edit_tree!, only: [:create_dir] before_action do + push_frontend_feature_flag(:blob_blame_info, @project) push_frontend_feature_flag(:highlight_js_worker, @project) push_frontend_feature_flag(:explain_code_chat, current_user) push_licensed_feature(:file_locks) if @project.licensed_feature_available?(:file_locks) diff --git a/app/controllers/projects/work_items_controller.rb b/app/controllers/projects/work_items_controller.rb index c3986be31b0..84cc1b16136 100644 --- a/app/controllers/projects/work_items_controller.rb +++ b/app/controllers/projects/work_items_controller.rb @@ -11,7 +11,6 @@ class Projects::WorkItemsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) - push_force_frontend_feature_flag(:saved_replies, current_user) push_force_frontend_feature_flag(:linked_work_items, project&.linked_work_items_feature_flag_enabled?) end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index fa26601204a..cee56dca538 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -29,7 +29,8 @@ class ProjectsController < Projects::ApplicationController before_action :authorize_read_code!, only: [:refs] # Authorize - before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] + before_action :authorize_admin_project_or_custom_permissions!, only: :edit + before_action :authorize_admin_project!, only: [:update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] before_action :authorize_archive_project!, only: [:archive, :unarchive] before_action :event_filter, only: [:show, :activity] @@ -37,11 +38,14 @@ class ProjectsController < Projects::ApplicationController before_action :check_export_rate_limit!, only: [:export, :download_export, :generate_new_export] before_action do + push_frontend_feature_flag(:blob_blame_info, @project) push_frontend_feature_flag(:highlight_js_worker, @project) push_frontend_feature_flag(:remove_monitor_metrics, @project) push_frontend_feature_flag(:explain_code_chat, current_user) push_frontend_feature_flag(:service_desk_custom_email, @project) push_frontend_feature_flag(:issue_email_participants, @project) + # TODO: We need to remove the FF eventually when we rollout page_specific_styles + push_frontend_feature_flag(:page_specific_styles, current_user) push_licensed_feature(:file_locks) if @project.present? && @project.licensed_feature_available?(:file_locks) push_licensed_feature(:security_orchestration_policies) if @project.present? && @project.licensed_feature_available?(:security_orchestration_policies) push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?) @@ -595,6 +599,11 @@ class ProjectsController < Projects::ApplicationController def render_edit render 'edit' end + + # Overridden in EE + def authorize_admin_project_or_custom_permissions! + authorize_admin_project! + end end ProjectsController.prepend_mod_with('ProjectsController') diff --git a/app/controllers/repositories/git_http_client_controller.rb b/app/controllers/repositories/git_http_client_controller.rb index a5ca17db113..e8da6ee986a 100644 --- a/app/controllers/repositories/git_http_client_controller.rb +++ b/app/controllers/repositories/git_http_client_controller.rb @@ -129,7 +129,7 @@ module Repositories def handle_basic_authentication(login, password) @authentication_result = Gitlab::Auth.find_for_git_client( - login, password, project: project, ip: request.ip) + login, password, project: project, request: request) @authentication_result.success? end @@ -142,7 +142,7 @@ module Repositories Gitlab::ProtocolAccess.allowed?('http') && download_request? && container && - Guest.can?(repo_type.guest_read_ability, container) + ::Users::Anonymous.can?(repo_type.guest_read_ability, container) end def bypass_admin_mode!(&block) diff --git a/app/controllers/repositories/git_http_controller.rb b/app/controllers/repositories/git_http_controller.rb index 4f228ced542..48edda13904 100644 --- a/app/controllers/repositories/git_http_controller.rb +++ b/app/controllers/repositories/git_http_controller.rb @@ -106,7 +106,8 @@ module Repositories def access_actor return user if user - return :ci if ci? + + :ci if ci? end def access_check @@ -124,6 +125,13 @@ module Repositories def log_user_activity Users::ActivityService.new(author: user, project: project, namespace: project&.namespace).execute end + + def append_info_to_payload(payload) + super + + payload[:metadata] ||= {} + payload[:metadata][:repository_storage] = project&.repository_storage + end end end diff --git a/app/controllers/repositories/lfs_api_controller.rb b/app/controllers/repositories/lfs_api_controller.rb index d9ca216b168..d9d3753a2ff 100644 --- a/app/controllers/repositories/lfs_api_controller.rb +++ b/app/controllers/repositories/lfs_api_controller.rb @@ -60,7 +60,7 @@ module Repositories .for_oids(objects_oids) .index_by(&:oid) - guest_can_download = Guest.can?(:download_code, project) + guest_can_download = ::Users::Anonymous.can?(:download_code, project) objects.each do |object| if lfs_object = existing_oids[object[:oid]] @@ -87,7 +87,7 @@ module Repositories if existing_oids.include?(object[:oid]) object[:actions] = proxy_download_actions(object) - if Guest.can?(:download_code, project) + if ::Users::Anonymous.can?(:download_code, project) object[:authenticated] = true end else diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 7fff31c767f..b639a9dda3f 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -4,7 +4,6 @@ class SearchController < ApplicationController include ControllerWithCrossProjectAccessCheck include SearchHelper include ProductAnalyticsTracking - include ProductAnalyticsTracking include SearchRateLimitable RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show, :autocomplete, :aggregations].freeze @@ -16,6 +15,12 @@ class SearchController < ApplicationController action: 'executed', destinations: [:redis_hll, :snowplow] + track_event :autocomplete, + name: 'i_search_total', + label: 'redis_hll_counters.search.search_total_unique_counts_monthly', + action: 'autocomplete', + destinations: [:redis_hll, :snowplow] + def self.search_rate_limited_endpoints %i[show count autocomplete] end @@ -35,18 +40,6 @@ class SearchController < ApplicationController update_scope_for_code_search end - before_action only: :show do - push_frontend_feature_flag(:search_notes_hide_archived_projects, current_user) - end - - before_action only: :show do - push_frontend_feature_flag(:search_issues_hide_archived_projects, current_user) - end - - before_action only: :show do - push_frontend_feature_flag(:search_merge_requests_hide_archived_projects, current_user) - end - rescue_from ActiveRecord::QueryCanceled, with: :render_timeout layout 'search' |