diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-18 00:09:16 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-18 00:09:16 +0300 |
commit | 154b9bae142ba15fec753f44327654595094b879 (patch) | |
tree | 027f8ae024961778d5b00c77a72fe302f985d4f3 /app/services | |
parent | 2c156e3c7bbade01c36eee18327f1ced6eebea79 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/metrics/dashboard/update_dashboard_service.rb | 106 | ||||
-rw-r--r-- | app/services/projects/import_service.rb | 6 | ||||
-rw-r--r-- | app/services/search_service.rb | 48 |
3 files changed, 109 insertions, 51 deletions
diff --git a/app/services/metrics/dashboard/update_dashboard_service.rb b/app/services/metrics/dashboard/update_dashboard_service.rb index dccdedf61db..65e6e195f79 100644 --- a/app/services/metrics/dashboard/update_dashboard_service.rb +++ b/app/services/metrics/dashboard/update_dashboard_service.rb @@ -4,84 +4,89 @@ module Metrics module Dashboard class UpdateDashboardService < ::BaseService + include Stepable + ALLOWED_FILE_TYPE = '.yml' USER_DASHBOARDS_DIR = ::Metrics::Dashboard::ProjectDashboardService::DASHBOARD_ROOT - # rubocop:disable Cop/BanCatchThrow - def execute - catch(:error) do - throw(:error, error(_(%q(You are not allowed to push into this branch. Create another branch or open a merge request.)), :forbidden)) unless push_authorized? - - result = ::Files::UpdateService.new(project, current_user, dashboard_attrs).execute - throw(:error, result.merge(http_status: :bad_request)) unless result[:status] == :success + steps :check_push_authorized, + :check_branch_name, + :check_file_type, + :update_file - success(result.merge(http_status: :created, dashboard: dashboard_details)) - end + def execute + execute_steps end - # rubocop:enable Cop/BanCatchThrow private - def dashboard_attrs - { - commit_message: params[:commit_message], - file_path: update_dashboard_path, - file_content: update_dashboard_content, - encoding: 'text', - branch_name: branch, - start_branch: repository.branch_exists?(branch) ? branch : project.default_branch - } + def check_push_authorized(result) + return error(_('You are not allowed to push into this branch. Create another branch or open a merge request.'), :forbidden) unless push_authorized? + + success(result) end - def dashboard_details - { - path: update_dashboard_path, - display_name: ::Metrics::Dashboard::ProjectDashboardService.name_for_path(update_dashboard_path), - default: false, - system_dashboard: false - } + def check_branch_name(result) + return error(_('There was an error updating the dashboard, branch name is invalid.'), :bad_request) unless valid_branch_name? + return error(_('There was an error updating the dashboard, branch named: %{branch} already exists.') % { branch: params[:branch] }, :bad_request) unless new_or_default_branch? + + success(result) end - def push_authorized? - Gitlab::UserAccess.new(current_user, project: project).can_push_to_branch?(branch) + def check_file_type(result) + return error(_('The file name should have a .yml extension'), :bad_request) unless target_file_type_valid? + + success(result) end - # rubocop:disable Cop/BanCatchThrow - def branch - @branch ||= begin - throw(:error, error(_('There was an error updating the dashboard, branch name is invalid.'), :bad_request)) unless valid_branch_name? - throw(:error, error(_('There was an error updating the dashboard, branch named: %{branch} already exists.') % { branch: params[:branch] }, :bad_request)) unless new_or_default_branch? + def update_file(result) + file_update_response = ::Files::UpdateService.new(project, current_user, dashboard_attrs).execute - params[:branch] + if file_update_response[:status] == :success + success(result.merge(file_update_response, http_status: :created, dashboard: dashboard_details)) + else + error(file_update_response[:message], :bad_request) end end - # rubocop:enable Cop/BanCatchThrow - def new_or_default_branch? - !repository.branch_exists?(params[:branch]) || project.default_branch == params[:branch] + def push_authorized? + Gitlab::UserAccess.new(current_user, project: project).can_push_to_branch?(branch) end def valid_branch_name? - Gitlab::GitRefValidator.validate(params[:branch]) + Gitlab::GitRefValidator.validate(branch) end - def update_dashboard_path - File.join(USER_DASHBOARDS_DIR, file_name) + def new_or_default_branch? + !repository.branch_exists?(branch) || project.default_branch == branch end def target_file_type_valid? File.extname(params[:file_name]) == ALLOWED_FILE_TYPE end - # rubocop:disable Cop/BanCatchThrow + def dashboard_attrs + { + commit_message: params[:commit_message], + file_path: update_dashboard_path, + file_content: update_dashboard_content, + encoding: 'text', + branch_name: branch, + start_branch: repository.branch_exists?(branch) ? branch : project.default_branch + } + end + + def update_dashboard_path + File.join(USER_DASHBOARDS_DIR, file_name) + end + def file_name - @file_name ||= begin - throw(:error, error(_('The file name should have a .yml extension'), :bad_request)) unless target_file_type_valid? + @file_name ||= File.basename(CGI.unescape(params[:file_name])) + end - File.basename(CGI.unescape(params[:file_name])) - end + def branch + @branch ||= params[:branch] end - # rubocop:enable Cop/BanCatchThrow def update_dashboard_content ::PerformanceMonitoring::PrometheusDashboard.from_json(params[:file_content]).to_yaml @@ -90,6 +95,15 @@ module Metrics def repository @repository ||= project.repository end + + def dashboard_details + { + path: update_dashboard_path, + display_name: ::Metrics::Dashboard::ProjectDashboardService.name_for_path(update_dashboard_path), + default: false, + system_dashboard: false + } + end end end end diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb index a4771e864d4..4b294a97516 100644 --- a/app/services/projects/import_service.rb +++ b/app/services/projects/import_service.rb @@ -2,8 +2,6 @@ module Projects class ImportService < BaseService - include Gitlab::ShellAdapter - Error = Class.new(StandardError) # Returns true if this importer is supposed to perform its work in the @@ -72,9 +70,9 @@ module Projects project.ensure_repository project.repository.fetch_as_mirror(project.import_url, refmap: refmap) else - gitlab_shell.import_project_repository(project) + project.repository.import_repository(project.import_url) end - rescue Gitlab::Shell::Error => e + rescue ::Gitlab::Git::CommandError => e # Expire cache to prevent scenarios such as: # 1. First import failed, but the repo was imported successfully, so +exists?+ returns true # 2. Retried import, repo is broken or not imported but +exists?+ still returns true diff --git a/app/services/search_service.rb b/app/services/search_service.rb index fe5e823b56c..75cd6c78a52 100644 --- a/app/services/search_service.rb +++ b/app/services/search_service.rb @@ -3,6 +3,11 @@ class SearchService include Gitlab::Allowable + REDACTABLE_RESULTS = [ + ActiveRecord::Relation, + Gitlab::Search::FoundBlob + ].freeze + SEARCH_TERM_LIMIT = 64 SEARCH_CHAR_LIMIT = 4096 @@ -60,11 +65,52 @@ class SearchService end def search_objects - @search_objects ||= search_results.objects(scope, params[:page]) + @search_objects ||= redact_unauthorized_results(search_results.objects(scope, params[:page])) + end + + def redactable_results + REDACTABLE_RESULTS end private + def visible_result?(object) + return true unless object.respond_to?(:to_ability_name) && DeclarativePolicy.has_policy?(object) + + Ability.allowed?(current_user, :"read_#{object.to_ability_name}", object) + end + + def redact_unauthorized_results(results) + return results unless redactable_results.any? { |redactable| results.is_a?(redactable) } + + permitted_results = results.select do |object| + visible_result?(object) + end + + filtered_results = (results - permitted_results).each_with_object({}) do |object, memo| + memo[object.id] = { ability: :"read_#{object.to_ability_name}", id: object.id, class_name: object.class.name } + end + + log_redacted_search_results(filtered_results.values) if filtered_results.any? + + return results.id_not_in(filtered_results.keys) if results.is_a?(ActiveRecord::Relation) + + Kaminari.paginate_array( + permitted_results, + total_count: results.total_count, + limit: results.limit_value, + offset: results.offset_value + ) + end + + def log_redacted_search_results(filtered_results) + logger.error(message: "redacted_search_results", filtered: filtered_results, current_user_id: current_user&.id, query: params[:search]) + end + + def logger + @logger ||= ::Gitlab::RedactedSearchResultsLogger.build + end + def search_service @search_service ||= if project |