diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-23 00:10:22 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-23 00:10:22 +0300 |
commit | 18869e31e629f7897451f26800f9123fa412f956 (patch) | |
tree | 560b875d045043e4347751b37373f5f0748b3a69 /app | |
parent | 277c0c75bf32b40d882c35feafaae90f69c40dd9 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/blame_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/blob_controller.rb | 3 | ||||
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/commit_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/commits_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/compare_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/find_file_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/forks_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/issues_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/network_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/raw_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/refs_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/tags_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/tree_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects_controller.rb | 16 | ||||
-rw-r--r-- | app/helpers/web_hooks/web_hooks_helper.rb | 1 | ||||
-rw-r--r-- | app/models/hooks/web_hook.rb | 12 | ||||
-rw-r--r-- | app/services/web_hooks/log_execution_service.rb | 2 |
18 files changed, 21 insertions, 45 deletions
diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb index 01ed5473b41..cfff281604e 100644 --- a/app/controllers/projects/blame_controller.rb +++ b/app/controllers/projects/blame_controller.rb @@ -7,7 +7,7 @@ class Projects::BlameController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:show] diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index f5188e28b81..4eda76f4f21 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -18,7 +18,8 @@ class Projects::BlobController < Projects::ApplicationController around_action :allow_gitaly_ref_name_caching, only: [:show] before_action :require_non_empty_project, except: [:new, :create] - before_action :authorize_download_code! + before_action :authorize_download_code!, except: [:show] + before_action :authorize_read_code!, only: [:show] # We need to assign the blob vars before `authorize_edit_tree!` so we can # validate access to a specific ref. diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 27969cb1a75..7b01e4db42a 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -6,7 +6,7 @@ class Projects::BranchesController < Projects::ApplicationController # Authorize before_action :require_non_empty_project, except: :create - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_push_code!, only: [:new, :create, :destroy, :destroy_all_merged] # Support legacy URLs diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index 870320a79d9..583b572d4b1 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -12,7 +12,7 @@ class Projects::CommitController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_read_pipeline!, only: [:pipelines] before_action :commit before_action :define_commit_vars, only: [:show, :diff_for_path, :diff_files, :pipelines, :merge_requests] diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index dd900173c40..c006d56ae81 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -12,7 +12,7 @@ class Projects::CommitsController < Projects::ApplicationController around_action :allow_gitaly_ref_name_caching before_action :require_non_empty_project before_action :assign_ref_vars, except: :commits_root - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :validate_ref!, except: :commits_root before_action :set_commits, except: :commits_root diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 61308f24412..266edd506d5 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -10,7 +10,7 @@ class Projects::CompareController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! # Defining ivars before_action :define_diffs, only: [:show, :diff_for_path] before_action :define_environment, only: [:show] @@ -95,7 +95,7 @@ class Projects::CompareController < Projects::ApplicationController target_project = target_projects(source_project).find_by_id(compare_params[:from_project_id]) # Just ignore the field if it points at a non-existent or hidden project - next source_project unless target_project && can?(current_user, :download_code, target_project) + next source_project unless target_project && can?(current_user, :read_code, target_project) target_project end diff --git a/app/controllers/projects/find_file_controller.rb b/app/controllers/projects/find_file_controller.rb index c6bc115e737..b5099d555ae 100644 --- a/app/controllers/projects/find_file_controller.rb +++ b/app/controllers/projects/find_file_controller.rb @@ -8,7 +8,7 @@ class Projects::FindFileController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:show, :list] diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb index 3208a5076e7..ff3dc71b6cc 100644 --- a/app/controllers/projects/forks_controller.rb +++ b/app/controllers/projects/forks_controller.rb @@ -9,9 +9,9 @@ class Projects::ForksController < Projects::ApplicationController # Authorize before_action :disable_query_limiting, only: [:create] before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authenticate_user!, only: [:new, :create] - before_action :authorize_fork_project!, only: [:new, :create] + before_action :authorize_fork_project!, except: [:index] before_action :authorize_fork_namespace!, only: [:create] feature_category :source_code_management diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index beb5584c3f4..5a1783ea53d 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -37,7 +37,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_create_merge_request_from!, only: [:create_merge_request] before_action :authorize_import_issues!, only: [:import_csv] - before_action :authorize_download_code!, only: [:related_branches] + before_action :authorize_read_code!, only: [:related_branches] before_action do push_frontend_feature_flag(:preserve_unchanged_markdown, project) diff --git a/app/controllers/projects/network_controller.rb b/app/controllers/projects/network_controller.rb index 84ac9fb01fd..a85875b8983 100644 --- a/app/controllers/projects/network_controller.rb +++ b/app/controllers/projects/network_controller.rb @@ -6,7 +6,7 @@ class Projects::NetworkController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :assign_options before_action :assign_commit diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 9707b70f26f..924de0ee7ea 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -12,7 +12,7 @@ class Projects::RawController < Projects::ApplicationController before_action :set_ref_and_path before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :check_show_rate_limit!, only: [:show], unless: :external_storage_request? before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled? @@ -21,7 +21,7 @@ class Projects::RawController < Projects::ApplicationController def show @blob = @repository.blob_at(@ref, @path, limit: Gitlab::Git::Blob::LFS_POINTER_MAX_SIZE) - send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:download_code, @project)) + send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:read_code, @project)) end private diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 05fe34ceb5b..4ba856149b5 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -9,7 +9,7 @@ class Projects::RefsController < Projects::ApplicationController before_action :require_non_empty_project before_action :validate_ref_id before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:switch, :logs_tree] diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index 847b1baca10..3c1735c728c 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -7,7 +7,7 @@ class Projects::TagsController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_admin_tag!, only: [:new, :create, :destroy] feature_category :source_code_management diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index fea2689db14..ce1b9af648f 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -13,7 +13,7 @@ class Projects::TreeController < Projects::ApplicationController before_action :require_non_empty_project, except: [:new, :create] before_action :assign_ref_vars before_action :assign_dir_vars, only: [:create_dir] - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_edit_tree!, only: [:create_dir] before_action do diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a5dacbf7f2f..c705122818a 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -26,7 +26,7 @@ class ProjectsController < Projects::ApplicationController before_action :verify_git_import_enabled, only: [:create] before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export] before_action :present_project, only: [:edit] - before_action :authorize_download_code!, only: [:refs] + before_action :authorize_read_code!, only: [:refs] # Authorize before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] @@ -369,7 +369,7 @@ class ProjectsController < Projects::ApplicationController def render_landing_page Gitlab::Tracking.event('project_overview', 'render', user: current_user, project: @project.project) - if can?(current_user, :download_code, @project) + if can?(current_user, :read_code, @project) return render 'projects/no_repo' unless @project.repository_exists? render 'projects/empty' if @project.empty_repo? @@ -520,14 +520,6 @@ class ProjectsController < Projects::ApplicationController false end - def project_view_files? - if current_user - current_user.project_view == 'files' - else - project_view_files_allowed? - end - end - # Override extract_ref from ExtractsPath, which returns the branch and file path # for the blob/tree, which in this case is just the root of the default branch. # This way we avoid to access the repository.ref_names. @@ -540,10 +532,6 @@ class ProjectsController < Projects::ApplicationController project.repository.root_ref end - def project_view_files_allowed? - !project.empty_repo? && can?(current_user, :download_code, project) - end - def build_canonical_path(project) params[:namespace_id] = project.namespace.to_param params[:id] = project.to_param diff --git a/app/helpers/web_hooks/web_hooks_helper.rb b/app/helpers/web_hooks/web_hooks_helper.rb index e95b90c69ef..2d74b008e10 100644 --- a/app/helpers/web_hooks/web_hooks_helper.rb +++ b/app/helpers/web_hooks/web_hooks_helper.rb @@ -8,7 +8,6 @@ module WebHooks return false if project_hook_page? return false unless current_user return false unless Feature.enabled?(:webhooks_failed_callout, project) - return false unless Feature.enabled?(:web_hooks_disable_failed, project) return false unless Ability.allowed?(current_user, :read_web_hooks, project) # Assumes include of Users::CalloutsHelper diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 05e50c17988..e57f664f199 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -57,8 +57,6 @@ class WebHook < ApplicationRecord }, _prefix: true scope :executable, -> do - next all unless Feature.enabled?(:web_hooks_disable_failed) - where('recent_failures <= ? AND (disabled_until IS NULL OR disabled_until < ?)', FAILURE_THRESHOLD, Time.current) end @@ -67,23 +65,17 @@ class WebHook < ApplicationRecord where('recent_failures > ? OR disabled_until >= ?', FAILURE_THRESHOLD, Time.current) end - def self.web_hooks_disable_failed?(hook) - Feature.enabled?(:web_hooks_disable_failed, hook.parent) - end - def executable? !temporarily_disabled? && !permanently_disabled? end def temporarily_disabled? - return false unless web_hooks_disable_failed? return false if recent_failures <= FAILURE_THRESHOLD disabled_until.present? && disabled_until >= Time.current end def permanently_disabled? - return false unless web_hooks_disable_failed? return false if disabled_until.present? recent_failures > FAILURE_THRESHOLD @@ -226,10 +218,6 @@ class WebHook < ApplicationRecord backoff_count.succ.clamp(1, MAX_FAILURES) end - def web_hooks_disable_failed? - self.class.web_hooks_disable_failed?(self) - end - def initialize_url_variables self.url_variables = {} if encrypted_url_variables.nil? end diff --git a/app/services/web_hooks/log_execution_service.rb b/app/services/web_hooks/log_execution_service.rb index 1a40c877bda..5be8aee3ae8 100644 --- a/app/services/web_hooks/log_execution_service.rb +++ b/app/services/web_hooks/log_execution_service.rb @@ -17,7 +17,7 @@ module WebHooks end def execute - update_hook_failure_state if WebHook.web_hooks_disable_failed?(hook) + update_hook_failure_state log_execution end |