Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-07-31 17:34:04 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-07-31 17:34:24 +0300
commit: 3c93d74713f5a845429b4c19b046f57cc8ea325c (patch)
tree: 82a692612482b6a1369986e390c7d78958ddf9f0 /app
parent: f5fe9b63037d428aecb04c375579ef022ba98e1d (diff)
7 files changed, 39 insertions, 10 deletions
diff --git a/app/assets/javascripts/diffs/store/mutations.js b/app/assets/javascripts/diffs/store/mutations.js
index 4855ca87e91..f90e0a24d0e 100644
--- a/app/assets/javascripts/diffs/store/mutations.js
+++ b/app/assets/javascripts/diffs/store/mutations.js
@@ -167,7 +167,7 @@ export default {
       originalStartLineCode,
       ...(discussion.line_codes || []),
     ];
-    const fileHash = discussion.diff_file.file_hash;
+    const fileHash = discussion.diff_file?.file_hash;
     const lineCheck = (line) =>
       discussionLineCodes.some(
         (discussionLineCode) =>
diff --git a/app/assets/javascripts/diffs/utils/diff_file.js b/app/assets/javascripts/diffs/utils/diff_file.js
index f2a3224d332..98e1c1cc849 100644
--- a/app/assets/javascripts/diffs/utils/diff_file.js
+++ b/app/assets/javascripts/diffs/utils/diff_file.js
@@ -77,7 +77,7 @@ export function prepareRawDiffFile({ file, allFiles, meta = false, index = -1 })
 }
 
 export function collapsedType(file) {
-  const isManual = typeof file.viewer?.manuallyCollapsed === 'boolean';
+  const isManual = typeof file?.viewer?.manuallyCollapsed === 'boolean';
 
   return isManual ? DIFF_FILE_MANUAL_COLLAPSE : DIFF_FILE_AUTOMATIC_COLLAPSE;
 }
@@ -85,8 +85,8 @@ export function collapsedType(file) {
 export function isCollapsed(file) {
   const type = collapsedType(file);
   const collapsedStates = {
-    [DIFF_FILE_AUTOMATIC_COLLAPSE]: file.viewer?.automaticallyCollapsed || false,
-    [DIFF_FILE_MANUAL_COLLAPSE]: file.viewer?.manuallyCollapsed,
+    [DIFF_FILE_AUTOMATIC_COLLAPSE]: file?.viewer?.automaticallyCollapsed || false,
+    [DIFF_FILE_MANUAL_COLLAPSE]: file?.viewer?.manuallyCollapsed,
   };
 
   return collapsedStates[type];
diff --git a/app/assets/javascripts/notes/components/diff_with_note.vue b/app/assets/javascripts/notes/components/diff_with_note.vue
index db32079e6b9..b1a2ab77fa8 100644
--- a/app/assets/javascripts/notes/components/diff_with_note.vue
+++ b/app/assets/javascripts/notes/components/diff_with_note.vue
@@ -41,7 +41,7 @@ export default {
       return getDiffMode(this.discussion.diff_file);
     },
     diffViewerMode() {
-      return this.discussion.diff_file.viewer.name;
+      return this.discussion.diff_file?.viewer.name;
     },
     fileDiffRefs() {
       return this.discussion.diff_file.diff_refs;
@@ -96,6 +96,7 @@ export default {
 <template>
   <div :class="{ 'text-file': isTextFile }" class="diff-file file-holder">
     <diff-file-header
+      v-if="discussion.diff_file"
       :discussion-path="discussion.discussion_path"
       :diff-file="discussion.diff_file"
       :can-current-user-fork="false"
diff --git a/app/assets/javascripts/notes/components/noteable_discussion.vue b/app/assets/javascripts/notes/components/noteable_discussion.vue
index a5939e1023c..7e79edfea15 100644
--- a/app/assets/javascripts/notes/components/noteable_discussion.vue
+++ b/app/assets/javascripts/notes/components/noteable_discussion.vue
@@ -169,7 +169,7 @@ export default {
       return !this.discussionResolved ? this.discussion.resolve_with_issue_path : '';
     },
     canShowReplyActions() {
-      if (this.shouldRenderDiffs && !this.discussion.diff_file.diff_refs) {
+      if (this.shouldRenderDiffs && !this.discussion.diff_file?.diff_refs) {
         return false;
       }
 
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index 4fd307b5105..96c9aa89953 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -21,7 +21,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def new
-    @schedule = project.pipeline_schedules.new
   end
 
   def create
@@ -113,6 +112,15 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
         variables_attributes: [:id, :variable_type, :key, :secret_value, :_destroy])
   end
 
+  def new_schedule
+    # We need the `ref` here for `authorize_create_pipeline_schedule!`
+    @schedule ||= project.pipeline_schedules.new(ref: params.dig(:schedule, :ref))
+  end
+
+  def authorize_create_pipeline_schedule!
+    return access_denied! unless can?(current_user, :create_pipeline_schedule, new_schedule)
+  end
+
   def authorize_play_pipeline_schedule!
     return access_denied! unless can?(current_user, :play_pipeline_schedule, schedule)
   end
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index 7b0d484f9f7..cbc60c4a30a 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -5,7 +5,18 @@ module Ci
     alias_method :pipeline_schedule, :subject
 
     condition(:protected_ref) do
-      ref_protected?(@user, @subject.project, @subject.project.repository.tag_exists?(@subject.ref), @subject.ref)
+      if full_ref?(@subject.ref)
+        is_tag = Gitlab::Git.tag_ref?(@subject.ref)
+        ref_name = Gitlab::Git.ref_name(@subject.ref)
+      else
+        # NOTE: this block should not be removed
+        # until the full ref validation is in place
+        # and all old refs are updated and validated
+        is_tag = @subject.project.repository.tag_exists?(@subject.ref)
+        ref_name = @subject.ref
+      end
+
+      ref_protected?(@user, @subject.project, is_tag, ref_name)
     end
 
     condition(:owner_of_schedule) do
@@ -31,6 +42,15 @@ module Ci
       enable :take_ownership_pipeline_schedule
     end
 
-    rule { protected_ref }.prevent :play_pipeline_schedule
+    rule { protected_ref }.policy do
+      prevent :play_pipeline_schedule
+      prevent :create_pipeline_schedule
+    end
+
+    private
+
+    def full_ref?(ref)
+      Gitlab::Git.tag_ref?(ref) || Gitlab::Git.branch_ref?(ref)
+    end
   end
 end
diff --git a/app/services/discussions/capture_diff_note_positions_service.rb b/app/services/discussions/capture_diff_note_positions_service.rb
index 3684a3f679a..f9b31e0f2f1 100644
--- a/app/services/discussions/capture_diff_note_positions_service.rb
+++ b/app/services/discussions/capture_diff_note_positions_service.rb
@@ -26,7 +26,7 @@ module Discussions
       active_diff_discussions = merge_request.notes.new_diff_notes.discussions.select do |discussion|
         discussion.active?(merge_request.diff_refs)
       end
-      paths = active_diff_discussions.flat_map { |n| n.diff_file.paths }
+      paths = active_diff_discussions.flat_map { |n| n.diff_file&.paths }
 
       [active_diff_discussions, paths]
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-07-31 17:34:04 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-07-31 17:34:24 +0300
commit	3c93d74713f5a845429b4c19b046f57cc8ea325c (patch)
tree	82a692612482b6a1369986e390c7d78958ddf9f0 /app
parent	f5fe9b63037d428aecb04c375579ef022ba98e1d (diff)