Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-10-24 15:06:03 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-10-24 15:06:03 +0300
commit: 33813f993b49da58426d33a148ee70952e6835bb (patch)
tree: a8310742d6eb7e1dc83f72ceba1fefb3d5b8a030 /app
parent: dc0622dbe3cd552abca4107557c6c09edb23625c (diff)
7 files changed, 105 insertions, 26 deletions
diff --git a/app/assets/javascripts/repository/components/last_commit.vue b/app/assets/javascripts/repository/components/last_commit.vue
index 19a2db2db25..aa270a374ae 100644
--- a/app/assets/javascripts/repository/components/last_commit.vue
+++ b/app/assets/javascripts/repository/components/last_commit.vue
@@ -125,19 +125,21 @@ export default {
         </div>
         <div class="commit-actions flex-row">
           <div v-if="commit.signatureHtml" v-html="commit.signatureHtml"></div>
-          <gl-link
-            v-if="commit.latestPipeline"
-            v-gl-tooltip
-            :href="commit.latestPipeline.detailedStatus.detailsPath"
-            :title="statusTitle"
-            class="js-commit-pipeline"
-          >
-            <ci-icon
-              :status="commit.latestPipeline.detailedStatus"
-              :size="24"
-              :aria-label="statusTitle"
-            />
-          </gl-link>
+          <div class="ci-status-link">
+            <gl-link
+              v-if="commit.latestPipeline"
+              v-gl-tooltip
+              :href="commit.latestPipeline.detailedStatus.detailsPath"
+              :title="statusTitle"
+              class="js-commit-pipeline"
+            >
+              <ci-icon
+                :status="commit.latestPipeline.detailedStatus"
+                :size="24"
+                :aria-label="statusTitle"
+              />
+            </gl-link>
+          </div>
           <div class="commit-sha-group d-flex">
             <div class="label label-monospace monospace">
               {{ showCommitId }}
diff --git a/app/assets/stylesheets/framework/memory_graph.scss b/app/assets/stylesheets/framework/memory_graph.scss
index 81cdf6b59e4..c84010c6f10 100644
--- a/app/assets/stylesheets/framework/memory_graph.scss
+++ b/app/assets/stylesheets/framework/memory_graph.scss
@@ -1,11 +1,7 @@
 .memory-graph-container {
   svg {
     background: $white-light;
-    cursor: pointer;
-
-    &:hover {
-      box-shadow: 0 0 4px $gray-darkest inset;
-    }
+    border: 1px solid $gray-200;
   }
 
   path {
diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb
index bb47ccb72b3..abec237dd1d 100644
--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -142,6 +142,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :api_url,
           :token,
@@ -155,6 +156,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :namespace
         ]
diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb
index c600717f5df..e3e2f06c313 100644
--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -117,6 +117,8 @@ module Clusters
 
     scope :default_environment, -> { where(environment_scope: DEFAULT_ENVIRONMENT) }
 
+    scope :for_project_namespace, -> (namespace_id) { joins(:projects).where(projects: { namespace_id: namespace_id }) }
+
     def self.ancestor_clusters_for_clusterable(clusterable, hierarchy_order: :asc)
       return [] if clusterable.is_a?(Instance)
 
diff --git a/app/models/clusters/clusters_hierarchy.rb b/app/models/clusters/clusters_hierarchy.rb
index a906eb2888b..c9c18d8c96a 100644
--- a/app/models/clusters/clusters_hierarchy.rb
+++ b/app/models/clusters/clusters_hierarchy.rb
@@ -20,7 +20,7 @@ module Clusters
         .with
         .recursive(cte.to_arel)
         .from(cte_alias)
-        .order(DEPTH_COLUMN => :asc)
+        .order(depth_order_clause)
     end
 
     private
@@ -40,7 +40,7 @@ module Clusters
                    end
 
       if clusterable.is_a?(::Project) && include_management_project
-        cte << management_clusters_query
+        cte << same_namespace_management_clusters_query
       end
 
       cte << base_query
@@ -49,13 +49,42 @@ module Clusters
       cte
     end
 
+    # Returns project-level clusters where the project is the management project
+    # for the cluster. The management project has to be in the same namespace /
+    # group as the cluster's project.
+    #
+    # Support for management project in sub-groups is planned in
+    # https://gitlab.com/gitlab-org/gitlab/issues/34650
+    #
+    # NB: group_parent_id is un-used but we still need to match the same number of
+    # columns as other queries in the CTE.
+    def same_namespace_management_clusters_query
+      clusterable.management_clusters
+        .project_type
+        .select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
+        .for_project_namespace(clusterable.namespace_id)
+    end
+
     # Management clusters should be first in the hierarchy so we use 0 for the
     # depth column.
     #
-    # group_parent_id is un-used but we still need to match the same number of
-    # columns as other queries in the CTE.
-    def management_clusters_query
-      clusterable.management_clusters.select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
+    # Only applicable if the clusterable is a project (most especially when
+    # requesting project.deployment_platform).
+    def depth_order_clause
+      return { DEPTH_COLUMN => :asc } unless clusterable.is_a?(::Project) && include_management_project
+
+      order = <<~SQL
+        (CASE clusters.management_project_id
+          WHEN :project_id THEN 0
+          ELSE #{DEPTH_COLUMN}
+        END) ASC
+      SQL
+
+      values = {
+        project_id: clusterable.id
+      }
+
+      model.sanitize_sql_array([Arel.sql(order), values])
     end
 
     def group_clusters_base_query
diff --git a/app/models/concerns/deployment_platform.rb b/app/models/concerns/deployment_platform.rb
index fe8e9609820..d0b10fd8671 100644
--- a/app/models/concerns/deployment_platform.rb
+++ b/app/models/concerns/deployment_platform.rb
@@ -12,7 +12,7 @@ module DeploymentPlatform
   private
 
   def cluster_management_project_enabled?
-    Feature.enabled?(:cluster_management_project, default_enabled: true)
+    Feature.enabled?(:cluster_management_project, self)
   end
 
   def find_deployment_platform(environment)
diff --git a/app/services/clusters/update_service.rb b/app/services/clusters/update_service.rb
index 25d26e761b1..98dd6b26a47 100644
--- a/app/services/clusters/update_service.rb
+++ b/app/services/clusters/update_service.rb
@@ -9,7 +9,55 @@ module Clusters
     end
 
     def execute(cluster)
-      cluster.update(params)
+      if validate_params(cluster)
+        cluster.update(params)
+      else
+        false
+      end
+    end
+
+    private
+
+    def can_admin_pipeline_for_project?(project)
+      Ability.allowed?(current_user, :admin_pipeline, project)
+    end
+
+    def validate_params(cluster)
+      if params[:management_project_id]
+        management_project = management_project_scope(cluster).find_by_id(params[:management_project_id])
+
+        unless management_project
+          cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
+
+          return false
+        end
+
+        unless can_admin_pipeline_for_project?(management_project)
+          # Use same message as not found to prevent enumeration
+          cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
+
+          return false
+        end
+      end
+
+      true
+    end
+
+    def management_project_scope(cluster)
+      return ::Project.all if cluster.instance_type?
+
+      group =
+        if cluster.group_type?
+          cluster.first_group
+        elsif cluster.project_type?
+          cluster.first_project&.namespace
+        end
+
+      # Prevent users from selecting nested projects until
+      # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved
+      include_subgroups = cluster.group_type?
+
+      ::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-10-24 15:06:03 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-10-24 15:06:03 +0300
commit	33813f993b49da58426d33a148ee70952e6835bb (patch)
tree	a8310742d6eb7e1dc83f72ceba1fefb3d5b8a030 /app
parent	dc0622dbe3cd552abca4107557c6c09edb23625c (diff)