diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-27 22:03:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-27 22:03:56 +0300 |
commit | d625f4e9fe78a69be0d481c20cba33b6dd88ef1a (patch) | |
tree | 510ee7d62fa2d6084a5058446cf61d328900325a /app | |
parent | 9b60052467242bbc071bcb0f74b7437fb3dfc870 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-2-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/snippet.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 14 | ||||
-rw-r--r-- | app/services/concerns/update_visibility_level.rb | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb index c813c5cb5b8..47b23bbd28a 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -71,8 +71,6 @@ class Snippet < ApplicationRecord }, if: :content_changed? - validates :visibility_level, inclusion: { in: Gitlab::VisibilityLevel.values } - after_create :create_statistics # Scopes diff --git a/app/models/user.rb b/app/models/user.rb index 12f434db631..188b27383f9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -605,23 +605,24 @@ class User < ApplicationRecord end end - # Find a User by their primary email or any associated secondary email + # Find a User by their primary email or any associated confirmed secondary email def find_by_any_email(email, confirmed: false) return unless email by_any_email(email, confirmed: confirmed).take end - # Returns a relation containing all the users for the given email addresses + # Returns a relation containing all found users by their primary email + # or any associated confirmed secondary email # # @param emails [String, Array<String>] email addresses to check - # @param confirmed [Boolean] Only return users where the email is confirmed + # @param confirmed [Boolean] Only return users where the primary email is confirmed def by_any_email(emails, confirmed: false) from_users = by_user_email(emails) from_users = from_users.confirmed if confirmed - from_emails = by_emails(emails) - from_emails = from_emails.confirmed.merge(Email.confirmed) if confirmed + from_emails = by_emails(emails).merge(Email.confirmed) + from_emails = from_emails.confirmed if confirmed items = [from_users, from_emails] @@ -752,6 +753,7 @@ class User < ApplicationRecord matched_by_email_user_id = email_table .project(email_table[:user_id]) .where(email_table[:email].eq(email_address)) + .where(email_table[:confirmed_at].not_eq(nil)) .take(1) # at most 1 record as there is a unique constraint where( @@ -1502,7 +1504,7 @@ class User < ApplicationRecord all_emails = [] all_emails << email unless temp_oauth_email? all_emails << private_commit_email if include_private_email - all_emails.concat(emails.map(&:email)) + all_emails.concat(emails.filter_map { |email| email.email if email.confirmed? }) all_emails.uniq end diff --git a/app/services/concerns/update_visibility_level.rb b/app/services/concerns/update_visibility_level.rb index 4cd14a2fb53..debcff0295c 100644 --- a/app/services/concerns/update_visibility_level.rb +++ b/app/services/concerns/update_visibility_level.rb @@ -5,7 +5,7 @@ module UpdateVisibilityLevel def valid_visibility_level_change?(target, new_visibility) return true unless new_visibility - new_visibility_level = Gitlab::VisibilityLevel.level_value(new_visibility) + new_visibility_level = Gitlab::VisibilityLevel.level_value(new_visibility, fallback_value: nil) if new_visibility_level != target.visibility_level_value unless can?(current_user, :change_visibility_level, target) && |