diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:45:17 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:45:17 +0300 |
| commit | 1cad287a7b40174786cadaecea9c91a68e49fcba (patch) | |
| tree | 7cdc2447c143cec003eb7c0e42a324f26902bc5d /app | |
| parent | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/groups/labels_controller.rb | 9 | ||||
| -rw-r--r-- | app/models/bulk_imports/entity.rb | 19 |
2 files changed, 20 insertions, 8 deletions
diff --git a/app/controllers/groups/labels_controller.rb b/app/controllers/groups/labels_controller.rb index 57bca5ebc52..f927cae90b1 100644 --- a/app/controllers/groups/labels_controller.rb +++ b/app/controllers/groups/labels_controller.rb @@ -4,7 +4,8 @@ class Groups::LabelsController < Groups::ApplicationController include ToggleSubscriptionAction before_action :label, only: [:edit, :update, :destroy] - before_action :authorize_admin_labels!, only: [:new, :create, :edit, :update, :destroy] + before_action :authorize_group_for_admin_labels!, only: [:new, :create, :edit, :update, :destroy] + before_action :authorize_label_for_admin_label!, only: [:edit, :update, :destroy] before_action :save_previous_label_path, only: [:edit] respond_to :html @@ -75,10 +76,14 @@ class Groups::LabelsController < Groups::ApplicationController protected - def authorize_admin_labels! + def authorize_group_for_admin_labels! return render_404 unless can?(current_user, :admin_label, @group) end + def authorize_label_for_admin_label! + return render_404 unless can?(current_user, :admin_label, @label) + end + def authorize_read_labels! return render_404 unless can?(current_user, :read_label, @group) end diff --git a/app/models/bulk_imports/entity.rb b/app/models/bulk_imports/entity.rb index 4f50a112141..644673e249e 100644 --- a/app/models/bulk_imports/entity.rb +++ b/app/models/bulk_imports/entity.rb @@ -41,19 +41,15 @@ class BulkImports::Entity < ApplicationRecord validates :project, absence: true, if: :group validates :group, absence: true, if: :project validates :source_type, presence: true - validates :source_full_path, presence: true, format: { - with: Gitlab::Regex.bulk_import_source_full_path_regex, - message: Gitlab::Regex.bulk_import_source_full_path_regex_message - } - + validates :source_full_path, presence: true validates :destination_name, presence: true, if: -> { group || project } validates :destination_namespace, exclusion: [nil], if: :group validates :destination_namespace, presence: true, if: :project? validate :validate_parent_is_a_group, if: :parent validate :validate_imported_entity_type - validate :validate_destination_namespace_ascendency, if: :group_entity? + validate :validate_source_full_path_format enum source_type: { group_entity: 0, project_entity: 1 } @@ -236,4 +232,15 @@ class BulkImports::Entity < ApplicationRecord ) end end + + def validate_source_full_path_format + validator = group? ? NamespacePathValidator : ProjectPathValidator + + return if validator.valid_path?(source_full_path) + + errors.add( + :source_full_path, + Gitlab::Regex.bulk_import_source_full_path_regex_message + ) + end end |