diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:34:04 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:34:24 +0300 |
commit | 3c93d74713f5a845429b4c19b046f57cc8ea325c (patch) | |
tree | 82a692612482b6a1369986e390c7d78958ddf9f0 /app | |
parent | f5fe9b63037d428aecb04c375579ef022ba98e1d (diff) |
Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee
Diffstat (limited to 'app')
7 files changed, 39 insertions, 10 deletions
diff --git a/app/assets/javascripts/diffs/store/mutations.js b/app/assets/javascripts/diffs/store/mutations.js index 4855ca87e91..f90e0a24d0e 100644 --- a/app/assets/javascripts/diffs/store/mutations.js +++ b/app/assets/javascripts/diffs/store/mutations.js @@ -167,7 +167,7 @@ export default { originalStartLineCode, ...(discussion.line_codes || []), ]; - const fileHash = discussion.diff_file.file_hash; + const fileHash = discussion.diff_file?.file_hash; const lineCheck = (line) => discussionLineCodes.some( (discussionLineCode) => diff --git a/app/assets/javascripts/diffs/utils/diff_file.js b/app/assets/javascripts/diffs/utils/diff_file.js index f2a3224d332..98e1c1cc849 100644 --- a/app/assets/javascripts/diffs/utils/diff_file.js +++ b/app/assets/javascripts/diffs/utils/diff_file.js @@ -77,7 +77,7 @@ export function prepareRawDiffFile({ file, allFiles, meta = false, index = -1 }) } export function collapsedType(file) { - const isManual = typeof file.viewer?.manuallyCollapsed === 'boolean'; + const isManual = typeof file?.viewer?.manuallyCollapsed === 'boolean'; return isManual ? DIFF_FILE_MANUAL_COLLAPSE : DIFF_FILE_AUTOMATIC_COLLAPSE; } @@ -85,8 +85,8 @@ export function collapsedType(file) { export function isCollapsed(file) { const type = collapsedType(file); const collapsedStates = { - [DIFF_FILE_AUTOMATIC_COLLAPSE]: file.viewer?.automaticallyCollapsed || false, - [DIFF_FILE_MANUAL_COLLAPSE]: file.viewer?.manuallyCollapsed, + [DIFF_FILE_AUTOMATIC_COLLAPSE]: file?.viewer?.automaticallyCollapsed || false, + [DIFF_FILE_MANUAL_COLLAPSE]: file?.viewer?.manuallyCollapsed, }; return collapsedStates[type]; diff --git a/app/assets/javascripts/notes/components/diff_with_note.vue b/app/assets/javascripts/notes/components/diff_with_note.vue index db32079e6b9..b1a2ab77fa8 100644 --- a/app/assets/javascripts/notes/components/diff_with_note.vue +++ b/app/assets/javascripts/notes/components/diff_with_note.vue @@ -41,7 +41,7 @@ export default { return getDiffMode(this.discussion.diff_file); }, diffViewerMode() { - return this.discussion.diff_file.viewer.name; + return this.discussion.diff_file?.viewer.name; }, fileDiffRefs() { return this.discussion.diff_file.diff_refs; @@ -96,6 +96,7 @@ export default { <template> <div :class="{ 'text-file': isTextFile }" class="diff-file file-holder"> <diff-file-header + v-if="discussion.diff_file" :discussion-path="discussion.discussion_path" :diff-file="discussion.diff_file" :can-current-user-fork="false" diff --git a/app/assets/javascripts/notes/components/noteable_discussion.vue b/app/assets/javascripts/notes/components/noteable_discussion.vue index a5939e1023c..7e79edfea15 100644 --- a/app/assets/javascripts/notes/components/noteable_discussion.vue +++ b/app/assets/javascripts/notes/components/noteable_discussion.vue @@ -169,7 +169,7 @@ export default { return !this.discussionResolved ? this.discussion.resolve_with_issue_path : ''; }, canShowReplyActions() { - if (this.shouldRenderDiffs && !this.discussion.diff_file.diff_refs) { + if (this.shouldRenderDiffs && !this.discussion.diff_file?.diff_refs) { return false; } diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 4fd307b5105..96c9aa89953 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -21,7 +21,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController end def new - @schedule = project.pipeline_schedules.new end def create @@ -113,6 +112,15 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController variables_attributes: [:id, :variable_type, :key, :secret_value, :_destroy]) end + def new_schedule + # We need the `ref` here for `authorize_create_pipeline_schedule!` + @schedule ||= project.pipeline_schedules.new(ref: params.dig(:schedule, :ref)) + end + + def authorize_create_pipeline_schedule! + return access_denied! unless can?(current_user, :create_pipeline_schedule, new_schedule) + end + def authorize_play_pipeline_schedule! return access_denied! unless can?(current_user, :play_pipeline_schedule, schedule) end diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb index 7b0d484f9f7..cbc60c4a30a 100644 --- a/app/policies/ci/pipeline_schedule_policy.rb +++ b/app/policies/ci/pipeline_schedule_policy.rb @@ -5,7 +5,18 @@ module Ci alias_method :pipeline_schedule, :subject condition(:protected_ref) do - ref_protected?(@user, @subject.project, @subject.project.repository.tag_exists?(@subject.ref), @subject.ref) + if full_ref?(@subject.ref) + is_tag = Gitlab::Git.tag_ref?(@subject.ref) + ref_name = Gitlab::Git.ref_name(@subject.ref) + else + # NOTE: this block should not be removed + # until the full ref validation is in place + # and all old refs are updated and validated + is_tag = @subject.project.repository.tag_exists?(@subject.ref) + ref_name = @subject.ref + end + + ref_protected?(@user, @subject.project, is_tag, ref_name) end condition(:owner_of_schedule) do @@ -31,6 +42,15 @@ module Ci enable :take_ownership_pipeline_schedule end - rule { protected_ref }.prevent :play_pipeline_schedule + rule { protected_ref }.policy do + prevent :play_pipeline_schedule + prevent :create_pipeline_schedule + end + + private + + def full_ref?(ref) + Gitlab::Git.tag_ref?(ref) || Gitlab::Git.branch_ref?(ref) + end end end diff --git a/app/services/discussions/capture_diff_note_positions_service.rb b/app/services/discussions/capture_diff_note_positions_service.rb index 3684a3f679a..f9b31e0f2f1 100644 --- a/app/services/discussions/capture_diff_note_positions_service.rb +++ b/app/services/discussions/capture_diff_note_positions_service.rb @@ -26,7 +26,7 @@ module Discussions active_diff_discussions = merge_request.notes.new_diff_notes.discussions.select do |discussion| discussion.active?(merge_request.diff_refs) end - paths = active_diff_discussions.flat_map { |n| n.diff_file.paths } + paths = active_diff_discussions.flat_map { |n| n.diff_file&.paths } [active_diff_discussions, paths] end |