diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-09 21:13:03 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-09 21:13:03 +0300 |
commit | 519f46346b22c1b7c1f4c2a4ce902e829354cb62 (patch) | |
tree | 568e97ac17a509445e9e6cf926ebaf47beeba9fb /app | |
parent | 07f3c9525c1df3ae1da995ea4fe6dd66bb61b9fd (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
20 files changed, 66 insertions, 81 deletions
diff --git a/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue b/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue index c715d6af28a..395770826d8 100644 --- a/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue +++ b/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue @@ -209,7 +209,7 @@ export default { </script> <template> - <div class="gl-display-flex" :class="{ 'gl-w-full': isNewPipelineGraph }"> + <div class="gl-display-flex" :class="{ 'gl-w-full gl-sm-w-auto': isNewPipelineGraph }"> <div :class="columnClass" class="linked-pipelines-column"> <div data-testid="linked-column-title" :class="computedTitleClasses"> {{ columnTitle }} diff --git a/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue b/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue index ed5ce02c32e..651662d6395 100644 --- a/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue +++ b/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue @@ -58,6 +58,10 @@ export default { i18n: { scheduleBadgeText: s__('Pipelines|Scheduled'), scheduleBadgeTooltip: __('This pipeline was created by a schedule'), + triggerBadgeText: __('trigger token'), + triggerBadgeTooltip: __( + 'This pipeline was created by an API call authenticated with a trigger token', + ), childBadgeText: s__('Pipelines|Child pipeline (%{linkStart}parent%{linkEnd})'), childBadgeTooltip: __('This is a child pipeline within the parent pipeline'), latestBadgeText: s__('Pipelines|latest'), @@ -462,6 +466,15 @@ export default { {{ $options.i18n.scheduleBadgeText }} </gl-badge> <gl-badge + v-if="badges.trigger" + v-gl-tooltip + :title="$options.i18n.triggerBadgeTooltip" + variant="info" + size="sm" + > + {{ $options.i18n.triggerBadgeText }} + </gl-badge> + <gl-badge v-if="badges.child" v-gl-tooltip :title="$options.i18n.childBadgeTooltip" diff --git a/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js b/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js index 0ab5d9bcda0..4966b657887 100644 --- a/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js +++ b/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js @@ -23,6 +23,7 @@ export const createPipelineDetailsHeaderApp = (elSelector, apolloProvider, graph failureReason, triggeredByPath, schedule, + trigger, child, latest, mergeTrainPipeline, @@ -60,6 +61,7 @@ export const createPipelineDetailsHeaderApp = (elSelector, apolloProvider, graph refText, badges: { schedule: parseBoolean(schedule), + trigger: parseBoolean(trigger), child: parseBoolean(child), latest: parseBoolean(latest), mergeTrainPipeline: parseBoolean(mergeTrainPipeline), diff --git a/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue b/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue index 237f1a0306a..31d8f207a63 100644 --- a/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue +++ b/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue @@ -1,7 +1,7 @@ <script> import { GlLink, GlPopover, GlSprintf, GlTooltipDirective, GlBadge } from '@gitlab/ui'; import { helpPagePath } from '~/helpers/help_page_helper'; -import { SCHEDULE_ORIGIN, API_ORIGIN } from '../constants'; +import { SCHEDULE_ORIGIN, API_ORIGIN, TRIGGER_ORIGIN } from '../constants'; export default { components: { @@ -31,6 +31,9 @@ export default { isScheduled() { return this.pipeline.source === SCHEDULE_ORIGIN; }, + isTriggered() { + return this.pipeline.source === TRIGGER_ORIGIN; + }, isInFork() { return Boolean( this.targetProjectFullPath && @@ -70,6 +73,15 @@ export default { >{{ __('scheduled') }}</gl-badge > <gl-badge + v-if="isTriggered" + v-gl-tooltip + :title="__('This pipeline was created by an API call authenticated with a trigger token')" + variant="info" + size="sm" + data-testid="pipeline-url-triggered" + >{{ __('trigger token') }}</gl-badge + > + <gl-badge v-if="pipeline.flags.latest" v-gl-tooltip :title="__('Latest pipeline for the most recent commit on this branch')" diff --git a/app/assets/javascripts/ci/pipelines_page/constants.js b/app/assets/javascripts/ci/pipelines_page/constants.js index a576ce7f4f5..438eda44afe 100644 --- a/app/assets/javascripts/ci/pipelines_page/constants.js +++ b/app/assets/javascripts/ci/pipelines_page/constants.js @@ -2,3 +2,4 @@ export const ANY_TRIGGER_AUTHOR = 'Any'; export const FILTER_PIPELINES_SEARCH_DELAY = 200; export const SCHEDULE_ORIGIN = 'schedule'; export const API_ORIGIN = 'api'; +export const TRIGGER_ORIGIN = 'trigger'; diff --git a/app/assets/javascripts/issuable/components/locked_badge.vue b/app/assets/javascripts/issuable/components/locked_badge.vue index f97ac888417..652d02e8f9d 100644 --- a/app/assets/javascripts/issuable/components/locked_badge.vue +++ b/app/assets/javascripts/issuable/components/locked_badge.vue @@ -20,9 +20,12 @@ export default { }, computed: { title() { - return sprintf(__('This %{issuable} is locked. Only project members can comment.'), { - issuable: issuableTypeText[this.issuableType], - }); + return sprintf( + __('The discussion in this %{issuable} is locked. Only project members can comment.'), + { + issuable: issuableTypeText[this.issuableType], + }, + ); }, }, }; diff --git a/app/assets/javascripts/notes/components/discussion_locked_widget.vue b/app/assets/javascripts/notes/components/discussion_locked_widget.vue index bcf9b4cf893..a999b633f64 100644 --- a/app/assets/javascripts/notes/components/discussion_locked_widget.vue +++ b/app/assets/javascripts/notes/components/discussion_locked_widget.vue @@ -24,7 +24,9 @@ export default { }, lockedIssueWarning() { return sprintf( - __('This %{issuableDisplayName} is locked. Only project members can comment.'), + __( + 'The discussion in this %{issuableDisplayName} is locked. Only project members can comment.', + ), { issuableDisplayName: this.issuableDisplayName }, ); }, diff --git a/app/assets/javascripts/observability/constants.js b/app/assets/javascripts/observability/constants.js index 02cd34db4c1..34c43a10fc0 100644 --- a/app/assets/javascripts/observability/constants.js +++ b/app/assets/javascripts/observability/constants.js @@ -1,7 +1,7 @@ export const SORTING_OPTIONS = { - CREATED_DESC: 'created_desc', - CREATED_ASC: 'created_asc', + TIMESTAMP_DESC: 'timestamp_desc', + TIMESTAMP_ASC: 'timestamp_asc', DURATION_DESC: 'duration_desc', DURATION_ASC: 'duration_asc', }; -export const DEFAULT_SORTING_OPTION = SORTING_OPTIONS.CREATED_DESC; +export const DEFAULT_SORTING_OPTION = SORTING_OPTIONS.TIMESTAMP_DESC; diff --git a/app/assets/javascripts/sidebar/components/lock/edit_form.vue b/app/assets/javascripts/sidebar/components/lock/edit_form.vue index c9e651370f9..1497b229a59 100644 --- a/app/assets/javascripts/sidebar/components/lock/edit_form.vue +++ b/app/assets/javascripts/sidebar/components/lock/edit_form.vue @@ -27,11 +27,10 @@ export default { <gl-sprintf :message=" __( - 'Unlock this %{issuableDisplayName}? %{strongStart}Everyone%{strongEnd} will be able to comment.', + 'Unlock this discussion? %{strongStart}Everyone%{strongEnd} will be able to comment.', ) " > - <template #issuableDisplayName>{{ issuableDisplayName }}</template> <template #strong="{ content }" ><strong>{{ content }}</strong></template > @@ -42,11 +41,10 @@ export default { <gl-sprintf :message=" __( - 'Lock this %{issuableDisplayName}? Only %{strongStart}project members%{strongEnd} will be able to comment.', + 'Lock this discussion? Only %{strongStart}project members%{strongEnd} will be able to comment.', ) " > - <template #issuableDisplayName>{{ issuableDisplayName }}</template> <template #strong="{ content }" ><strong>{{ content }}</strong></template > diff --git a/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue b/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue index 16235275a54..977d1d6f668 100644 --- a/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue +++ b/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue @@ -50,12 +50,12 @@ export default { issueCapitalized: __('Issue'), mergeRequest: __('merge request'), mergeRequestCapitalized: __('Merge request'), - lockingMergeRequest: __('Locking %{issuableDisplayName}'), - unlockingMergeRequest: __('Unlocking %{issuableDisplayName}'), - lockMergeRequest: __('Lock %{issuableDisplayName}'), - unlockMergeRequest: __('Unlock %{issuableDisplayName}'), - lockedMessage: __('%{issuableDisplayName} locked.'), - unlockedMessage: __('%{issuableDisplayName} unlocked.'), + lockingMergeRequest: __('Locking discussion'), + unlockingMergeRequest: __('Unlocking discussion'), + lockMergeRequest: __('Lock discussion'), + unlockMergeRequest: __('Unlock discussion'), + lockedMessage: __('Discussion locked.'), + unlockedMessage: __('Discussion unlocked.'), }, data() { return { @@ -152,7 +152,7 @@ export default { }) .catch(() => { const alertMessage = __( - 'Something went wrong trying to change the locked state of this %{issuableDisplayName}', + 'Something went wrong trying to change the locked state of the discussion', ); createAlert({ message: sprintf(alertMessage, { issuableDisplayName: this.issuableDisplayName }), diff --git a/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue b/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue index 0ec8b6e2a0a..3bee539688b 100644 --- a/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue +++ b/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue @@ -64,7 +64,7 @@ export default { }); }, lockedContextText() { - return sprintf(__('This %{noteableTypeText} is locked.'), { + return sprintf(__('The discussion in this %{noteableTypeText} is locked.'), { noteableTypeText: this.noteableTypeText, }); }, @@ -80,7 +80,7 @@ export default { <gl-sprintf :message=" __( - 'This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and %{lockedLinkStart}locked%{lockedLinkEnd}.', + 'This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and its %{lockedLinkStart}discussion is locked%{lockedLinkEnd}.', ) " > diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 4163ff8727c..83409c7e096 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -34,7 +34,6 @@ class JwtController < ApplicationController authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, request: request) - @raw_token = password if @authentication_result.failed? log_authentication_failed(login, @authentication_result) @@ -81,7 +80,6 @@ class JwtController < ApplicationController def additional_params { scopes: scopes_param, - raw_token: @raw_token, deploy_token: @authentication_result.deploy_token, auth_type: @authentication_result.type }.compact diff --git a/app/helpers/projects/pipeline_helper.rb b/app/helpers/projects/pipeline_helper.rb index 1558f013462..fc33e239451 100644 --- a/app/helpers/projects/pipeline_helper.rb +++ b/app/helpers/projects/pipeline_helper.rb @@ -37,6 +37,7 @@ module Projects failure_reason: pipeline.failure_reason, triggered_by_path: pipeline.child? ? pipeline_path(pipeline.triggered_by_pipeline) : '', schedule: pipeline.schedule?.to_s, + trigger: pipeline.trigger?.to_s, child: pipeline.child?.to_s, latest: pipeline.latest?.to_s, merge_train_pipeline: pipeline.merge_train_pipeline?.to_s, diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 2405ff3d252..920321a1699 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -11,6 +11,7 @@ class DeployToken < ApplicationRecord AVAILABLE_SCOPES = %i[read_repository read_registry write_registry read_package_registry write_package_registry].freeze GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token' + REQUIRED_DEPENDENCY_PROXY_SCOPES = %i[read_registry write_registry].freeze attribute :expires_at, default: -> { Forever.date } @@ -56,7 +57,7 @@ class DeployToken < ApplicationRecord def valid_for_dependency_proxy? group_type? && active? && - (Gitlab::Auth::REGISTRY_SCOPES & scopes).size == Gitlab::Auth::REGISTRY_SCOPES.size + REQUIRED_DEPENDENCY_PROXY_SCOPES.all? { |scope| scope.in?(scopes) } end def revoke! diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index f927d976f0d..ca170133105 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -69,9 +69,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy end condition(:dependency_proxy_access_allowed) do - valid_dependency_proxy_human_token || - valid_dependency_proxy_group_access_token || - valid_dependency_proxy_deploy_token + access_level(for_any_session: true) >= GroupMember::GUEST || valid_dependency_proxy_deploy_token end desc "Deploy token with read_package_registry scope" @@ -388,18 +386,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy user.is_a?(User) end - def user_is_human? - user_is_user? && user.human? - end - - def user_is_project_bot? - user_is_user? && user.project_bot? - end - - def user_is_deploy_token? - user.is_a?(DeployToken) - end - def group @subject end @@ -420,16 +406,8 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy resource_access_token_create_feature_available? && group.root_ancestor.namespace_settings.resource_access_token_creation_allowed? end - def valid_dependency_proxy_human_token - user_is_human? && access_level(for_any_session: true) >= GroupMember::GUEST - end - - def valid_dependency_proxy_group_access_token - user_is_project_bot? && access_level(for_any_session: true) >= GroupMember::GUEST - end - def valid_dependency_proxy_deploy_token - user_is_deploy_token? && @user&.valid_for_dependency_proxy? && @user&.has_access_to_group?(@subject) + @user.is_a?(DeployToken) && @user&.valid_for_dependency_proxy? && @user&.has_access_to_group?(@subject) end end diff --git a/app/services/auth/dependency_proxy_authentication_service.rb b/app/services/auth/dependency_proxy_authentication_service.rb index 9033baf8c15..164594d6f6c 100644 --- a/app/services/auth/dependency_proxy_authentication_service.rb +++ b/app/services/auth/dependency_proxy_authentication_service.rb @@ -5,11 +5,10 @@ module Auth AUDIENCE = 'dependency_proxy' HMAC_KEY = 'gitlab-dependency-proxy' DEFAULT_EXPIRE_TIME = 1.minute - REQUIRED_ABILITIES = %i[read_container_image create_container_image].freeze def execute(authentication_abilities:) return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled - return error('access forbidden', 403) unless valid_user_actor?(authentication_abilities) + return error('access forbidden', 403) unless valid_user_actor? { token: authorized_token.encoded } end @@ -34,17 +33,8 @@ module Auth private - def valid_user_actor?(authentication_abilities) - valid_human_user? || valid_group_access_token?(authentication_abilities) || valid_deploy_token? - end - - def valid_human_user? - current_user.is_a?(User) && current_user.human? - end - - def valid_group_access_token?(authentication_abilities) - current_user&.project_bot? && group_access_token&.active? && - (REQUIRED_ABILITIES & authentication_abilities).size == REQUIRED_ABILITIES.size + def valid_user_actor? + current_user || valid_deploy_token? end def valid_deploy_token? @@ -59,18 +49,8 @@ module Auth end end - def group_access_token - return unless current_user&.project_bot? - - PersonalAccessTokensFinder.new(state: 'active').find_by_token(raw_token) - end - def deploy_token params[:deploy_token] end - - def raw_token - params[:raw_token] - end end end diff --git a/app/services/system_notes/issuables_service.rb b/app/services/system_notes/issuables_service.rb index 8442ff81d41..c584d5ccca3 100644 --- a/app/services/system_notes/issuables_service.rb +++ b/app/services/system_notes/issuables_service.rb @@ -437,7 +437,7 @@ module SystemNotes def discussion_lock action = noteable.discussion_locked? ? 'locked' : 'unlocked' - body = "#{action} this #{noteable.class.to_s.titleize.downcase}" + body = "#{action} the discussion in this #{noteable.class.to_s.titleize.downcase}" if action == 'locked' track_issue_event(:track_issue_locked_action) diff --git a/app/views/projects/pages/new.html.haml b/app/views/projects/pages/new.html.haml index 89f8f62ea83..56dfc69d740 100644 --- a/app/views/projects/pages/new.html.haml +++ b/app/views/projects/pages/new.html.haml @@ -1,10 +1,5 @@ - @breadcrumb_link = project_pages_path(@project) - page_title s_('GitLabPages|Pages') -- if Feature.enabled?(:use_pipeline_wizard_for_pages, @project.group) - #js-pages{ data: @pipeline_wizard_data } -- else - = render 'header' - - = render 'use' +#js-pages{ data: @pipeline_wizard_data } diff --git a/app/views/projects/runners/_runner.html.haml b/app/views/projects/runners/_runner.html.haml index 12432cd3484..96b87767690 100644 --- a/app/views/projects/runners/_runner.html.haml +++ b/app/views/projects/runners/_runner.html.haml @@ -26,7 +26,8 @@ - elsif runner.project_type? = form_for [@project, @project.runner_projects.new] do |f| = f.hidden_field :runner_id, value: runner.id - = f.submit _('Enable for this project'), class: 'btn gl-button' + = render Pajamas::ButtonComponent.new(variant: :default, size: :small, type: :submit) do + = _('Enable for this project') - if runner.description.present? %p.gl-my-2 = runner.description diff --git a/app/views/shared/_md_preview.html.haml b/app/views/shared/_md_preview.html.haml index 1fd430527a1..7ac6a822420 100644 --- a/app/views/shared/_md_preview.html.haml +++ b/app/views/shared/_md_preview.html.haml @@ -5,7 +5,7 @@ .issuable-note-warning = sprite_icon('lock', css_class: 'icon') %span - = _('This merge request is locked.') + = _('The discussion in this merge request is locked.') = _('Only project members can comment.') .md-area.position-relative |