diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-16 03:12:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-16 03:12:06 +0300 |
commit | d22bc415db079dfffb443cf2e0e428542a8b14db (patch) | |
tree | efade75bdb2b49c872ae493340c76e9b2095d344 /app | |
parent | a7d47330045c163760517a49f5fd35854e089c6e (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/issue_links_controller.rb | 2 | ||||
-rw-r--r-- | app/models/pages_deployment.rb | 22 | ||||
-rw-r--r-- | app/policies/issue_policy.rb | 5 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 1 | ||||
-rw-r--r-- | app/serializers/linked_project_issue_entity.rb | 30 | ||||
-rw-r--r-- | app/services/admin/set_feature_flag_service.rb | 1 | ||||
-rw-r--r-- | app/services/issue_links/create_service.rb | 30 | ||||
-rw-r--r-- | app/services/issue_links/destroy_service.rb | 4 | ||||
-rw-r--r-- | app/services/projects/update_pages_service.rb | 3 |
9 files changed, 37 insertions, 61 deletions
diff --git a/app/controllers/projects/issue_links_controller.rb b/app/controllers/projects/issue_links_controller.rb index 4a5f9309aed..956557457fa 100644 --- a/app/controllers/projects/issue_links_controller.rb +++ b/app/controllers/projects/issue_links_controller.rb @@ -13,7 +13,7 @@ module Projects private def authorize_admin_issue_link! - render_403 unless can?(current_user, :admin_issue_link, issue) + render_403 unless can?(current_user, :admin_issue_link, @project) end def authorize_issue_link_association! diff --git a/app/models/pages_deployment.rb b/app/models/pages_deployment.rb index 2aa36a94171..0d87a8f6cf6 100644 --- a/app/models/pages_deployment.rb +++ b/app/models/pages_deployment.rb @@ -5,6 +5,9 @@ class PagesDeployment < ApplicationRecord include EachBatch include FileStoreMounter include Gitlab::Utils::StrongMemoize + include SafelyChangeColumnDefault + + columns_changing_default :upload_ready attribute :file_store, :integer, default: -> { ::Pages::DeploymentUploader.default_store } @@ -18,7 +21,12 @@ class PagesDeployment < ApplicationRecord scope :with_files_stored_remotely, -> { where(file_store: ::ObjectStorage::Store::REMOTE) } scope :project_id_in, ->(ids) { where(project_id: ids) } scope :with_path_prefix, ->(prefix) { where("COALESCE(path_prefix, '') = ?", prefix.to_s) } - scope :active, -> { where(deleted_at: nil).order(created_at: :desc) } + + # We have to mark the PagesDeployment upload as ready to ensure we only + # serve PagesDeployment which files are already uploaded. + scope :upload_ready, -> { where(upload_ready: true) } + + scope :active, -> { upload_ready.where(deleted_at: nil).order(created_at: :desc) } scope :deactivated, -> { where('deleted_at < ?', Time.now.utc) } validates :file, presence: true @@ -64,6 +72,18 @@ class PagesDeployment < ApplicationRecord return unless previous_changes.key?(:file) store_file_now! + mark_upload_as_finished! + end + + # We have to mark the PagesDeployment upload as ready to ensure we only + # serve PagesDeployment which files are already uploaded. + # + # This is required because we're uploading the file outside of the db transaction + # (https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114774) + def mark_upload_as_finished! + return unless file && file.exists? + + update_column(:upload_ready, true) end end diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb index dfb33fb386a..683c53d8d78 100644 --- a/app/policies/issue_policy.rb +++ b/app/policies/issue_policy.rb @@ -80,7 +80,6 @@ class IssuePolicy < IssuablePolicy rule { ~anonymous & can?(:read_issue) }.policy do enable :create_todo enable :update_subscription - enable :create_issue_link end rule { can?(:admin_issue) }.policy do @@ -104,10 +103,6 @@ class IssuePolicy < IssuablePolicy enable :admin_issue_relation end - rule { can?(:guest_access) & can?(:read_issue) & is_project_member }.policy do - enable :admin_issue_link - end - rule { can_read_crm_contacts }.policy do enable :read_crm_contacts end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index e0e04174110..bbb0e3df500 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -379,6 +379,7 @@ class ProjectPolicy < BasePolicy enable :admin_label enable :admin_milestone enable :admin_issue_board_list + enable :admin_issue_link enable :read_commit_status enable :read_build enable :read_container_image diff --git a/app/serializers/linked_project_issue_entity.rb b/app/serializers/linked_project_issue_entity.rb index 28dca69a8d4..c95f68f58a3 100644 --- a/app/serializers/linked_project_issue_entity.rb +++ b/app/serializers/linked_project_issue_entity.rb @@ -4,11 +4,10 @@ class LinkedProjectIssueEntity < LinkedIssueEntity include Gitlab::Utils::StrongMemoize expose :relation_path, override: true do |issue| - # Make sure the user can admin the links of one issue and - # create links in the other issue in order to return the removal link. - if can_create_or_destroy_issue_link?(issue) - project_issue_link_path(issuable.project, issuable.iid, - issue.issue_link_id) + # Make sure the user can admin both the current issue AND the + # referenced issue projects in order to return the removal link. + if can_admin_issue_link_on_current_project? && can_admin_issue_link?(issue.project) + project_issue_link_path(issuable.project, issuable.iid, issue.issue_link_id) end end @@ -18,24 +17,13 @@ class LinkedProjectIssueEntity < LinkedIssueEntity private - # A user can create/destroy an issue link if they can - # admin the links for one issue AND create links for the other - def can_create_or_destroy_issue_link?(issue) - (can_admin_issue_link?(issuable) && can_create_issue_link?(issue)) || - (can_admin_issue_link?(issue) && can_create_issue_link?(issuable)) - end - - def can_admin_issue_link_on_current_issue? - strong_memoize(:can_admin_on_current_issue) do - can_admin_issue_link?(issuable) + def can_admin_issue_link_on_current_project? + strong_memoize(:can_admin_on_current_project) do + can_admin_issue_link?(issuable.project) end end - def can_admin_issue_link?(issue) - Ability.allowed?(current_user, :admin_issue_link, issue) - end - - def can_create_issue_link?(issue) - Ability.allowed?(current_user, :create_issue_link, issue) + def can_admin_issue_link?(project) + Ability.allowed?(current_user, :admin_issue_link, project) end end diff --git a/app/services/admin/set_feature_flag_service.rb b/app/services/admin/set_feature_flag_service.rb index 3378be7eddd..e7969d02e0b 100644 --- a/app/services/admin/set_feature_flag_service.rb +++ b/app/services/admin/set_feature_flag_service.rb @@ -62,6 +62,7 @@ module Admin Feature.disable(name) elsif percentage_of_actors? Feature.enable_percentage_of_actors(name, percentage) + # Deprecated in favor of Feature.enabled?(name, :instance) + Feature.enable_percentage_of_actors(name, percentage) elsif percentage_of_time? Feature.enable_percentage_of_time(name, percentage) else diff --git a/app/services/issue_links/create_service.rb b/app/services/issue_links/create_service.rb index d4ef35d3c60..3523e945d37 100644 --- a/app/services/issue_links/create_service.rb +++ b/app/services/issue_links/create_service.rb @@ -4,17 +4,8 @@ module IssueLinks class CreateService < IssuableLinks::CreateService include IncidentManagement::UsageData - def execute - return error(issue_no_permission_error_message, 403) unless can?(current_user, :admin_issue_link, issuable) || - can?(current_user, :create_issue_link, issuable) - - super - end - def linkable_issuables(issues) - @linkable_issuables ||= issues.select do |issue| - can_create_destroy_issue_link?(issue) - end + @linkable_issuables ||= issues.select { |issue| can?(current_user, :admin_issue_link, issue) } end def previous_related_issuables @@ -23,21 +14,6 @@ module IssueLinks private - # A user can create/destroy an issue link if they can - # admin the links for one issue AND create links for the other - def can_create_destroy_issue_link?(issue) - (can_admin_issue_link?(issuable) && can_create_issue_link?(issue)) || - (can_admin_issue_link?(issue) && can_create_issue_link?(issuable)) - end - - def can_admin_issue_link?(issue) - Ability.allowed?(current_user, :admin_issue_link, issue) - end - - def can_create_issue_link?(issue) - Ability.allowed?(current_user, :create_issue_link, issue) - end - def readonly_issuables(issuables) @readonly_issuables ||= issuables.select { |issuable| issuable.readable_by?(current_user) } end @@ -49,10 +25,6 @@ module IssueLinks def link_class IssueLink end - - def issue_no_permission_error_message - _("Couldn't link issues. You must have at least the Guest role in the source issue's project.") - end end end diff --git a/app/services/issue_links/destroy_service.rb b/app/services/issue_links/destroy_service.rb index 2281bebcb86..9116e9fb703 100644 --- a/app/services/issue_links/destroy_service.rb +++ b/app/services/issue_links/destroy_service.rb @@ -3,13 +3,11 @@ module IssueLinks class DestroyService < IssuableLinks::DestroyService include IncidentManagement::UsageData - include Gitlab::Utils::StrongMemoize private def permission_to_remove_relation? - (can?(current_user, :admin_issue_link, link.source) && can?(current_user, :create_issue_link, link.target)) || - (can?(current_user, :admin_issue_link, link.target) && can?(current_user, :create_issue_link, link.source)) + can?(current_user, :admin_issue_link, source) && can?(current_user, :admin_issue_link, target) end def track_event diff --git a/app/services/projects/update_pages_service.rb b/app/services/projects/update_pages_service.rb index 83b28840d39..fd6c9a86540 100644 --- a/app/services/projects/update_pages_service.rb +++ b/app/services/projects/update_pages_service.rb @@ -98,7 +98,8 @@ module Projects file_count: deployment_update.entries_count, file_sha256: build.job_artifacts_archive.file_sha256, ci_build_id: build.id, - root_directory: build.options[:publish] + root_directory: build.options[:publish], + upload_ready: false } end |