Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/groups')
-rw-r--r--app/controllers/groups/application_controller.rb22
-rw-r--r--app/controllers/groups/boards_controller.rb10
-rw-r--r--app/controllers/groups/dependency_proxy_for_containers_controller.rb2
-rw-r--r--app/controllers/groups/observability_controller.rb23
-rw-r--r--app/controllers/groups/settings/ci_cd_controller.rb2
-rw-r--r--app/controllers/groups/usage_quotas_controller.rb28
-rw-r--r--app/controllers/groups/variables_controller.rb2
7 files changed, 61 insertions, 28 deletions
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index f8cfa996447..5440908aee7 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -96,6 +96,28 @@ class Groups::ApplicationController < ApplicationController
def validate_root_group!
render_404 unless group.root?
end
+
+ def authorize_action!(action)
+ access_denied! unless can?(current_user, action, group)
+ end
+
+ def respond_to_missing?(method, *args)
+ case method.to_s
+ when /\Aauthorize_(.*)!\z/
+ true
+ else
+ super
+ end
+ end
+
+ def method_missing(method_sym, *arguments, &block)
+ case method_sym.to_s
+ when /\Aauthorize_(.*)!\z/
+ authorize_action!(Regexp.last_match(1).to_sym)
+ else
+ super
+ end
+ end
end
Groups::ApplicationController.prepend_mod_with('Groups::ApplicationController')
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index e1ba86220c7..6bb807be1c4 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -20,16 +20,14 @@ class Groups::BoardsController < Groups::ApplicationController
private
def board_finder
- strong_memoize :board_finder do
- Boards::BoardsFinder.new(parent, current_user, board_id: params[:id])
- end
+ Boards::BoardsFinder.new(parent, current_user, board_id: params[:id])
end
+ strong_memoize_attr :board_finder
def board_create_service
- strong_memoize :board_create_service do
- Boards::CreateService.new(parent, current_user)
- end
+ Boards::CreateService.new(parent, current_user)
end
+ strong_memoize_attr :board_create_service
def authorize_read_board!
access_denied! unless can?(current_user, :read_issue_board, group)
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index 2e9e0b12d2f..427df9a7129 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -117,7 +117,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
end
def blob_file_name
- @blob_file_name ||= params[:sha].sub('sha256:', '') + '.gz'
+ @blob_file_name ||= "#{params[:sha].sub('sha256:', '')}.gz"
end
def manifest_file_name
diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb
index 4b1f2b582ce..3baa5e830ff 100644
--- a/app/controllers/groups/observability_controller.rb
+++ b/app/controllers/groups/observability_controller.rb
@@ -1,18 +1,9 @@
# frozen_string_literal: true
module Groups
class ObservabilityController < Groups::ApplicationController
- feature_category :tracing
-
- content_security_policy do |p|
- next if p.directives.blank?
-
- default_frame_src = p.directives['frame-src'] || p.directives['default-src']
+ include ::Observability::ContentSecurityPolicy
- # When ObservabilityUI is not authenticated, it needs to be able to redirect to the GL sign-in page, hence 'self'
- frame_src_values = Array.wrap(default_frame_src) | [observability_url, "'self'"]
-
- p.frame_src(*frame_src_values)
- end
+ feature_category :tracing
before_action :check_observability_allowed
@@ -34,16 +25,8 @@ module Groups
render 'observability', layout: 'group', locals: { base_layout: 'layouts/fullscreen' }
end
- def self.observability_url
- Gitlab::Observability.observability_url
- end
-
- def observability_url
- self.class.observability_url
- end
-
def check_observability_allowed
- return render_404 unless observability_url.present?
+ return render_404 unless Gitlab::Observability.observability_url.present?
render_404 unless can?(current_user, :read_observability, @group)
end
diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb
index b1afac1f1c7..1dfa8cdf133 100644
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -15,6 +15,8 @@ module Groups
urgency :low
def show
+ @entity = :group
+ @variable_limit = ::Plan.default.actual_limits.group_ci_variables
end
def update
diff --git a/app/controllers/groups/usage_quotas_controller.rb b/app/controllers/groups/usage_quotas_controller.rb
new file mode 100644
index 00000000000..29878f0001d
--- /dev/null
+++ b/app/controllers/groups/usage_quotas_controller.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Groups
+ class UsageQuotasController < Groups::ApplicationController
+ before_action :authorize_read_usage_quotas!
+ before_action :verify_usage_quotas_enabled!
+
+ feature_category :subscription_cost_management
+ urgency :low
+
+ def index
+ # To be used in ee/app/controllers/ee/groups/usage_quotas_controller.rb
+ @seat_count_data = seat_count_data
+ end
+
+ private
+
+ def verify_usage_quotas_enabled!
+ render_404 unless Feature.enabled?(:usage_quotas_for_all_editions, group)
+ render_404 if group.has_parent?
+ end
+
+ # To be overriden in ee/app/controllers/ee/groups/usage_quotas_controller.rb
+ def seat_count_data; end
+ end
+end
+
+Groups::UsageQuotasController.prepend_mod
diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb
index 220b0b4509c..9ddf6c80c70 100644
--- a/app/controllers/groups/variables_controller.rb
+++ b/app/controllers/groups/variables_controller.rb
@@ -50,7 +50,7 @@ module Groups
end
def variable_params_attributes
- %i[id variable_type key secret_value protected masked _destroy]
+ %i[id variable_type key secret_value protected masked raw _destroy]
end
def authorize_admin_build!