diff options
Diffstat (limited to 'app/controllers/groups')
4 files changed, 72 insertions, 8 deletions
diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb new file mode 100644 index 00000000000..5b6503494c4 --- /dev/null +++ b/app/controllers/groups/observability_controller.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true +module Groups + class ObservabilityController < Groups::ApplicationController + feature_category :tracing + + content_security_policy do |p| + next if p.directives.blank? + + default_frame_src = p.directives['frame-src'] || p.directives['default-src'] + + # When ObservabilityUI is not authenticated, it needs to be able to redirect to the GL sign-in page, hence 'self' + frame_src_values = Array.wrap(default_frame_src) | [ObservabilityController.observability_url, "'self'"] + + p.frame_src(*frame_src_values) + end + + before_action :check_observability_allowed, only: :index + + def index + # Format: https://observe.gitlab.com/-/GROUP_ID + @observability_iframe_src = "#{ObservabilityController.observability_url}/-/#{@group.id}" + + # Uncomment below for testing with local GDK + # @observability_iframe_src = "#{ObservabilityController.observability_url}/9970?groupId=14485840" + + render layout: 'group', locals: { base_layout: 'layouts/fullscreen' } + end + + private + + def self.observability_url + return ENV['OVERRIDE_OBSERVABILITY_URL'] if ENV['OVERRIDE_OBSERVABILITY_URL'] + # TODO Make observability URL configurable https://gitlab.com/gitlab-org/opstrace/opstrace-ui/-/issues/80 + return "https://staging.observe.gitlab.com" if Gitlab.staging? + + "https://observe.gitlab.com" + end + + def check_observability_allowed + return render_404 unless self.class.observability_url.present? + + render_404 unless can?(current_user, :read_observability, @group) + end + end +end diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index aeb54527c69..652f12e34ba 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -5,12 +5,17 @@ class Groups::RunnersController < Groups::ApplicationController before_action :authorize_admin_group_runners!, only: [:edit, :update, :destroy, :pause, :resume] before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] + before_action only: [:show] do + push_frontend_feature_flag(:enforce_runner_token_expires_at) + end + feature_category :runner urgency :low def index finder = Ci::RunnersFinder.new(current_user: current_user, params: { group: @group }) @group_runners_limited_count = finder.execute.except(:limit, :offset).page.total_count_with_limit(:all, limit: 1000) + @group_runner_registration_token = @group.runners_token if can?(current_user, :register_group_runners, group) Gitlab::Tracking.event(self.class.name, 'index', user: current_user, namespace: @group) end @@ -22,7 +27,7 @@ class Groups::RunnersController < Groups::ApplicationController end def update - if Ci::Runners::UpdateRunnerService.new(@runner).update(runner_params) + if Ci::Runners::UpdateRunnerService.new(@runner).execute(runner_params).success? redirect_to group_runner_path(@group, @runner), notice: _('Runner was successfully updated.') else render 'edit' diff --git a/app/controllers/groups/settings/applications_controller.rb b/app/controllers/groups/settings/applications_controller.rb index bfe61696e0f..3557d485422 100644 --- a/app/controllers/groups/settings/applications_controller.rb +++ b/app/controllers/groups/settings/applications_controller.rb @@ -16,7 +16,7 @@ module Groups end def show - @created = get_created_session + @created = get_created_session if Feature.disabled?('hash_oauth_secrets') end def edit @@ -28,9 +28,15 @@ module Groups if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - set_created_session + if Feature.enabled?('hash_oauth_secrets') - redirect_to group_settings_application_url(@group, @application) + @created = true + render :show + else + set_created_session + + redirect_to group_settings_application_url(@group, @application) + end else set_index_vars render :index diff --git a/app/controllers/groups/settings/repository_controller.rb b/app/controllers/groups/settings/repository_controller.rb index b0431c31179..cb62ea2a543 100644 --- a/app/controllers/groups/settings/repository_controller.rb +++ b/app/controllers/groups/settings/repository_controller.rb @@ -5,8 +5,9 @@ module Groups class RepositoryController < Groups::ApplicationController layout 'group_settings' skip_cross_project_access_check :show - before_action :authorize_create_deploy_token! - before_action :define_deploy_token_variables + before_action :authorize_create_deploy_token!, only: :create_deploy_token + before_action :authorize_access!, only: :show + before_action :define_deploy_token_variables, if: -> { can?(current_user, :create_deploy_token, @group) } before_action do push_frontend_feature_flag(:ajax_new_deploy_token, @group) end @@ -16,13 +17,13 @@ module Groups def create_deploy_token result = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute - @new_deploy_token = result[:deploy_token] if result[:status] == :success + @created_deploy_token = result[:deploy_token] respond_to do |format| format.json do # IMPORTANT: It's a security risk to expose the token value more than just once here! - json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json + json = API::Entities::DeployTokenWithToken.represent(@created_deploy_token).as_json render json: json, status: result[:http_status] end format.html do @@ -31,6 +32,7 @@ module Groups end end else + @new_deploy_token = result[:deploy_token] respond_to do |format| format.json { render json: { message: result[:message] }, status: result[:http_status] } format.html do @@ -43,6 +45,10 @@ module Groups private + def authorize_access! + authorize_admin_group! + end + def define_deploy_token_variables @deploy_tokens = @group.deploy_tokens.active @@ -55,3 +61,5 @@ module Groups end end end + +Groups::Settings::RepositoryController.prepend_mod |