diff options
Diffstat (limited to 'app/controllers')
75 files changed, 369 insertions, 223 deletions
diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb index 80aca7e21ce..eec56682300 100644 --- a/app/controllers/abuse_reports_controller.rb +++ b/app/controllers/abuse_reports_controller.rb @@ -1,14 +1,25 @@ # frozen_string_literal: true class AbuseReportsController < ApplicationController - before_action :set_user, only: [:new] + before_action :set_user, only: [:new, :add_category] feature_category :insider_threat def new - @abuse_report = AbuseReport.new - @abuse_report.user_id = @user.id - @ref_url = params.fetch(:ref_url, '') + @abuse_report = AbuseReport.new( + user_id: @user.id, + reported_from_url: params.fetch(:ref_url, '') + ) + end + + def add_category + @abuse_report = AbuseReport.new( + user_id: @user.id, + category: report_params[:category], + reported_from_url: report_params[:reported_from_url] + ) + + render :new end def create @@ -30,7 +41,7 @@ class AbuseReportsController < ApplicationController private def report_params - params.require(:abuse_report).permit(:message, :user_id) + params.require(:abuse_report).permit(:message, :user_id, :category, :reported_from_url) end # rubocop: disable CodeReuse/ActiveRecord diff --git a/app/controllers/admin/application_settings/appearances_controller.rb b/app/controllers/admin/application_settings/appearances_controller.rb index 1a8447185a7..3cb31ff756f 100644 --- a/app/controllers/admin/application_settings/appearances_controller.rb +++ b/app/controllers/admin/application_settings/appearances_controller.rb @@ -68,7 +68,7 @@ class Admin::ApplicationSettings::AppearancesController < Admin::ApplicationCont def allowed_appearance_params %i[ title - short_title + pwa_short_name description logo logo_cache diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index b8c1bc266f7..ade58ca0970 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -137,8 +137,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController unless job_id.length <= PARAM_JOB_ID_MAX_SIZE return render status: :bad_request, json: { - message: _('Parameter "job_id" cannot exceed length of %{job_id_max_size}' % - { job_id_max_size: PARAM_JOB_ID_MAX_SIZE }) + message: format(_('Parameter "job_id" cannot exceed length of %{job_id_max_size}'), job_id_max_size: PARAM_JOB_ID_MAX_SIZE) } end @@ -174,8 +173,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController unless job_id.length <= PARAM_JOB_ID_MAX_SIZE return render status: :bad_request, json: { - message: _('Parameter "job_id" cannot exceed length of %{job_id_max_size}' % - { job_id_max_size: PARAM_JOB_ID_MAX_SIZE }) + message: format(_('Parameter "job_id" cannot exceed length of %{job_id_max_size}'), job_id_max_size: PARAM_JOB_ID_MAX_SIZE) } end diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb index 093c5667a24..d641a26c9fb 100644 --- a/app/controllers/admin/broadcast_messages_controller.rb +++ b/app/controllers/admin/broadcast_messages_controller.rb @@ -99,7 +99,6 @@ module Admin end def push_features - push_frontend_feature_flag(:vue_broadcast_messages, current_user) push_frontend_feature_flag(:role_targeted_broadcast_messages, current_user) end end diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index 37dde065e70..dab0f3e870a 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -2,6 +2,7 @@ class Admin::DashboardController < Admin::ApplicationController include CountHelper + helper Admin::ComponentsHelper COUNTED_ITEMS = [Project, User, Group].freeze diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 8005babe19e..e3a33bafb62 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -41,7 +41,7 @@ class Admin::GroupsController < Admin::ApplicationController @group = ::Groups::CreateService.new(current_user, group_params).execute if @group.persisted? - redirect_to [:admin, @group], notice: _('Group %{group_name} was successfully created.') % { group_name: @group.name } + redirect_to [:admin, @group], notice: format(_('Group %{group_name} was successfully created.'), group_name: @group.name) else render "new" end @@ -66,7 +66,7 @@ class Admin::GroupsController < Admin::ApplicationController redirect_to admin_groups_path, status: :found, - alert: _('Group %{group_name} was scheduled for deletion.') % { group_name: @group.name } + alert: format(_('Group %{group_name} was scheduled for deletion.'), group_name: @group.name) end private diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb index 9d884478e98..ddc555add5c 100644 --- a/app/controllers/admin/impersonation_tokens_controller.rb +++ b/app/controllers/admin/impersonation_tokens_controller.rb @@ -25,9 +25,9 @@ class Admin::ImpersonationTokensController < Admin::ApplicationController @impersonation_token = finder.find(params[:id]) if @impersonation_token.revoke! - flash[:notice] = _("Revoked impersonation token %{token_name}!") % { token_name: @impersonation_token.name } + flash[:notice] = format(_("Revoked impersonation token %{token_name}!"), token_name: @impersonation_token.name) else - flash[:alert] = _("Could not revoke impersonation token %{token_name}.") % { token_name: @impersonation_token.name } + flash[:alert] = format(_("Could not revoke impersonation token %{token_name}."), token_name: @impersonation_token.name) end redirect_to admin_user_impersonation_tokens_path diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index 9e841487508..5d37bd27302 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -43,7 +43,7 @@ class Admin::ProjectsController < Admin::ApplicationController def destroy ::Projects::DestroyService.new(@project, current_user, {}).async_execute - flash[:notice] = _("Project '%{project_name}' is in the process of being deleted.") % { project_name: @project.full_name } + flash[:notice] = format(_("Project '%{project_name}' is in the process of being deleted."), project_name: @project.full_name) redirect_to admin_projects_path, status: :found rescue Projects::DestroyService::DestroyError => e diff --git a/app/controllers/admin/spam_logs_controller.rb b/app/controllers/admin/spam_logs_controller.rb index 180f4634136..984ae736697 100644 --- a/app/controllers/admin/spam_logs_controller.rb +++ b/app/controllers/admin/spam_logs_controller.rb @@ -16,7 +16,7 @@ class Admin::SpamLogsController < Admin::ApplicationController spam_log.remove_user(deleted_by: current_user) redirect_to admin_spam_logs_path, status: :found, - notice: _('User %{username} was successfully removed.') % { username: spam_log.user.username } + notice: format(_('User %{username} was successfully removed.'), username: spam_log.user.username) else spam_log.destroy head :ok diff --git a/app/controllers/admin/topics_controller.rb b/app/controllers/admin/topics_controller.rb index e97ead12f71..345a778772d 100644 --- a/app/controllers/admin/topics_controller.rb +++ b/app/controllers/admin/topics_controller.rb @@ -23,7 +23,7 @@ class Admin::TopicsController < Admin::ApplicationController @topic = Projects::Topic.new(topic_params) if @topic.save - redirect_to edit_admin_topic_path(@topic), notice: _('Topic %{topic_name} was successfully created.') % { topic_name: @topic.name } + redirect_to edit_admin_topic_path(@topic), notice: format(_('Topic %{topic_name} was successfully created.'), topic_name: @topic.name) else render "new" end @@ -42,7 +42,7 @@ class Admin::TopicsController < Admin::ApplicationController redirect_to admin_topics_path, status: :found, - notice: _('Topic %{topic_name} was successfully removed.') % { topic_name: @topic.title_or_name } + notice: format(_('Topic %{topic_name} was successfully removed.'), topic_name: @topic.title_or_name) end def merge @@ -53,7 +53,7 @@ class Admin::TopicsController < Admin::ApplicationController return render status: :bad_request, json: { type: :alert, message: response.message } if response.error? message = _('Topic %{source_topic} was successfully merged into topic %{target_topic}.') - flash[:toast] = message % { source_topic: source_topic.name, target_topic: target_topic.name } + flash[:toast] = format(message, source_topic: source_topic.name, target_topic: target_topic.name) redirect_to admin_topics_path, status: :found end diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 5f6e3f0062f..4f379d8a75b 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -57,7 +57,7 @@ class Admin::UsersController < Admin::ApplicationController log_impersonation_event - flash[:alert] = _("You are now impersonating %{username}") % { username: user.username } + flash[:alert] = format(_("You are now impersonating %{username}"), username: user.username) redirect_to root_path else @@ -81,7 +81,7 @@ class Admin::UsersController < Admin::ApplicationController result = Users::RejectService.new(current_user).execute(user) if result[:status] == :success - redirect_back_or_admin_user(notice: _("You've rejected %{user}" % { user: user.name })) + redirect_back_or_admin_user(notice: format(_("You've rejected %{user}"), user: user.name)) else redirect_back_or_admin_user(alert: result[:message]) end @@ -105,7 +105,7 @@ class Admin::UsersController < Admin::ApplicationController return redirect_back_or_admin_user(notice: _("Internal users cannot be deactivated")) if user.internal? unless user.can_be_deactivated? - return redirect_back_or_admin_user(notice: _("The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated") % { minimum_inactive_days: Gitlab::CurrentSettings.deactivate_dormant_users_period }) + return redirect_back_or_admin_user(notice: format(_("The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated"), minimum_inactive_days: Gitlab::CurrentSettings.deactivate_dormant_users_period)) end user.deactivate @@ -124,8 +124,12 @@ class Admin::UsersController < Admin::ApplicationController def unblock if user.ldap_blocked? - redirect_back_or_admin_user(alert: _("This user cannot be unlocked manually from GitLab")) - elsif update_user { |user| user.activate } + return redirect_back_or_admin_user(alert: _("This user cannot be unlocked manually from GitLab")) + end + + result = Users::UnblockService.new(current_user).execute(user) + + if result.success? redirect_back_or_admin_user(notice: _("Successfully unblocked")) else redirect_back_or_admin_user(alert: _("Error occurred. User was not unblocked")) @@ -153,7 +157,7 @@ class Admin::UsersController < Admin::ApplicationController end def unlock - if update_user { |user| user.unlock_access! } + if update_user(&:unlock_access!) redirect_back_or_admin_user(notice: _("Successfully unlocked")) else redirect_back_or_admin_user(alert: _("Error occurred. User was not unlocked")) @@ -161,7 +165,7 @@ class Admin::UsersController < Admin::ApplicationController end def confirm - if update_user { |user| user.force_confirm } + if update_user(&:force_confirm) redirect_back_or_admin_user(notice: _("Successfully confirmed")) else redirect_back_or_admin_user(alert: _("Error occurred. User was not confirmed")) @@ -358,6 +362,7 @@ class Admin::UsersController < Admin::ApplicationController :username, :website_url, :note, + :private_profile, credit_card_validation_attributes: [:credit_card_validated_at] ] end @@ -377,7 +382,7 @@ class Admin::UsersController < Admin::ApplicationController end def log_impersonation_event - Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) + Gitlab::AppLogger.info(format(_("User %{current_user_username} has started impersonating %{username}"), current_user_username: current_user.username, username: user.username)) end def can_impersonate_user diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e64d3110c3a..36aae42e21f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base include ::Gitlab::EndpointAttributes include FlocOptOut include CheckRateLimit + extend ContentSecurityPolicyPatch before_action :limit_session_time, if: -> { !current_user } before_action :authenticate_user!, except: [:route_not_found] diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 45585ab84b4..668b2ebaf9e 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -9,7 +9,7 @@ class AutocompleteController < ApplicationController feature_category :users, [:users, :user] feature_category :projects, [:projects] feature_category :team_planning, [:award_emojis] - feature_category :code_review, [:merge_request_target_branches] + feature_category :code_review_workflow, [:merge_request_target_branches] feature_category :continuous_delivery, [:deploy_keys_with_owners] urgency :low, [:merge_request_target_branches, :deploy_keys_with_owners, :users] diff --git a/app/controllers/concerns/access_tokens_actions.rb b/app/controllers/concerns/access_tokens_actions.rb index fdb08c6572f..6a84c436aae 100644 --- a/app/controllers/concerns/access_tokens_actions.rb +++ b/app/controllers/concerns/access_tokens_actions.rb @@ -43,9 +43,9 @@ module AccessTokensActions revoked_response = ResourceAccessTokens::RevokeService.new(current_user, resource, @resource_access_token).execute if revoked_response.success? - flash[:notice] = _("Revoked access token %{access_token_name}!") % { access_token_name: @resource_access_token.name } + flash[:notice] = format(_("Revoked access token %{access_token_name}!"), access_token_name: @resource_access_token.name) else - flash[:alert] = _("Could not revoke access token %{access_token_name}.") % { access_token_name: @resource_access_token.name } + flash[:alert] = format(_("Could not revoke access token %{access_token_name}."), access_token_name: @resource_access_token.name) end redirect_to resource_access_tokens_path diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb index 0eaf74fd3a9..fc3be3ad009 100644 --- a/app/controllers/concerns/check_rate_limit.rb +++ b/app/controllers/concerns/check_rate_limit.rb @@ -8,10 +8,7 @@ # See lib/api/helpers/rate_limiter.rb for API version module CheckRateLimit def check_rate_limit!(key, scope:, redirect_back: false, **options) - return if bypass_header_set? - return unless rate_limiter.throttled?(key, scope: scope, **options) - - rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + return unless Gitlab::ApplicationRateLimiter.throttled_request?(request, current_user, key, scope: scope, **options) return yield if block_given? @@ -23,14 +20,4 @@ module CheckRateLimit render plain: message, status: :too_many_requests end end - - private - - def rate_limiter - ::Gitlab::ApplicationRateLimiter - end - - def bypass_header_set? - ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1' - end end diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb index 32e1a46e580..ec5140bf223 100644 --- a/app/controllers/concerns/confirm_email_warning.rb +++ b/app/controllers/concerns/confirm_email_warning.rb @@ -19,10 +19,17 @@ module ConfirmEmailWarning email = current_user.unconfirmed_email || current_user.email - flash.now[:warning] = _("Please check your email (%{email}) to verify that you own this address and unlock the power of CI/CD. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.").html_safe % { + flash.now[:warning] = format( + confirm_warning_message, email: email, resend_link: view_context.link_to(_('Resend it'), user_confirmation_path(user: { email: email }), method: :post), update_link: view_context.link_to(_('Update it'), profile_path) - } + ).html_safe + end + + private + + def confirm_warning_message + _("Please check your email (%{email}) to verify that you own this address and unlock the power of CI/CD. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.") end end diff --git a/app/controllers/concerns/content_security_policy_patch.rb b/app/controllers/concerns/content_security_policy_patch.rb new file mode 100644 index 00000000000..a4dc232ee42 --- /dev/null +++ b/app/controllers/concerns/content_security_policy_patch.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +## +# `content_security_policy_with_context` makes the caller's context available to the invoked block, +# as this is currently not accessible from `content_security_policy` +# +# This patch is available in content_security_policy starting with Rails 7.2. +# Refs: https://github.com/rails/rails/pull/45115. +module ContentSecurityPolicyPatch + def content_security_policy_with_context(enabled = true, **options, &block) + if Rails.gem_version >= Gem::Version.new("7.2") + ActiveSupport::Deprecation.warn( + "content_security_policy_with_context should only be used with Rails < 7.2. + Use content_security_policy instead.") + end + + before_action(options) do + if block + policy = current_content_security_policy + instance_exec(policy, &block) + request.content_security_policy = policy + end + + request.content_security_policy = nil unless enabled + end + end +end diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index c8de041d5bd..cdef1a45a27 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -25,8 +25,9 @@ module EnforcesTwoFactorAuthentication case self when GraphqlController render_error( - _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") % - { mfa_help_page: mfa_help_page_url }, + format( + _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"), + mfa_help_page: mfa_help_page_url), status: :unauthorized ) else diff --git a/app/controllers/concerns/gitlab_recaptcha.rb b/app/controllers/concerns/gitlab_recaptcha.rb index cedadba5fc7..7b2382eee4c 100644 --- a/app/controllers/concerns/gitlab_recaptcha.rb +++ b/app/controllers/concerns/gitlab_recaptcha.rb @@ -2,7 +2,7 @@ module GitlabRecaptcha extend ActiveSupport::Concern - include Recaptcha::Verify + include Recaptcha::Adapters::ControllerMethods include RecaptchaHelper def load_recaptcha diff --git a/app/controllers/concerns/integrations/actions.rb b/app/controllers/concerns/integrations/actions.rb index e0a12555e11..7bebafae0fd 100644 --- a/app/controllers/concerns/integrations/actions.rb +++ b/app/controllers/concerns/integrations/actions.rb @@ -57,9 +57,9 @@ module Integrations::Actions def success_message if integration.active? - s_('Integrations|%{integration} settings saved and active.') % { integration: integration.title } + format(s_('Integrations|%{integration} settings saved and active.'), integration: integration.title) else - s_('Integrations|%{integration} settings saved, but not active.') % { integration: integration.title } + format(s_('Integrations|%{integration} settings saved, but not active.'), integration: integration.title) end end diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb index 74d998503b7..4d181ded071 100644 --- a/app/controllers/concerns/integrations/params.rb +++ b/app/controllers/concerns/integrations/params.rb @@ -5,6 +5,9 @@ module Integrations extend ActiveSupport::Concern ALLOWED_PARAMS_CE = [ + :app_store_issuer_id, + :app_store_key_id, + :app_store_private_key, :active, :alert_events, :api_key, @@ -38,6 +41,7 @@ module Integrations :external_wiki_url, :google_iap_service_account_json, :google_iap_audience_client_id, + :incident_events, :inherit_from_id, # We're using `issues_events` and `merge_requests_events` # in the view so we still need to explicitly state them diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 7b0d8cf8dcb..5060ce69d9c 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -3,6 +3,7 @@ module IssuableCollections extend ActiveSupport::Concern include PaginatedCollection + include SearchRateLimitable include SortingHelper include SortingPreference include Gitlab::Utils::StrongMemoize diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb index 7beb86b51fd..b8249345a54 100644 --- a/app/controllers/concerns/issuable_collections_action.rb +++ b/app/controllers/concerns/issuable_collections_action.rb @@ -5,6 +5,12 @@ module IssuableCollectionsAction include IssuableCollections include IssuesCalendar + included do + before_action :check_search_rate_limit!, only: [:issues, :merge_requests], if: -> { + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } + end + # rubocop:disable Gitlab/ModuleWithInstanceVariables def issues show_alert_if_search_is_disabled diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb index 1653b40bad5..1c4521e2353 100644 --- a/app/controllers/concerns/lfs_request.rb +++ b/app/controllers/concerns/lfs_request.rb @@ -80,7 +80,7 @@ module LfsRequest def lfs_download_access? ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code? || deploy_token_can_download_code? end - strong_memoize_attr :lfs_download_access?, :lfs_download_access + strong_memoize_attr :lfs_download_access? def deploy_token_can_download_code? deploy_token.present? && @@ -92,10 +92,12 @@ module LfsRequest return false unless has_authentication_ability?(:push_code) return false if limit_exceeded? - lfs_deploy_token? || can?(user, :push_code, -project) || can?(deploy_token, :push_code, project) || any_branch_allows_collaboration? + lfs_deploy_token? || + can?(user, :push_code, project) || + can?(deploy_token, :push_code, project) || + any_branch_allows_collaboration? end - strong_memoize_attr :lfs_upload_access?, :lfs_upload_access + strong_memoize_attr :lfs_upload_access? def any_branch_allows_collaboration? project.merge_requests_allowing_push_to_user(user).any? diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 28d0af7a118..7c6e449b509 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -11,7 +11,7 @@ module MembershipActions .new(current_user, update_params) .execute(member) - member = result[:member] + member = result[:members].first member_data = if member.expires? { @@ -66,8 +66,7 @@ module MembershipActions notice: _('Your request for access has been queued for review.') else redirect_to polymorphic_path(membershipable), - alert: _("Your request for access could not be processed: %{error_message}") % - { error_message: access_requester.errors.full_messages.to_sentence } + alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) end end @@ -87,9 +86,9 @@ module MembershipActions notice = if member.request? - _("Your access request to the %{source_type} has been withdrawn.") % { source_type: source_type } + format(_("Your access request to the %{source_type} has been withdrawn."), source_type: source_type) else - _("You left the \"%{membershipable_human_name}\" %{source_type}.") % { membershipable_human_name: membershipable.human_name, source_type: source_type } + format(_("You left the \"%{membershipable_human_name}\" %{source_type}."), membershipable_human_name: membershipable.human_name, source_type: source_type) end respond_to do |format| diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index a41e2d840ac..512dbf0de5d 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -100,7 +100,7 @@ module NotesActions def gather_all_notes now = Time.current - notes = merge_resource_events(notes_finder.execute.inc_relations_for_view) + notes = merge_resource_events(notes_finder.execute.inc_relations_for_view(noteable)) [notes, { last_fetched_at: (now.to_i * MICROSECOND) + now.usec }] end diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb index eccd1e1e3ef..3865e3b606d 100644 --- a/app/controllers/concerns/observability/content_security_policy.rb +++ b/app/controllers/concerns/observability/content_security_policy.rb @@ -5,8 +5,14 @@ module Observability extend ActiveSupport::Concern included do - content_security_policy do |p| - next if p.directives.blank? || Gitlab::Observability.observability_url.blank? + content_security_policy_with_context do |p| + current_group = if defined?(group) + group + else + defined?(project) ? project&.group : nil + end + + next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group) default_frame_src = p.directives['frame-src'] || p.directives['default-src'] diff --git a/app/controllers/concerns/redirects_for_missing_path_on_tree.rb b/app/controllers/concerns/redirects_for_missing_path_on_tree.rb index 085afbf3975..92574dfade9 100644 --- a/app/controllers/concerns/redirects_for_missing_path_on_tree.rb +++ b/app/controllers/concerns/redirects_for_missing_path_on_tree.rb @@ -8,7 +8,7 @@ module RedirectsForMissingPathOnTree private def missing_path_on_ref(path, ref) - _('"%{path}" did not exist on "%{ref}"') % { path: truncate_path(path), ref: ref } + format(_('"%{path}" did not exist on "%{ref}"'), path: truncate_path(path), ref: ref) end def truncate_path(path) diff --git a/app/controllers/concerns/renders_blob.rb b/app/controllers/concerns/renders_blob.rb index a15bf27a22f..c3ccd9edd87 100644 --- a/app/controllers/concerns/renders_blob.rb +++ b/app/controllers/concerns/renders_blob.rb @@ -35,6 +35,6 @@ module RendersBlob def conditionally_expand_blobs(blobs) return unless params[:expanded] == 'true' - blobs.each { |blob| blob.expand! } + blobs.each(&:expand!) end end diff --git a/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb b/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb index 044519004b2..6ba079ee658 100644 --- a/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb +++ b/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb @@ -9,7 +9,7 @@ module SpammableActions::AkismetMarkAsSpamAction def mark_as_spam if Spam::AkismetMarkAsSpamService.new(target: spammable).execute - redirect_to spammable_path, notice: _("%{spammable_titlecase} was submitted to Akismet successfully.") % { spammable_titlecase: spammable.spammable_entity_type.titlecase } + redirect_to spammable_path, notice: format(_("%{spammable_titlecase} was submitted to Akismet successfully."), spammable_titlecase: spammable.spammable_entity_type.titlecase) else redirect_to spammable_path, alert: _('Error with Akismet. Please check the logs for more info.') end diff --git a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb index 707c1e6c84f..23db6a4b368 100644 --- a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb +++ b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb @@ -24,7 +24,7 @@ module SpammableActions::CaptchaCheck::HtmlFormatActionsSupport # Convert spam/CAPTCHA values from form field params to headers, because all spam-related services # expect these values to be passed as headers. # - # The 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the + # The 'g-recaptcha-response' field name comes from `Recaptcha::Adapters::ViewMethods#recaptcha_tags` in the # recaptcha gem. This is a field which is automatically included by calling the # `#recaptcha_tags` method within a HAML template's form. def convert_html_spam_params_to_headers diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 0ba13896631..308da018a42 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -5,7 +5,7 @@ module UploadsActions include Gitlab::Utils::StrongMemoize include SendFileUpload - UPLOAD_MOUNTS = %w[avatar attachment file logo header_logo favicon].freeze + UPLOAD_MOUNTS = %w[avatar attachment file logo pwa_icon header_logo favicon].freeze included do prepend_before_action :set_request_format_from_path_extension diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb index 3cada24a81a..82388090350 100644 --- a/app/controllers/concerns/verifies_with_email.rb +++ b/app/controllers/concerns/verifies_with_email.rb @@ -105,8 +105,10 @@ module VerifiesWithEmail end def render_sign_in_rate_limited - message = s_('IdentityVerification|Maximum login attempts exceeded. '\ - 'Wait %{interval} and try again.') % { interval: user_sign_in_interval } + message = format( + s_('IdentityVerification|Maximum login attempts exceeded. Wait %{interval} and try again.'), + interval: user_sign_in_interval + ) redirect_to new_user_session_path, alert: message end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 82e5bb6cd7c..3d9184979d7 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -16,7 +16,7 @@ class DashboardController < Dashboard::ApplicationController feature_category :users, [:activity] feature_category :team_planning, [:issues, :issues_calendar] - feature_category :code_review, [:merge_requests] + feature_category :code_review_workflow, [:merge_requests] urgency :low, [:merge_requests, :activity] urgency :low, [:issues, :issues_calendar] diff --git a/app/controllers/groups/autocomplete_sources_controller.rb b/app/controllers/groups/autocomplete_sources_controller.rb index 171494e66bd..6936733c4f7 100644 --- a/app/controllers/groups/autocomplete_sources_controller.rb +++ b/app/controllers/groups/autocomplete_sources_controller.rb @@ -3,7 +3,7 @@ class Groups::AutocompleteSourcesController < Groups::ApplicationController feature_category :subgroups, [:members] feature_category :team_planning, [:issues, :labels, :milestones, :commands] - feature_category :code_review, [:merge_requests] + feature_category :code_review_workflow, [:merge_requests] urgency :low, [:issues, :labels, :milestones, :commands, :merge_requests, :members] diff --git a/app/controllers/groups/imports_controller.rb b/app/controllers/groups/imports_controller.rb index a35237a706d..569e26b3de9 100644 --- a/app/controllers/groups/imports_controller.rb +++ b/app/controllers/groups/imports_controller.rb @@ -14,7 +14,8 @@ class Groups::ImportsController < Groups::ApplicationController redirect_to group_path(@group), notice: s_('GroupImport|The group was successfully imported.') end elsif @group.import_state.failed? - redirect_to new_group_path(@group), alert: s_('GroupImport|Failed to import group.') + redirect_to new_group_path(@group), + alert: format(s_('GroupImport|Failed to import group: %{error}'), error: @group.import_state.last_error) else flash.now[:notice] = continue_params[:notice_now] end diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb index 3baa5e830ff..726af00a10e 100644 --- a/app/controllers/groups/observability_controller.rb +++ b/app/controllers/groups/observability_controller.rb @@ -19,6 +19,10 @@ module Groups render_observability end + def datasources + render_observability + end + private def render_observability @@ -26,9 +30,7 @@ module Groups end def check_observability_allowed - return render_404 unless Gitlab::Observability.observability_url.present? - - render_404 unless can?(current_user, :read_observability, @group) + render_404 unless Gitlab::Observability.observability_enabled?(current_user, group) end end end diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index 1dfa8cdf133..78e3ffa4af9 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -23,7 +23,7 @@ module Groups if update_group_service.execute flash[:notice] = s_('GroupSettings|Pipeline settings was updated for the group') else - flash[:alert] = s_("GroupSettings|There was a problem updating the pipeline settings: %{error_messages}." % { error_messages: group.errors.full_messages }) + flash[:alert] = format(s_("GroupSettings|There was a problem updating the pipeline settings: %{error_messages}."), error_messages: group.errors.full_messages) end redirect_to group_settings_ci_cd_path @@ -33,7 +33,7 @@ module Groups if auto_devops_service.execute flash[:notice] = s_('GroupSettings|Auto DevOps pipeline was updated for the group') else - flash[:alert] = s_("GroupSettings|There was a problem updating Auto DevOps pipeline: %{error_messages}." % { error_messages: group.errors.full_messages }) + flash[:alert] = format(s_("GroupSettings|There was a problem updating Auto DevOps pipeline: %{error_messages}."), error_messages: group.errors.full_messages) end redirect_to group_settings_ci_cd_path diff --git a/app/controllers/groups/usage_quotas_controller.rb b/app/controllers/groups/usage_quotas_controller.rb index 29878f0001d..b660eb3af99 100644 --- a/app/controllers/groups/usage_quotas_controller.rb +++ b/app/controllers/groups/usage_quotas_controller.rb @@ -16,8 +16,7 @@ module Groups private def verify_usage_quotas_enabled! - render_404 unless Feature.enabled?(:usage_quotas_for_all_editions, group) - render_404 if group.has_parent? + render_404 unless group.usage_quotas_enabled? end # To be overriden in ee/app/controllers/ee/groups/usage_quotas_controller.rb diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 0a487bb2508..e440b60ad1f 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -8,7 +8,7 @@ class GroupsController < Groups::ApplicationController include RecordUserLastActivity include SendFileUpload include FiltersEvents - include Recaptcha::Verify + include Recaptcha::Adapters::ControllerMethods extend ::Gitlab::Utils::Override respond_to :html @@ -55,7 +55,7 @@ class GroupsController < Groups::ApplicationController ] feature_category :team_planning, [:issues, :issues_calendar, :preview_markdown] - feature_category :code_review, [:merge_requests, :unfoldered_environment_names] + feature_category :code_review_workflow, [:merge_requests, :unfoldered_environment_names] feature_category :projects, [:projects] feature_category :importers, [:export, :download_export] urgency :low, [:export, :download_export] @@ -256,7 +256,7 @@ class GroupsController < Groups::ApplicationController def determine_layout if [:new, :create].include?(action_name.to_sym) - 'application' + 'dashboard' elsif [:edit, :update, :projects].include?(action_name.to_sym) 'group_settings' else diff --git a/app/controllers/ide_controller.rb b/app/controllers/ide_controller.rb index 8a8c41e65b9..bedeae3cf54 100644 --- a/app/controllers/ide_controller.rb +++ b/app/controllers/ide_controller.rb @@ -10,7 +10,6 @@ class IdeController < ApplicationController before_action do push_frontend_feature_flag(:build_service_proxy) - push_frontend_feature_flag(:schema_linting) push_frontend_feature_flag(:reject_unsigned_commits_by_gitlab) define_index_vars end diff --git a/app/controllers/import/available_namespaces_controller.rb b/app/controllers/import/available_namespaces_controller.rb deleted file mode 100644 index c16c40cefea..00000000000 --- a/app/controllers/import/available_namespaces_controller.rb +++ /dev/null @@ -1,10 +0,0 @@ -# frozen_string_literal: true - -class Import::AvailableNamespacesController < ApplicationController - feature_category :importers - urgency :low - - def index - render json: NamespaceSerializer.new.represent(current_user.manageable_groups_with_routes(include_groups_with_developer_maintainer_access: true)) - end -end diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb index 1d05cee02d4..8a0f4a36781 100644 --- a/app/controllers/import/bitbucket_controller.rb +++ b/app/controllers/import/bitbucket_controller.rb @@ -78,12 +78,12 @@ class Import::BitbucketController < Import::BaseController override :importable_repos def importable_repos - bitbucket_repos.filter { |repo| repo.valid? } + bitbucket_repos.filter(&:valid?) end override :incompatible_repos def incompatible_repos - bitbucket_repos.reject { |repo| repo.valid? } + bitbucket_repos.reject(&:valid?) end def provider_url diff --git a/app/controllers/import/bitbucket_server_controller.rb b/app/controllers/import/bitbucket_server_controller.rb index 12147196749..40664922d3d 100644 --- a/app/controllers/import/bitbucket_server_controller.rb +++ b/app/controllers/import/bitbucket_server_controller.rb @@ -63,12 +63,12 @@ class Import::BitbucketServerController < Import::BaseController override :importable_repos def importable_repos - bitbucket_repos.filter { |repo| repo.valid? } + bitbucket_repos.filter(&:valid?) end override :incompatible_repos def incompatible_repos - bitbucket_repos.reject { |repo| repo.valid? } + bitbucket_repos.reject(&:valid?) end override :provider_name diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb index 9a7118ce498..e9705c45116 100644 --- a/app/controllers/import/bulk_imports_controller.rb +++ b/app/controllers/import/bulk_imports_controller.rb @@ -3,8 +3,11 @@ class Import::BulkImportsController < ApplicationController include ActionView::Helpers::SanitizeHelper - before_action :ensure_group_import_enabled + before_action :ensure_bulk_import_enabled before_action :verify_blocked_uri, only: :status + before_action only: :status do + push_frontend_feature_flag(:bulk_import_projects) + end feature_category :importers urgency :low @@ -17,6 +20,9 @@ class Import::BulkImportsController < ApplicationController session[access_token_key] = configure_params[access_token_key]&.strip session[url_key] = configure_params[url_key] + verify_blocked_uri && performed? && return + validate_configure_params! + redirect_to status_import_bulk_imports_url(namespace_id: params[:namespace_id]) end @@ -100,6 +106,16 @@ class Import::BulkImportsController < ApplicationController params.permit(access_token_key, url_key) end + def validate_configure_params! + client = BulkImports::Clients::HTTP.new( + url: credentials[:url], + token: credentials[:access_token] + ) + + client.validate_instance_version! + client.validate_import_scopes! + end + def create_params params.permit(bulk_import: bulk_import_params)[:bulk_import] end @@ -115,11 +131,12 @@ class Import::BulkImportsController < ApplicationController destination_name destination_slug destination_namespace + migrate_projects ] end - def ensure_group_import_enabled - render_404 unless ::BulkImports::Features.enabled? + def ensure_bulk_import_enabled + render_404 unless Gitlab::CurrentSettings.bulk_import_enabled? end def access_token_key diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index cb58b5974ca..9a8f6a74653 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -150,7 +150,7 @@ class Import::GithubController < Import::BaseController end def client_repos_response - @client_repos_response ||= client_proxy.repos(sanitized_filter_param, pagination_options) + @client_repos_response ||= client_proxy.repos(sanitized_filter_param, fetch_repos_options) end def client_repos @@ -160,7 +160,11 @@ class Import::GithubController < Import::BaseController def sanitized_filter_param super - @filter = @filter&.tr(' ', '')&.tr(':', '') + @filter = sanitize_query_param(@filter) + end + + def sanitize_query_param(value) + value.to_s.first(255).gsub(/[ :]/, '') end def verify_import_enabled @@ -222,6 +226,10 @@ class Import::GithubController < Import::BaseController head :too_many_requests end + def fetch_repos_options + pagination_options.merge(relation_options) + end + def pagination_options { before: params[:before].presence, @@ -233,6 +241,13 @@ class Import::GithubController < Import::BaseController per_page: PAGE_LENGTH } end + + def relation_options + { + relation_type: params[:relation_type], + organization_login: sanitize_query_param(params[:organization_login]) + } + end end Import::GithubController.prepend_mod_with('Import::GithubController') diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 8650b6cbc6f..5bd3b74af1f 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -186,7 +186,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController persist_accepted_terms_if_required(user) if new_user store_after_sign_up_path_for_user if intent_to_register? - sign_in_and_redirect(user, event: :authentication) + sign_in_and_redirect_or_confirm_identity(user, auth_user, new_user) end else fail_login(user) @@ -306,7 +306,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def persist_accepted_terms_if_required(user) - return unless Feature.enabled?(:update_oauth_registration_flow) return unless user.persisted? return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms? @@ -317,6 +316,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def store_after_sign_up_path_for_user store_location_for(:user, users_sign_up_welcome_path) end + + # overridden in EE + def sign_in_and_redirect_or_confirm_identity(user, _, _) + sign_in_and_redirect(user, event: :authentication) + end end OmniauthCallbacksController.prepend_mod_with('OmniauthCallbacksController') diff --git a/app/controllers/profiles/avatars_controller.rb b/app/controllers/profiles/avatars_controller.rb index d9e4b9a149d..55a2904ce83 100644 --- a/app/controllers/profiles/avatars_controller.rb +++ b/app/controllers/profiles/avatars_controller.rb @@ -6,7 +6,7 @@ class Profiles::AvatarsController < Profiles::ApplicationController def destroy @user = current_user - Users::UpdateService.new(current_user, user: @user).execute { |user| user.remove_avatar! } + Users::UpdateService.new(current_user, user: @user).execute(&:remove_avatar!) redirect_to profile_path, status: :found end diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 03b7cc9f892..c36f03d3e69 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -206,7 +206,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController def webauthn_options WebAuthn::Credential.options_for_create( user: { id: current_user.webauthn_xid, name: current_user.username }, - exclude: current_user.webauthn_registrations.map { |c| c.credential_xid }, + exclude: current_user.webauthn_registrations.map(&:credential_xid), authenticator_selection: { user_verification: 'discouraged' }, rp: { name: 'GitLab' } ) diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index c3dcde38d09..3201538a393 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -82,6 +82,7 @@ class Projects::ArtifactsController < Projects::ApplicationController def raw return render_404 unless zip_artifact? + return render_404 unless artifacts_file path = Gitlab::Ci::Build::Artifacts::Path.new(params[:path]) diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb index ef20c71cd77..000203079cc 100644 --- a/app/controllers/projects/autocomplete_sources_controller.rb +++ b/app/controllers/projects/autocomplete_sources_controller.rb @@ -5,7 +5,7 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController before_action :authorize_read_crm_contact!, only: :contacts feature_category :team_planning, [:issues, :labels, :milestones, :commands, :contacts] - feature_category :code_review, [:merge_requests] + feature_category :code_review_workflow, [:merge_requests] feature_category :users, [:members] feature_category :source_code_management, [:snippets] @@ -33,7 +33,7 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController end def commands - render json: autocomplete_service.commands(target, params[:type]) + render json: autocomplete_service.commands(target) end def snippets diff --git a/app/controllers/projects/ci/pipeline_editor_controller.rb b/app/controllers/projects/ci/pipeline_editor_controller.rb index 84e5d59a2c3..1942a5fef7b 100644 --- a/app/controllers/projects/ci/pipeline_editor_controller.rb +++ b/app/controllers/projects/ci/pipeline_editor_controller.rb @@ -2,9 +2,6 @@ class Projects::Ci::PipelineEditorController < Projects::ApplicationController before_action :check_can_collaborate! - before_action do - push_frontend_feature_flag(:schema_linting, @project) - end feature_category :pipeline_authoring diff --git a/app/controllers/projects/design_management/designs/resized_image_controller.rb b/app/controllers/projects/design_management/designs/resized_image_controller.rb index 50a997f32db..6bf304419e1 100644 --- a/app/controllers/projects/design_management/designs/resized_image_controller.rb +++ b/app/controllers/projects/design_management/designs/resized_image_controller.rb @@ -8,12 +8,13 @@ module Projects include SendFileUpload before_action :validate_size! + before_action :validate_sha! skip_before_action :default_cache_headers, only: :show def show relation = design.actions - relation = relation.up_to_version(sha) if sha + relation = relation.up_to_version(version) if version action = relation.most_recent.first return render_404 unless action @@ -37,9 +38,19 @@ module Projects render_404 unless ::DesignManagement::DESIGN_IMAGE_SIZES.include?(size) end + def validate_sha! + render_404 if sha && version.blank? + end + def size params[:id] end + + def version + return if sha.blank? + + @version ||= design.versions.find_by_sha(sha) + end end end end diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index 537fd3854c4..ea1288c0b20 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -299,6 +299,16 @@ class Projects::EnvironmentsController < Projects::ApplicationController def authorize_update_environment! access_denied! unless can?(current_user, :update_environment, environment) end + + def append_info_to_payload(payload) + super + + return unless Feature.enabled?(:environments_search_logging) && params[:search].present? + + # Merging to :metadata will ensure these are logged as top level keys + payload[:metadata] ||= {} + payload[:metadata]['meta.environment.search'] = params[:search] + end end Projects::EnvironmentsController.prepend_mod_with('Projects::EnvironmentsController') diff --git a/app/controllers/projects/google_cloud/deployments_controller.rb b/app/controllers/projects/google_cloud/deployments_controller.rb index 041486eb2fb..fae8dbd59c7 100644 --- a/app/controllers/projects/google_cloud/deployments_controller.rb +++ b/app/controllers/projects/google_cloud/deployments_controller.rb @@ -75,6 +75,13 @@ The `deploy-to-cloud-run` job: * `GCP_PROJECT_ID` * `GCP_SERVICE_ACCOUNT_KEY` * Job definition can be found at: https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library +* Uses CI/CD variables to configure the deployment. You can override the default values by adding these variables: + * `GCP_CLOUD_RUN_MAX_INSTANCES` + * `GCP_CLOUD_RUN_MIN_INSTANCES` + * `GCP_CLOUD_RUN_CONCURRENCY` + * `GCP_CLOUD_RUN_CPU` + * `GCP_CLOUD_RUN_MEMORY` + * `GCP_CLOUD_RUN_TIMEOUT` This pipeline definition has been committed to the branch `#{branch_name}`. You may modify the pipeline definition further or accept the changes as-is if suitable. diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb index 08eebfa0e4b..451f1d1363b 100644 --- a/app/controllers/projects/group_links_controller.rb +++ b/app/controllers/projects/group_links_controller.rb @@ -2,13 +2,13 @@ class Projects::GroupLinksController < Projects::ApplicationController layout 'project_settings' - before_action :authorize_admin_project! + before_action :authorize_admin_project!, except: [:destroy] + before_action :authorize_admin_project_group_link!, only: [:destroy] before_action :authorize_admin_project_member!, only: [:update] feature_category :subgroups def update - group_link = @project.project_group_links.find(params[:id]) Projects::GroupLinks::UpdateService.new(group_link, current_user).execute(group_link_params) if group_link.expires? @@ -22,13 +22,15 @@ class Projects::GroupLinksController < Projects::ApplicationController end def destroy - group_link = project.project_group_links.find(params[:id]) - ::Projects::GroupLinks::DestroyService.new(project, current_user).execute(group_link) respond_to do |format| format.html do - redirect_to project_project_members_path(project), status: :found + if can?(current_user, :admin_group, group_link.group) + redirect_to group_path(group_link.group), status: :found + elsif can?(current_user, :admin_project, group_link.project) + redirect_to project_project_members_path(project), status: :found + end end format.js { head :ok } end @@ -36,6 +38,15 @@ class Projects::GroupLinksController < Projects::ApplicationController protected + def authorize_admin_project_group_link! + render_404 unless can?(current_user, :admin_project_group_link, group_link) + end + + def group_link + @project.project_group_links.find(params[:id]) + end + strong_memoize_attr :group_link + def group_link_params params.require(:group_link).permit(:group_access, :expires_at) end diff --git a/app/controllers/projects/incidents_controller.rb b/app/controllers/projects/incidents_controller.rb index 3842a88d15b..8e4fbf24ca2 100644 --- a/app/controllers/projects/incidents_controller.rb +++ b/app/controllers/projects/incidents_controller.rb @@ -10,6 +10,7 @@ class Projects::IncidentsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc, @project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?) + push_frontend_feature_flag(:incident_event_tags, project) end feature_category :incident_management diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 631e697dd2f..06c16297ce8 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -27,6 +27,10 @@ class Projects::IssuesController < Projects::ApplicationController before_action :set_issuables_index, if: ->(c) { SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? } + before_action :check_search_rate_limit!, if: ->(c) { + SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? && + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } # Allow write(create) issue before_action :authorize_create_issue!, only: [:new, :create] @@ -59,7 +63,7 @@ class Projects::IssuesController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) push_frontend_feature_flag(:epic_widget_edit_confirmation, project) - push_frontend_feature_flag(:use_iid_in_work_items_path, project) + push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group) push_force_frontend_feature_flag(:work_items_create_from_markdown, project&.work_items_create_from_markdown_feature_flag_enabled?) end @@ -436,7 +440,7 @@ class Projects::IssuesController < Projects::ApplicationController def create_vulnerability_issue_feedback(issue); end def redirect_if_work_item - return unless allowed_work_item? + return unless use_work_items_path?(issue) if Feature.enabled?(:use_iid_in_work_items_path, project.group) redirect_to project_work_items_path(project, issue.iid, params: request.query_parameters.merge(iid_path: true)) @@ -444,10 +448,6 @@ class Projects::IssuesController < Projects::ApplicationController redirect_to project_work_items_path(project, issue.id, params: request.query_parameters) end end - - def allowed_work_item? - issue.task? - end end Projects::IssuesController.prepend_mod_with('Projects::IssuesController') diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index d8da448a323..be44c78ac9d 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -5,7 +5,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont before_action :merge_request before_action :authorize_read_merge_request! - feature_category :code_review + feature_category :code_review_workflow private @@ -13,6 +13,10 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont @issuable = @merge_request ||= merge_request_includes(@project.merge_requests).find_by_iid!(params[:id]) + + return render_404 unless can?(current_user, :read_merge_request, @issuable) + + @issuable end def merge_request_includes(association) diff --git a/app/controllers/projects/merge_requests/diffs_controller.rb b/app/controllers/projects/merge_requests/diffs_controller.rb index 83377f67723..1c546d70df9 100644 --- a/app/controllers/projects/merge_requests/diffs_controller.rb +++ b/app/controllers/projects/merge_requests/diffs_controller.rb @@ -36,15 +36,17 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic diff_options_hash[:paths] = params[:paths] if params[:paths] diffs = @compare.diffs_in_batch(params[:page], params[:per_page], diff_options: diff_options_hash) - unfoldable_positions = @merge_request.note_positions_for_paths(diffs.diff_file_paths, current_user).unfoldable + + unfoldable_positions = Gitlab::Metrics.measure(:diffs_unfoldable_positions) do + @merge_request.note_positions_for_paths(diffs.diff_file_paths, current_user).unfoldable + end options = { merge_request: @merge_request, commit: commit, diff_view: diff_view, merge_ref_head_diff: render_merge_ref_head_diff?, - pagination_data: diffs.pagination_data, - merge_conflicts_in_diff: display_merge_conflicts_in_diff? + pagination_data: diffs.pagination_data } # NOTE: Any variables that would affect the resulting json needs to be added to the cache_context to avoid stale cache issues. @@ -56,16 +58,22 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic params[:expanded], params[:page], params[:per_page], - options[:merge_ref_head_diff], - options[:merge_conflicts_in_diff] + options[:merge_ref_head_diff] ] return unless stale?(etag: [cache_context + diff_options_hash.fetch(:paths, []), diffs]) - diffs.unfold_diff_files(unfoldable_positions) - diffs.write_cache + Gitlab::Metrics.measure(:diffs_unfold) do + diffs.unfold_diff_files(unfoldable_positions) + end + + Gitlab::Metrics.measure(:diffs_write_cache) do + diffs.write_cache + end - render json: PaginatedDiffSerializer.new(current_user: current_user).represent(diffs, options) + Gitlab::Metrics.measure(:diffs_render) do + render json: PaginatedDiffSerializer.new(current_user: current_user).represent(diffs, options) + end end # rubocop: enable Metrics/AbcSize @@ -74,8 +82,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic options = additional_attributes.merge( only_context_commits: show_only_context_commits?, - merge_ref_head_diff: render_merge_ref_head_diff?, - merge_conflicts_in_diff: display_merge_conflicts_in_diff? + merge_ref_head_diff: render_merge_ref_head_diff? ) render json: DiffsMetadataSerializer.new(project: @merge_request.project, current_user: current_user) @@ -103,8 +110,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic options = additional_attributes.merge( diff_view: "inline", - merge_ref_head_diff: render_merge_ref_head_diff?, - merge_conflicts_in_diff: display_merge_conflicts_in_diff? + merge_ref_head_diff: render_merge_ref_head_diff? ) options[:context_commits] = @merge_request.recent_context_commits @@ -232,8 +238,4 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter .track_mr_diffs_single_file_action(merge_request: @merge_request, user: current_user) end - - def display_merge_conflicts_in_diff? - Feature.enabled?(:display_merge_conflicts_in_diff, @merge_request.project) - end end diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 3ab1f7d1d32..b0920b3fbdb 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -28,6 +28,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo :codequality_mr_diff_reports ] before_action :set_issuables_index, only: [:index] + before_action :check_search_rate_limit!, only: [:index], if: -> { + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } before_action :authenticate_user!, only: [:assign_related_issues] before_action :check_user_can_push_to_source_branch!, only: [:rebase] @@ -37,7 +40,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo push_frontend_feature_flag(:refactor_security_extension, @project) push_frontend_feature_flag(:refactor_code_quality_inline_findings, project) push_frontend_feature_flag(:moved_mr_sidebar, project) - push_frontend_feature_flag(:paginated_mr_discussions, project) push_frontend_feature_flag(:mr_review_submit_comment, project) push_frontend_feature_flag(:mr_experience_survey, project) push_frontend_feature_flag(:realtime_reviewers, project) @@ -52,7 +54,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo after_action :log_merge_request_show, only: [:show, :diffs] - feature_category :code_review, [ + feature_category :code_review_workflow, [ :assign_related_issues, :bulk_update, :cancel_auto_merge, :commit_change_content, :commits, :context_commits, :destroy, :discussions, :edit, :index, :merge, :rebase, :remove_wip, @@ -387,13 +389,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end format.patch do - break render_404 unless @merge_request.diff_refs + next render_404 unless @merge_request.diff_refs send_git_patch @project.repository, @merge_request.diff_refs end format.diff do - break render_404 unless @merge_request.diff_refs + next render_404 unless @merge_request.diff_refs send_git_diff @project.repository, @merge_request.diff_refs end @@ -512,15 +514,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end def check_user_can_push_to_source_branch! - return access_denied! unless @merge_request.source_branch_exists? + result = MergeRequests::RebaseService + .new(project: @merge_request.source_project, current_user: current_user) + .validate(@merge_request) - access_check = ::Gitlab::UserAccess - .new(current_user, container: @merge_request.source_project) - .can_push_to_branch?(@merge_request.source_branch) + return if result.success? - access_denied! unless access_check - - access_denied! unless merge_request.permits_force_push? + render json: { merge_error: result.message }, status: :forbidden end def merge_access_check diff --git a/app/controllers/projects/ml/experiments_controller.rb b/app/controllers/projects/ml/experiments_controller.rb index c82a959d612..1e1c4b1587c 100644 --- a/app/controllers/projects/ml/experiments_controller.rb +++ b/app/controllers/projects/ml/experiments_controller.rb @@ -7,10 +7,11 @@ module Projects feature_category :mlops - MAX_PER_PAGE = 20 + MAX_EXPERIMENTS_PER_PAGE = 20 + MAX_CANDIDATES_PER_PAGE = 30 def index - @experiments = ::Ml::Experiment.by_project_id(@project.id).page(params[:page]).per(MAX_PER_PAGE) + @experiments = ::Ml::Experiment.by_project_id(@project.id).page(params[:page]).per(MAX_EXPERIMENTS_PER_PAGE) end def show @@ -18,7 +19,26 @@ module Projects return redirect_to project_ml_experiments_path(@project) unless @experiment.present? - @candidates = @experiment.candidates&.including_metrics_and_params + page = params[:page].to_i + page = 1 if page == 0 + + @candidates = @experiment.candidates + .including_relationships + .page(page) + .per(MAX_CANDIDATES_PER_PAGE) + + return unless @candidates + + return redirect_to(url_for(page: @candidates.total_pages)) if @candidates.out_of_range? + + @pagination = { + page: page, + is_last_page: @candidates.last_page?, + per_page: MAX_CANDIDATES_PER_PAGE, + total_items: @candidates.total_count + } + + @candidates.each(&:artifact_lazy) end private diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb index 0e990b64cd6..db0762a6cff 100644 --- a/app/controllers/projects/pages_controller.rb +++ b/app/controllers/projects/pages_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Projects::PagesController < Projects::ApplicationController - layout 'project_settings' + layout :resolve_layout before_action :require_pages_enabled! before_action :authorize_read_pages!, only: [:show] @@ -10,6 +10,10 @@ class Projects::PagesController < Projects::ApplicationController feature_category :pages + before_action do + push_frontend_feature_flag(:show_pages_in_deployments_menu, current_user, type: :experiment) + end + def new @pipeline_wizard_data = { project_path: @project.full_path, @@ -64,6 +68,10 @@ class Projects::PagesController < Projects::ApplicationController private + def resolve_layout + 'project_settings' unless Feature.enabled?(:show_pages_in_deployments_menu, current_user, type: :experiment) + end + def project_params params.require(:project).permit(project_params_attributes) end diff --git a/app/controllers/projects/protected_refs_controller.rb b/app/controllers/projects/protected_refs_controller.rb index 69a540158c6..442110d1044 100644 --- a/app/controllers/projects/protected_refs_controller.rb +++ b/app/controllers/projects/protected_refs_controller.rb @@ -22,7 +22,10 @@ class Projects::ProtectedRefsController < Projects::ApplicationController flash[:alert] = protected_ref.errors.full_messages.join(', ').html_safe end - redirect_to_repository_settings(@project, anchor: params[:update_section]) + respond_to do |format| + format.html { redirect_to_repository_settings(@project, anchor: params[:update_section]) } + format.json { head :ok } + end end def show diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index cf07de4dc29..f8133c5836d 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -4,6 +4,7 @@ module Projects module Settings class CiCdController < Projects::ApplicationController include RunnerSetupScripts + include ZuoraCSP NUMBER_OF_RUNNERS_PER_PAGE = 20 @@ -21,13 +22,11 @@ module Projects @entity = :project @variable_limit = ::Plan.default.actual_limits.project_ci_variables - if Feature.enabled?(:ci_pipeline_triggers_settings_vue_ui, @project) - triggers = ::Ci::TriggerSerializer.new.represent( - @project.triggers, current_user: current_user, project: @project - ) + triggers = ::Ci::TriggerSerializer.new.represent( + @project.triggers, current_user: current_user, project: @project + ) - @triggers_json = Gitlab::Json.dump(triggers) - end + @triggers_json = Gitlab::Json.dump(triggers) render end diff --git a/app/controllers/projects/settings/merge_requests_controller.rb b/app/controllers/projects/settings/merge_requests_controller.rb index 93e10695767..f09e324f574 100644 --- a/app/controllers/projects/settings/merge_requests_controller.rb +++ b/app/controllers/projects/settings/merge_requests_controller.rb @@ -9,7 +9,7 @@ module Projects before_action :present_project, only: [:edit] before_action :authorize_admin_project! - feature_category :code_review + feature_category :code_review_workflow def update result = ::Projects::UpdateService.new(@project, current_user, project_params).execute diff --git a/app/controllers/projects/work_items_controller.rb b/app/controllers/projects/work_items_controller.rb index a118c6986f7..db9dca14aab 100644 --- a/app/controllers/projects/work_items_controller.rb +++ b/app/controllers/projects/work_items_controller.rb @@ -5,7 +5,7 @@ class Projects::WorkItemsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) - push_frontend_feature_flag(:use_iid_in_work_items_path, project) + push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group) end feature_category :team_planning diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 886819fe778..ee2c268ff33 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -58,7 +58,7 @@ class ProjectsController < Projects::ApplicationController feature_category :source_code_management, [:remove_fork, :housekeeping, :refs] feature_category :team_planning, [:preview_markdown, :new_issuable_address] feature_category :importers, [:export, :remove_export, :generate_new_export, :download_export] - feature_category :code_review, [:unfoldered_environment_names] + feature_category :code_review_workflow, [:unfoldered_environment_names] feature_category :portfolio_management, [:planning_hierarchy] urgency :low, [:export, :remove_export, :generate_new_export, :download_export] @@ -388,7 +388,7 @@ class ProjectsController < Projects::ApplicationController def determine_layout if [:new, :create].include?(action_name.to_sym) - 'application' + 'dashboard' elsif [:edit, :update].include?(action_name.to_sym) 'project_settings' else diff --git a/app/controllers/pwa_controller.rb b/app/controllers/pwa_controller.rb index 8de1b10e1f1..bb47bdc8050 100644 --- a/app/controllers/pwa_controller.rb +++ b/app/controllers/pwa_controller.rb @@ -6,7 +6,7 @@ class PwaController < ApplicationController # rubocop:disable Gitlab/NamespacedC feature_category :navigation urgency :low - skip_before_action :authenticate_user! + skip_before_action :authenticate_user!, :required_signup_info def manifest end diff --git a/app/controllers/registrations/welcome_controller.rb b/app/controllers/registrations/welcome_controller.rb index 4a42632a980..cfb4e939b35 100644 --- a/app/controllers/registrations/welcome_controller.rb +++ b/app/controllers/registrations/welcome_controller.rb @@ -21,20 +21,10 @@ module Registrations def update result = ::Users::SignupService.new(current_user, update_params).execute - if result[:status] == :success + if result.success? track_event('successfully_submitted_form') - return redirect_to issues_dashboard_path(assignee_username: current_user.username) if show_tasks_to_be_done? - - return redirect_to update_success_path if show_signup_onboarding? - - members = current_user.members - - if registering_from_invite?(members) - redirect_to members_activity_path(members), notice: helpers.invite_accepted_notice(members.last) - else - redirect_to path_for_signed_in_user(current_user) - end + redirect_to update_success_path else render :show end @@ -79,21 +69,35 @@ module Registrations end # overridden in EE - def show_signup_onboarding? + def redirect_to_signup_onboarding? false end - def show_tasks_to_be_done? + def redirect_for_tasks_to_be_done? MemberTask.for_members(current_user.members).exists? end - # overridden in EE def update_success_path + return issues_dashboard_path(assignee_username: current_user.username) if redirect_for_tasks_to_be_done? + + return signup_onboarding_path if redirect_to_signup_onboarding? + + members = current_user.members + + if registering_from_invite?(members) + flash[:notice] = helpers.invite_accepted_notice(members.last) + members_activity_path(members) + else + # subscription registrations goes through here as well + path_for_signed_in_user(current_user) + end end # overridden in EE - def track_event(category) - end + def signup_onboarding_path; end + + # overridden in EE + def track_event(action); end end end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 11f9f1cf0c6..0800d635d92 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class RegistrationsController < Devise::RegistrationsController - include Recaptcha::Verify + include Recaptcha::Adapters::ControllerMethods include AcceptsPendingInvitations include RecaptchaHelper include InvisibleCaptchaOnSignup @@ -121,7 +121,7 @@ class RegistrationsController < Devise::RegistrationsController def after_sign_up_path_for(user) Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?)) - users_sign_up_welcome_path(glm_tracking_params) + after_sign_up_path end def after_inactive_sign_up_path_for(resource) @@ -131,7 +131,7 @@ class RegistrationsController < Devise::RegistrationsController # when email confirmation is enabled, path to redirect is saved # after user confirms and comes back, he will be redirected - store_location_for(:redirect, users_sign_up_welcome_path(glm_tracking_params)) + store_location_for(:redirect, after_sign_up_path) return identity_verification_redirect_path if custom_confirmation_enabled? @@ -141,6 +141,10 @@ class RegistrationsController < Devise::RegistrationsController private + def after_sign_up_path + users_sign_up_welcome_path(glm_tracking_params) + end + def ensure_destroy_prerequisites_met if current_user.solo_owned_groups.present? redirect_to profile_account_path, diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 66968b34380..38c773fa31d 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -36,7 +36,6 @@ class SearchController < ApplicationController before_action only: :show do update_scope_for_code_search end - before_action :elasticsearch_in_use, only: :show rescue_from ActiveRecord::QueryCanceled, with: :render_timeout layout 'search' @@ -47,7 +46,7 @@ class SearchController < ApplicationController def show @project = search_service.project @group = search_service.group - @search_service = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate! + @search_service_presenter = Gitlab::View::Presenter::Factory.new(search_service, current_user: current_user).fabricate! return unless search_term_valid? @@ -56,14 +55,14 @@ class SearchController < ApplicationController @search_term = params[:search] @sort = params[:sort] || default_sort - @search_level = @search_service.level + @search_level = @search_service_presenter.level @search_type = search_type @global_search_duration_s = Benchmark.realtime do - @scope = @search_service.scope - @search_results = @search_service.search_results - @search_objects = @search_service.search_objects - @search_highlight = @search_service.search_highlight + @scope = @search_service_presenter.scope + @search_results = @search_service_presenter.search_results + @search_objects = @search_service_presenter.search_objects + @search_highlight = @search_service_presenter.search_highlight end Gitlab::Metrics::GlobalSearchSlis.record_apdex( @@ -119,11 +118,6 @@ class SearchController < ApplicationController def opensearch end - def elasticsearch_in_use - search_service.respond_to?(:use_elasticsearch?) && search_service.use_elasticsearch? - end - strong_memoize_attr :elasticsearch_in_use - private def update_scope_for_code_search @@ -218,24 +212,7 @@ class SearchController < ApplicationController def check_scope_global_search_enabled return unless search_service.global_search? - search_allowed = case params[:scope] - when 'blobs' - Feature.enabled?(:global_search_code_tab, current_user, type: :ops) - when 'commits' - Feature.enabled?(:global_search_commits_tab, current_user, type: :ops) - when 'issues' - Feature.enabled?(:global_search_issues_tab, current_user, type: :ops) - when 'merge_requests' - Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops) - when 'wiki_blobs' - Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops) - when 'users' - Feature.enabled?(:global_search_users_tab, current_user, type: :ops) - else - true - end - - return if search_allowed + return if search_service.global_search_enabled_for_scope? redirect_to search_path, alert: _('Global Search is disabled for this scope') end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index c20a9aa4485..699dcf1adac 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -4,8 +4,8 @@ class SessionsController < Devise::SessionsController include InternalRedirect include AuthenticatesWithTwoFactor include Devise::Controllers::Rememberable - include Recaptcha::ClientHelper - include Recaptcha::Verify + include Recaptcha::Adapters::ViewMethods + include Recaptcha::Adapters::ControllerMethods include RendersLdapServers include KnownSignIn include Gitlab::Utils::StrongMemoize diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb index 9e23eef4178..81f80aa4224 100644 --- a/app/controllers/snippets/notes_controller.rb +++ b/app/controllers/snippets/notes_controller.rb @@ -13,7 +13,7 @@ class Snippets::NotesController < ApplicationController private def note - @note ||= snippet.notes.inc_relations_for_view.find(params[:id]) + @note ||= snippet.notes.inc_relations_for_view(snippet).find(params[:id]) end alias_method :awardable, :note diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 66f715f32af..ea99aa12350 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -15,6 +15,7 @@ class UploadsController < ApplicationController "personal_snippet" => PersonalSnippet, "projects/topic" => Projects::Topic, 'alert_management_metric_image' => ::AlertManagement::MetricImage, + "achievements/achievement" => Achievements::Achievement, nil => PersonalSnippet }.freeze @@ -61,6 +62,8 @@ class UploadsController < ApplicationController true when ::AlertManagement::MetricImage can?(current_user, :read_alert_management_metric_image, model.alert) + when ::Achievements::Achievement + true else can?(current_user, "read_#{model.class.underscore}".to_sym, model) end @@ -92,7 +95,7 @@ class UploadsController < ApplicationController def cache_settings case model - when User, Appearance, Projects::Topic + when User, Appearance, Projects::Topic, Achievements::Achievement [5.minutes, { public: true, must_revalidate: false }] when Project, Group [5.minutes, { private: true, must_revalidate: true }] |