diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/diffs/components/image_diff_overlay.vue | 16 | ||||
-rw-r--r-- | app/controllers/groups/application_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/groups/runners_controller.rb | 7 | ||||
-rw-r--r-- | app/finders/ci/runners_finder.rb | 2 | ||||
-rw-r--r-- | app/graphql/types/deprecated_mutations.rb | 3 | ||||
-rw-r--r-- | app/graphql/types/mutation_type.rb | 1 | ||||
-rw-r--r-- | app/policies/group_policy.rb | 9 | ||||
-rw-r--r-- | app/views/projects/runners/_group_runners.html.haml | 4 |
8 files changed, 32 insertions, 22 deletions
diff --git a/app/assets/javascripts/diffs/components/image_diff_overlay.vue b/app/assets/javascripts/diffs/components/image_diff_overlay.vue index 5572338908f..eede8e52292 100644 --- a/app/assets/javascripts/diffs/components/image_diff_overlay.vue +++ b/app/assets/javascripts/diffs/components/image_diff_overlay.vue @@ -4,8 +4,8 @@ import { isArray } from 'lodash'; import { mapActions, mapGetters } from 'vuex'; import imageDiffMixin from 'ee_else_ce/diffs/mixins/image_diff'; -function calcPercent(pos, size, renderedSize) { - return (((pos / size) * 100) / ((renderedSize / size) * 100)) * 100; +function calcPercent(pos, renderedSize) { + return (100 * pos) / renderedSize; } export default { @@ -65,8 +65,8 @@ export default { ...mapActions('diffs', ['openDiffFileCommentForm']), getImageDimensions() { return { - width: this.$parent.width, - height: this.$parent.height, + width: Math.round(this.$parent.width), + height: Math.round(this.$parent.height), }; }, getPositionForObject(meta) { @@ -87,15 +87,15 @@ export default { }, clickedImage(x, y) { const { width, height } = this.getImageDimensions(); - const xPercent = calcPercent(x, width, this.renderedWidth); - const yPercent = calcPercent(y, height, this.renderedHeight); + const xPercent = calcPercent(x, this.renderedWidth); + const yPercent = calcPercent(y, this.renderedHeight); this.openDiffFileCommentForm({ fileHash: this.fileHash, width, height, - x: width * (xPercent / 100), - y: height * (yPercent / 100), + x: Math.round(width * (xPercent / 100)), + y: Math.round(height * (yPercent / 100)), xPercent, yPercent, }); diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb index ab67a007bd9..f9c875b80b2 100644 --- a/app/controllers/groups/application_controller.rb +++ b/app/controllers/groups/application_controller.rb @@ -37,6 +37,18 @@ class Groups::ApplicationController < ApplicationController end end + def authorize_admin_group_runners! + unless can?(current_user, :admin_group_runners, group) + render_404 + end + end + + def authorize_read_group_runners! + unless can?(current_user, :read_group_runners, group) + render_404 + end + end + def authorize_create_deploy_token! unless can?(current_user, :create_deploy_token, group) render_404 diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb index 5c21c7b023c..f602d02a165 100644 --- a/app/controllers/groups/runners_controller.rb +++ b/app/controllers/groups/runners_controller.rb @@ -1,9 +1,8 @@ # frozen_string_literal: true class Groups::RunnersController < Groups::ApplicationController - # TODO Proper policies, such as `read_group_runners, should be implemented per - # https://gitlab.com/gitlab-org/gitlab/-/issues/334802 - before_action :authorize_admin_group! + before_action :authorize_read_group_runners!, only: [:index, :show] + before_action :authorize_admin_group_runners!, only: [:edit, :update, :destroy, :pause, :resume] before_action :runner_list_group_view_vue_ui_enabled, only: [:index] before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show] @@ -17,7 +16,7 @@ class Groups::RunnersController < Groups::ApplicationController end def runner_list_group_view_vue_ui_enabled - return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml) + render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml) end def show diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb index a514d2e8d03..3ebf6bd1562 100644 --- a/app/finders/ci/runners_finder.rb +++ b/app/finders/ci/runners_finder.rb @@ -47,7 +47,7 @@ module Ci end def group_runners - raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_group, @group) + raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :read_group_runners, @group) @runners = case @params[:membership] when :direct diff --git a/app/graphql/types/deprecated_mutations.rb b/app/graphql/types/deprecated_mutations.rb index 49bad56b6f9..70d5fc31cd1 100644 --- a/app/graphql/types/deprecated_mutations.rb +++ b/app/graphql/types/deprecated_mutations.rb @@ -5,7 +5,8 @@ module Types extend ActiveSupport::Concern prepended do - # placeholder for any FOSS mutations to be deprecated + mount_mutation Mutations::Clusters::AgentTokens::Delete, + deprecated: { reason: 'Tokens must be revoked with ClusterAgentTokenRevoke', milestone: '14.7' } end end end diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb index c9f083efd27..e01bb0b4e70 100644 --- a/app/graphql/types/mutation_type.rb +++ b/app/graphql/types/mutation_type.rb @@ -35,7 +35,6 @@ module Types mount_mutation Mutations::Clusters::Agents::Create mount_mutation Mutations::Clusters::Agents::Delete mount_mutation Mutations::Clusters::AgentTokens::Create - mount_mutation Mutations::Clusters::AgentTokens::Delete mount_mutation Mutations::Clusters::AgentTokens::Revoke mount_mutation Mutations::Commits::Create, calls_gitaly: true mount_mutation Mutations::CustomEmoji::Create, feature_flag: :custom_emoji diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 71133008565..05adcd51082 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -165,7 +165,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :destroy_package enable :create_projects enable :admin_pipeline - enable :admin_group_runners enable :admin_build enable :read_cluster enable :add_cluster @@ -183,6 +182,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :admin_group_member enable :change_visibility_level + enable :read_group_runners + enable :admin_group_runners + enable :register_group_runners + enable :set_note_created_at enable :set_emails_disabled enable :change_prevent_sharing_groups_outside_hierarchy @@ -208,10 +211,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :read_nested_project_resources end - rule { can?(:admin_group_runners) }.policy do - enable :register_group_runners - end - rule { owner }.enable :create_subgroup rule { maintainer & maintainer_can_create_group }.enable :create_subgroup diff --git a/app/views/projects/runners/_group_runners.html.haml b/app/views/projects/runners/_group_runners.html.haml index 183e747afdd..c25fd7a7587 100644 --- a/app/views/projects/runners/_group_runners.html.haml +++ b/app/views/projects/runners/_group_runners.html.haml @@ -29,9 +29,9 @@ - if can?(current_user, :admin_group_runners, @project.group) - group_link = link_to _("group's CI/CD settings."), group_settings_ci_cd_path(@project.group) - = _('Group maintainers can register group runners in the %{link}').html_safe % { link: group_link } + = _('Group owners can register group runners in the %{link}').html_safe % { link: group_link } - else - = _('Ask your group maintainer to set up a group runner.') + = _('Ask your group owner to set up a group runner.') - else %h4.underlined-title |