diff options
Diffstat (limited to 'lib/api/projects.rb')
-rw-r--r-- | lib/api/projects.rb | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index c32f61c6704..697c2a7e214 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -40,6 +40,23 @@ module API attrs.delete(:repository_storage) unless can?(current_user, :use_project_statistics_filters) end + def validate_updated_at_order_and_filter! + return unless filter_by_updated_at? && provided_order_is_not_updated_at? + + # This is necessary as not pairing this filter and ordering will produce an inneficient query + bad_request!('`updated_at` filter and `updated_at` sorting must be paired') + end + + def provided_order_is_not_updated_at? + order_by_param = declared_params[:order_by] + + order_by_param.present? && order_by_param.to_s != 'updated_at' + end + + def filter_by_updated_at? + declared_params[:updated_before].present? || declared_params[:updated_after].present? + end + def verify_statistics_order_by_projects! return unless Helpers::ProjectsHelpers::STATISTICS_SORT_PARAMS.include?(params[:order_by]) @@ -144,6 +161,8 @@ module API optional :repository_storage, type: String, desc: 'Which storage shard the repository is on. Available only to admins' optional :topic, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'Comma-separated list of topics. Limit results to projects having all topics' optional :topic_id, type: Integer, desc: 'Limit results to projects with the assigned topic given by the topic ID' + optional :updated_before, type: DateTime, desc: 'Return projects updated before the specified datetime. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ' + optional :updated_after, type: DateTime, desc: 'Return projects updated after the specified datetime. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ' use :optional_filter_params_ee end @@ -261,6 +280,9 @@ module API desc 'Get a list of visible projects for authenticated user' do success code: 200, model: Entities::BasicProjectDetails + failure [ + { code: 400, message: 'Bad request' } + ] tags %w[projects] is_array true end @@ -272,6 +294,7 @@ module API # TODO: Set higher urgency https://gitlab.com/gitlab-org/gitlab/-/issues/211495 get feature_category: :projects, urgency: :low do validate_projects_api_rate_limit_for_unauthenticated_users! + validate_updated_at_order_and_filter! present_projects load_projects end @@ -708,7 +731,7 @@ module API requires :group_access, type: Integer, values: Gitlab::Access.values, as: :link_group_access, desc: 'The group access level' optional :expires_at, type: Date, desc: 'Share expiration date' end - post ":id/share", feature_category: :system_access do + post ":id/share", feature_category: :projects do authorize! :admin_project, user_project shared_with_group = Group.find_by_id(params[:group_id]) @@ -738,7 +761,7 @@ module API requires :group_id, type: Integer, desc: 'The ID of the group' end # rubocop: disable CodeReuse/ActiveRecord - delete ":id/share/:group_id", feature_category: :system_access do + delete ":id/share/:group_id", feature_category: :projects do authorize! :admin_project, user_project link = user_project.project_group_links.find_by(group_id: params[:group_id]) |