From e4c711546c693fff89b0b1c92f1b0dde927e0c84 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 18 Sep 2019 21:06:34 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 app/controllers/projects/artifacts_controller.rb | 38 +++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

(limited to 'app/controllers/projects/artifacts_controller.rb')

diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index da8a371acaa..50399a8cfbb 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -8,10 +8,37 @@ class Projects::ArtifactsController < Projects::ApplicationController
   layout 'project'
   before_action :authorize_read_build!
   before_action :authorize_update_build!, only: [:keep]
+  before_action :authorize_destroy_artifacts!, only: [:destroy]
   before_action :extract_ref_name_and_path
-  before_action :validate_artifacts!, except: [:download]
+  before_action :validate_artifacts!, except: [:index, :download, :destroy]
   before_action :entry, only: [:file]
 
+  MAX_PER_PAGE = 20
+
+  def index
+    # Loading artifacts is very expensive in projects with a lot of artifacts.
+    # This feature flag prevents a DOS attack vector.
+    # It should be removed only after resolving the underlying performance
+    # issues: https://gitlab.com/gitlab-org/gitlab/issues/32281
+    return head :no_content unless Feature.enabled?(:artifacts_management_page, @project)
+
+    finder = ArtifactsFinder.new(@project, artifacts_params)
+    all_artifacts = finder.execute
+
+    @artifacts = all_artifacts.page(params[:page]).per(MAX_PER_PAGE)
+    @total_size = all_artifacts.total_size
+  end
+
+  def destroy
+    notice = if artifact.destroy
+               _('Artifact was successfully deleted.')
+             else
+               _('Artifact could not be deleted.')
+             end
+
+    redirect_to project_artifacts_path(@project), status: :see_other, notice: notice
+  end
+
   def download
     return render_404 unless artifacts_file
 
@@ -74,6 +101,10 @@ class Projects::ArtifactsController < Projects::ApplicationController
     @ref_name, @path = extract_ref(params[:ref_name_and_path])
   end
 
+  def artifacts_params
+    params.permit(:sort)
+  end
+
   def validate_artifacts!
     render_404 unless build&.artifacts?
   end
@@ -85,6 +116,11 @@ class Projects::ArtifactsController < Projects::ApplicationController
     end
   end
 
+  def artifact
+    @artifact ||=
+      project.job_artifacts.find(params[:id])
+  end
+
   def build_from_id
     project.builds.find_by_id(params[:job_id]) if params[:job_id]
   end
-- 
cgit v1.2.3