From 267a909600e02f0728fec1765adf817acc03d813 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Mon, 2 Apr 2018 19:05:47 +0200 Subject: Remove edit_note and update_note abilities in favor of admin_note --- app/helpers/notes_helper.rb | 4 ---- 1 file changed, 4 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/notes_helper.rb b/app/helpers/notes_helper.rb index 27ed48fdbc7..7f67574a428 100644 --- a/app/helpers/notes_helper.rb +++ b/app/helpers/notes_helper.rb @@ -6,10 +6,6 @@ module NotesHelper end end - def note_editable?(note) - Ability.can_edit_note?(current_user, note) - end - def note_supports_quick_actions?(note) Notes::QuickActionsService.supported?(note) end -- cgit v1.2.3 From ec43e3644436e0ae90f6fb6a64256c38ceb68cc9 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 12:47:52 +0200 Subject: Prevent new merge requests for archived projects This prevents creating merge requests targeting archived projects. This could happen when a project was already forked, but then the source was archived. --- app/helpers/blob_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 2b440e4d584..ac7b8d6672e 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -59,7 +59,7 @@ module BlobHelper button_tag label, class: "#{common_classes} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' } elsif can_modify_blob?(blob, project, ref) button_tag label, class: "#{common_classes}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal' - elsif can?(current_user, :fork_project, project) + elsif can?(current_user, :create_merge_request_in_project, project) edit_fork_button_tag(common_classes, project, label, edit_modify_file_fork_params(action), action) end end @@ -334,7 +334,7 @@ module BlobHelper # Web IDE (Beta) requires the user to have this feature enabled elsif !current_user || (current_user && can_modify_blob?(blob, project, ref)) edit_link_tag(text, edit_path, common_classes) - elsif current_user && can?(current_user, :fork_project, project) + elsif can?(current_user, :create_merge_request_in_project, project) edit_fork_button_tag(common_classes, project, text, edit_blob_fork_params(edit_path)) end end -- cgit v1.2.3 From 8ad9c4e873f2185e8bbfa6f363db32dbbba27141 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 14:18:58 +0200 Subject: Rename `create_merge_request` permissions So we can distinguish between the permissions on the source and the target project. - `create_merge_request_from` indicates a user can create a merge request with the project as a source_project - `create_merge_request_in` indicates a user can create a merge request with the project as a target_project --- app/helpers/blob_helper.rb | 6 +++--- app/helpers/compare_helper.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index ac7b8d6672e..a5f7a7204df 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -59,7 +59,7 @@ module BlobHelper button_tag label, class: "#{common_classes} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' } elsif can_modify_blob?(blob, project, ref) button_tag label, class: "#{common_classes}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal' - elsif can?(current_user, :create_merge_request_in_project, project) + elsif can?(current_user, :create_merge_request_in, project) edit_fork_button_tag(common_classes, project, label, edit_modify_file_fork_params(action), action) end end @@ -280,7 +280,7 @@ module BlobHelper options << link_to("submit an issue", new_project_issue_path(project)) end - merge_project = can?(current_user, :create_merge_request, project) ? project : (current_user && current_user.fork_of(project)) + merge_project = can?(current_user, :create_merge_request_from, project) ? project : (current_user && current_user.fork_of(project)) if merge_project options << link_to("create a merge request", project_new_merge_request_path(project)) end @@ -334,7 +334,7 @@ module BlobHelper # Web IDE (Beta) requires the user to have this feature enabled elsif !current_user || (current_user && can_modify_blob?(blob, project, ref)) edit_link_tag(text, edit_path, common_classes) - elsif can?(current_user, :create_merge_request_in_project, project) + elsif can?(current_user, :fork_project, project) && can?(current_user, :create_merge_request_in, project) edit_fork_button_tag(common_classes, project, text, edit_blob_fork_params(edit_path)) end end diff --git a/app/helpers/compare_helper.rb b/app/helpers/compare_helper.rb index 8bf96c0905f..2df5b5d1695 100644 --- a/app/helpers/compare_helper.rb +++ b/app/helpers/compare_helper.rb @@ -3,7 +3,7 @@ module CompareHelper from.present? && to.present? && from != to && - can?(current_user, :create_merge_request, project) && + can?(current_user, :create_merge_request_from, project) && project.repository.branch_exists?(from) && project.repository.branch_exists?(to) end -- cgit v1.2.3 From 12dd2b0cc0cf6dd8dc43ff8b8df8687268ba4af5 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 16:02:36 +0200 Subject: Share collaboration check between view and presenter --- app/helpers/commits_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/helpers') diff --git a/app/helpers/commits_helper.rb b/app/helpers/commits_helper.rb index 7cc56de24e4..98894b86551 100644 --- a/app/helpers/commits_helper.rb +++ b/app/helpers/commits_helper.rb @@ -163,7 +163,7 @@ module CommitsHelper tooltip = "#{action.capitalize} this #{commit.change_type_title(current_user)} in a new merge request" if has_tooltip btn_class = "btn btn-#{btn_class}" unless btn_class.nil? - if can_collaborate_with_project? + if can_collaborate_with_project?(@project) link_to action.capitalize, "#modal-#{action}-commit", 'data-toggle' => 'modal', 'data-container' => 'body', title: (tooltip if has_tooltip), class: "#{btn_class} #{'has-tooltip' if has_tooltip}" elsif can?(current_user, :fork_project, @project) continue_params = { -- cgit v1.2.3 From fe9389ba6c10e9addefc6e647f1476ff765236d9 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 16:04:48 +0200 Subject: Hide new mr from dropdown for archived projects --- app/helpers/merge_requests_helper.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'app/helpers') diff --git a/app/helpers/merge_requests_helper.rb b/app/helpers/merge_requests_helper.rb index fb4fe1c40b7..c19c5b9cc82 100644 --- a/app/helpers/merge_requests_helper.rb +++ b/app/helpers/merge_requests_helper.rb @@ -138,6 +138,18 @@ module MergeRequestsHelper end end + def merge_request_source_project_for_project(project = @project) + unless can?(current_user, :create_merge_request_in, project) + return nil + end + + if can?(current_user, :create_merge_request_from, project) + project + else + current_user.fork_of(project) + end + end + def merge_params_ee(merge_request) {} end -- cgit v1.2.3 From 083b0a9b034a0e4004c012444f1a8811bd96ed29 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 18:27:12 +0200 Subject: Hide file/directory creation buttons --- app/helpers/blob_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index a5f7a7204df..866b8773db6 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -59,7 +59,7 @@ module BlobHelper button_tag label, class: "#{common_classes} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' } elsif can_modify_blob?(blob, project, ref) button_tag label, class: "#{common_classes}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal' - elsif can?(current_user, :create_merge_request_in, project) + elsif can?(current_user, :fork_project, project) && can?(current_user, :create_merge_request_in, project) edit_fork_button_tag(common_classes, project, label, edit_modify_file_fork_params(action), action) end end @@ -280,7 +280,7 @@ module BlobHelper options << link_to("submit an issue", new_project_issue_path(project)) end - merge_project = can?(current_user, :create_merge_request_from, project) ? project : (current_user && current_user.fork_of(project)) + merge_project = merge_request_source_project_for_project(@project) if merge_project options << link_to("create a merge request", project_new_merge_request_path(project)) end -- cgit v1.2.3 From 04c7d0d55500e6f118bd17153f3af11e83fce826 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Fri, 6 Apr 2018 20:19:37 +0200 Subject: Prevent awarding emoji when a project is archived This prevents performing the requests, and disables all emoji reaction buttons --- app/helpers/issues_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index 0f25d401406..5a2f7bb01c7 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -82,8 +82,8 @@ module IssuesHelper names.to_sentence end - def award_state_class(awards, current_user) - if !current_user + def award_state_class(awardable, awards, current_user) + if !can?(current_user, :award_emoji, awardable) "disabled" elsif current_user && awards.find { |a| a.user_id == current_user.id } "active" -- cgit v1.2.3 From c39e3f22ce12a302e294deb3523414e4a684b6fb Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Tue, 10 Apr 2018 19:49:26 +0200 Subject: Show `New Issue` link for projects When a user is not logged in, we want to show the `New Issue` link so he gets directed to the login flow first. When a project is archived, we never want to show the link. --- app/helpers/issues_helper.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/helpers') diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index 5a2f7bb01c7..96dc7ae1185 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -126,6 +126,17 @@ module IssuesHelper link_to link_text, path end + def show_new_issue_link?(project) + return false unless project + return false if project.archived? + + # We want to show the link to users that are not signed in, that way they + # get directed to the sign-in/sign-up flow and afterwards to the new issue page. + return true unless current_user + + can?(current_user, :create_issue, project) + end + # Required for Banzai::Filter::IssueReferenceFilter module_function :url_for_issue module_function :url_for_internal_issue -- cgit v1.2.3 From daad7144ec7c0173439eeadd61590442e40a6051 Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Tue, 3 Apr 2018 15:45:17 +0200 Subject: Support Markdown rendering using multiple projects This refactors the Markdown pipeline so it supports the rendering of multiple documents that may belong to different projects. An example of where this happens is when displaying the event feed of a group. In this case we retrieve events for all projects in the group. Previously we would group events per project and render these chunks separately, but this would result in many SQL queries being executed. By extending the Markdown pipeline to support this out of the box we can drastically reduce the number of SQL queries. To achieve this we introduce a new object to the pipeline: Banzai::RenderContext. This object simply wraps two other objects: an optional Project instance, and an optional User instance. On its own this wouldn't be very helpful, but a RenderContext can also be used to associate HTML documents with specific Project instances. This work is done in Banzai::ObjectRenderer and allows us to reuse as many queries (and results) as possible. --- app/helpers/markup_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/helpers') diff --git a/app/helpers/markup_helper.rb b/app/helpers/markup_helper.rb index 2fe1927a189..39e7a7fd396 100644 --- a/app/helpers/markup_helper.rb +++ b/app/helpers/markup_helper.rb @@ -256,7 +256,7 @@ module MarkupHelper return '' unless html.present? context.merge!( - current_user: (current_user if defined?(current_user)), + current_user: (current_user if defined?(current_user)), # RelativeLinkFilter commit: @commit, -- cgit v1.2.3 From 28bae3b6bc35d760f51577b30a790c7d3d186588 Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Wed, 11 Apr 2018 13:54:55 +0000 Subject: Resolve "tree/master shows incorrect CI build status" --- app/helpers/ci_status_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/ci_status_helper.rb b/app/helpers/ci_status_helper.rb index 636316da80a..f0afcac5986 100644 --- a/app/helpers/ci_status_helper.rb +++ b/app/helpers/ci_status_helper.rb @@ -94,7 +94,7 @@ module CiStatusHelper def render_project_pipeline_status(pipeline_status, tooltip_placement: 'auto left') project = pipeline_status.project - path = pipelines_project_commit_path(project, pipeline_status.sha) + path = pipelines_project_commit_path(project, pipeline_status.sha, ref: pipeline_status.ref) render_status_with_link( 'commit', @@ -105,7 +105,7 @@ module CiStatusHelper def render_commit_status(commit, ref: nil, tooltip_placement: 'auto left') project = commit.project - path = pipelines_project_commit_path(project, commit) + path = pipelines_project_commit_path(project, commit, ref: ref) render_status_with_link( 'commit', -- cgit v1.2.3 From bbb24da922f7e501571b5f356fd68257e75e4d40 Mon Sep 17 00:00:00 2001 From: Mike Greiling Date: Thu, 12 Apr 2018 15:47:40 +0000 Subject: Resolve "Clean up old project permissions frontend code" --- app/helpers/projects_helper.rb | 66 ------------------------------------------ 1 file changed, 66 deletions(-) (limited to 'app/helpers') diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 15f48e43a28..a64b2acdd77 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -157,40 +157,6 @@ module ProjectsHelper current_user&.recent_push(@project) end - def project_feature_access_select(field) - # Don't show option "everyone with access" if project is private - options = project_feature_options - - level = @project.project_feature.public_send(field) # rubocop:disable GitlabSecurity/PublicSend - - if @project.private? - disabled_option = ProjectFeature::ENABLED - highest_available_option = ProjectFeature::PRIVATE if level == disabled_option - end - - options = options_for_select( - options.invert, - selected: highest_available_option || level, - disabled: disabled_option - ) - - content_tag :div, class: "select-wrapper" do - concat( - content_tag( - :select, - options, - name: "project[project_feature_attributes][#{field}]", - id: "project_project_feature_attributes_#{field}", - class: "pull-right form-control select-control #{repo_children_classes(field)} ", - data: { field: field } - ) - ) - concat( - icon('chevron-down') - ) - end.html_safe - end - def link_to_autodeploy_doc link_to _('About auto deploy'), help_page_path('ci/autodeploy/index'), target: '_blank' end @@ -274,16 +240,6 @@ module ProjectsHelper private - def repo_children_classes(field) - needs_repo_check = [:merge_requests_access_level, :builds_access_level] - return unless needs_repo_check.include?(field) - - classes = "project-repo-select js-repo-select" - classes << " disabled" unless @project.feature_available?(:repository, current_user) - - classes - end - def get_project_nav_tabs(project, current_user) nav_tabs = [:home] @@ -447,14 +403,6 @@ module ProjectsHelper filtered_message.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]") end - def project_feature_options - { - ProjectFeature::DISABLED => s_('ProjectFeature|Disabled'), - ProjectFeature::PRIVATE => s_('ProjectFeature|Only team members'), - ProjectFeature::ENABLED => s_('ProjectFeature|Everyone with access') - } - end - def project_child_container_class(view_path) view_path == "projects/issues/issues" ? "prepend-top-default" : "project-show-#{view_path}" end @@ -463,20 +411,6 @@ module ProjectsHelper IssuesFinder.new(current_user, project_id: project.id).execute end - def visibility_select_options(project, selected_level) - level_options = Gitlab::VisibilityLevel.values.each_with_object([]) do |level, level_options| - next if restricted_levels.include?(level) - - level_options << [ - visibility_level_label(level), - { data: { description: visibility_level_description(level, project) } }, - level - ] - end - - options_for_select(level_options, selected_level) - end - def restricted_levels return [] if current_user.admin? -- cgit v1.2.3