From 2994a84f0137ecf313e87bd3a79f433ab615f984 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Sat, 23 Dec 2023 00:10:18 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- lib/api/entities/group.rb | 1 + lib/api/groups.rb | 6 +++++- lib/api/helpers.rb | 23 ++++++++++++++++++----- lib/api/terraform/modules/v1/project_packages.rb | 2 +- 4 files changed, 25 insertions(+), 7 deletions(-) (limited to 'lib/api') diff --git a/lib/api/entities/group.rb b/lib/api/entities/group.rb index 1a1765c2e0a..14491c2396a 100644 --- a/lib/api/entities/group.rb +++ b/lib/api/entities/group.rb @@ -23,6 +23,7 @@ module API expose :full_name, :full_path expose :created_at expose :parent_id + expose :organization_id expose :shared_runners_setting expose :custom_attributes, using: 'API::Entities::CustomAttribute', if: :with_custom_attributes diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 1ff64cd2ffd..7b755a76f29 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -213,11 +213,15 @@ module API requires :name, type: String, desc: 'The name of the group' requires :path, type: String, desc: 'The path of the group' optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group' + optional :organization_id, type: Integer, desc: 'The organization id for the group' use :optional_params end post feature_category: :groups_and_projects, urgency: :low do - parent_group = find_group!(params[:parent_id]) if params[:parent_id].present? + organization = find_organization!(params[:organization_id]) if params[:organization_id].present? + authorize! :create_group, organization if organization + + parent_group = find_group!(params[:parent_id], organization: organization) if params[:parent_id].present? if parent_group authorize! :create_subgroup, parent_group else diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 6cb9d19a2ad..a59734d643d 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -211,18 +211,25 @@ module API not_found!('Pipeline') end + def find_organization!(id) + organization = Organizations::Organization.find_by_id(id) + check_organization_access(organization) + end + # rubocop: disable CodeReuse/ActiveRecord - def find_group(id) + def find_group(id, organization: nil) + collection = organization.present? ? Group.in_organization(organization) : Group.all + if id.to_s =~ INTEGER_ID_REGEX - Group.find_by(id: id) + collection.find_by(id: id) else - Group.find_by_full_path(id) + collection.find_by_full_path(id) end end # rubocop: enable CodeReuse/ActiveRecord - def find_group!(id) - group = find_group(id) + def find_group!(id, organization: nil) + group = find_group(id, organization: organization) check_group_access(group) end @@ -835,6 +842,12 @@ module API @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER] end + def check_organization_access(organization) + return organization if can?(current_user, :read_organization, organization) + + not_found!('Organization') + end + def secret_token Gitlab::Shell.secret_token end diff --git a/lib/api/terraform/modules/v1/project_packages.rb b/lib/api/terraform/modules/v1/project_packages.rb index ff330b8479f..c0a84c7b36c 100644 --- a/lib/api/terraform/modules/v1/project_packages.rb +++ b/lib/api/terraform/modules/v1/project_packages.rb @@ -171,7 +171,7 @@ module API .new(authorized_user_project, current_user, create_package_file_params) .execute - render_api_error!(result[:message], result[:http_status]) if result[:status] == :error + render_api_error!(result.message, result.reason) if result.error? track_package_event('push_package', :terraform_module, project: authorized_user_project, namespace: authorized_user_project.namespace) -- cgit v1.2.3