diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-27 13:01:57 -0800 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-27 13:01:57 -0800 |
| commit | 0d22b75b03496ced3d783f8fee9584098602ea1c (patch) | |
| tree | c7ddec6072c716fd63a8703f2dfeb0e4234a633f /app/controllers | |
| parent | 5f682094d9b7c985ad62ebe29664bb6fe87b54be (diff) | |
| parent | d4aab6528cb80b0f41bdac2240dd9cc32543481d (diff) | |
| download | gitlab-ce-0d22b75b03496ced3d783f8fee9584098602ea1c.tar.gz | |
Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirm
Conflicts:
lib/api/users.rb
Diffstat (limited to 'app/controllers')
68 files changed, 1347 insertions, 448 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb new file mode 100644 index 00000000000..2b0c500e97a --- /dev/null +++ b/app/controllers/admin/application_settings_controller.rb @@ -0,0 +1,34 @@ +class Admin::ApplicationSettingsController < Admin::ApplicationController + before_filter :set_application_setting + + def show + end + + def update + if @application_setting.update_attributes(application_setting_params) + redirect_to admin_application_settings_path, + notice: 'Application settings saved successfully' + else + render :show + end + end + + private + + def set_application_setting + @application_setting = ApplicationSetting.current + end + + def application_setting_params + params.require(:application_setting).permit( + :default_projects_limit, + :default_branch_protection, + :signup_enabled, + :signin_enabled, + :gravatar_enabled, + :twitter_sharing_enabled, + :sign_in_text, + :home_page_url + ) + end +end diff --git a/app/controllers/admin/applications_controller.rb b/app/controllers/admin/applications_controller.rb new file mode 100644 index 00000000000..471d24934a0 --- /dev/null +++ b/app/controllers/admin/applications_controller.rb @@ -0,0 +1,52 @@ +class Admin::ApplicationsController < Admin::ApplicationController + before_action :set_application, only: [:show, :edit, :update, :destroy] + + def index + @applications = Doorkeeper::Application.where("owner_id IS NULL") + end + + def show + end + + def new + @application = Doorkeeper::Application.new + end + + def edit + end + + def create + @application = Doorkeeper::Application.new(application_params) + + if @application.save + flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) + redirect_to admin_application_url(@application) + else + render :new + end + end + + def update + if @application.update(application_params) + redirect_to admin_application_path(@application), notice: 'Application was successfully updated.' + else + render :edit + end + end + + def destroy + @application.destroy + redirect_to admin_applications_url, notice: 'Application was successfully destroyed.' + end + + private + + def set_application + @application = Doorkeeper::Application.where("owner_id IS NULL").find(params[:id]) + end + + # Only allow a trusted parameter "white list" through. + def application_params + params[:doorkeeper_application].permit(:name, :redirect_uri) + end +end diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index be19139c9b1..c491e5c7550 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -1,7 +1,7 @@ class Admin::DashboardController < Admin::ApplicationController def index - @projects = Project.order("created_at DESC").limit(10) - @users = User.order("created_at DESC").limit(10) - @groups = Group.order("created_at DESC").limit(10) + @projects = Project.limit(10) + @users = User.limit(10) + @groups = Group.limit(10) end end diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index e6d0c9323c1..65dc027c8eb 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -2,7 +2,8 @@ class Admin::GroupsController < Admin::ApplicationController before_filter :group, only: [:edit, :show, :update, :destroy, :project_update, :project_teams_update] def index - @groups = Group.order('name ASC') + @groups = Group.all + @groups = @groups.sort(@sort = params[:sort]) @groups = @groups.search(params[:name]) if params[:name].present? @groups = @groups.page(params[:page]).per(20) end @@ -21,7 +22,7 @@ class Admin::GroupsController < Admin::ApplicationController def create @group = Group.new(group_params) - @group.path = @group.name.dup.parameterize if @group.name + @group.name = @group.path.dup unless @group.name if @group.save @group.add_owner(current_user) diff --git a/app/controllers/admin/keys_controller.rb b/app/controllers/admin/keys_controller.rb new file mode 100644 index 00000000000..21111bb44f5 --- /dev/null +++ b/app/controllers/admin/keys_controller.rb @@ -0,0 +1,34 @@ +class Admin::KeysController < Admin::ApplicationController + before_filter :user, only: [:show, :destroy] + + def show + @key = user.keys.find(params[:id]) + + respond_to do |format| + format.html + format.js { render nothing: true } + end + end + + def destroy + key = user.keys.find(params[:id]) + + respond_to do |format| + if key.destroy + format.html { redirect_to [:admin, user], notice: 'User key was successfully removed.' } + else + format.html { redirect_to [:admin, user], alert: 'Failed to remove user key.' } + end + end + end + + protected + + def user + @user ||= User.find_by!(username: params[:user_id]) + end + + def key_params + params.require(:user_id, :id) + end +end diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index 7c2388e81be..2b1fc862b7f 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -25,13 +25,16 @@ class Admin::ProjectsController < Admin::ApplicationController def transfer ::Projects::TransferService.new(@project, current_user, params.dup).execute - redirect_to [:admin, @project.reload] + @project.reload + redirect_to admin_namespace_project_path(@project.namespace, @project) end protected def project - @project = Project.find_with_namespace(params[:id]) + @project = Project.find_with_namespace( + [params[:namespace_id], '/', params[:id]].join('') + ) @project || render_404 end diff --git a/app/controllers/admin/services_controller.rb b/app/controllers/admin/services_controller.rb new file mode 100644 index 00000000000..e80cabd6e18 --- /dev/null +++ b/app/controllers/admin/services_controller.rb @@ -0,0 +1,51 @@ +class Admin::ServicesController < Admin::ApplicationController + before_filter :service, only: [:edit, :update] + + def index + @services = services_templates + end + + def edit + unless service.present? + redirect_to admin_application_settings_services_path, + alert: "Service is unknown or it doesn't exist" + end + end + + def update + if service.update_attributes(application_services_params[:service]) + redirect_to admin_application_settings_services_path, + notice: 'Application settings saved successfully' + else + render :edit + end + end + + private + + def services_templates + templates = [] + + Service.available_services_names.each do |service_name| + service_template = service_name.concat("_service").camelize.constantize + templates << service_template.where(template: true).first_or_create + end + + templates + end + + def service + @service ||= Service.where(id: params[:id], template: true).first + end + + def application_services_params + params.permit(:id, + service: [ + :title, :token, :type, :active, :api_key, :subdomain, + :room, :recipients, :project_url, :webhook, + :user_key, :device, :priority, :sound, :bamboo_url, :username, :password, + :build_key, :server, :teamcity_url, :build_type, + :description, :issues_url, :new_issue_url, :restrict_to_branch + ]) + end +end diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index baad9095b70..ecedb31a7f8 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -2,15 +2,16 @@ class Admin::UsersController < Admin::ApplicationController before_filter :user, only: [:show, :edit, :update, :destroy] def index - @users = User.filter(params[:filter]) + @users = User.order_name_asc.filter(params[:filter]) @users = @users.search(params[:name]) if params[:name].present? @users = @users.sort(@sort = params[:sort]) - @users = @users.alphabetically.page(params[:page]) + @users = @users.page(params[:page]) end def show @personal_projects = user.personal_projects @joined_projects = user.projects.joined(@user) + @keys = user.keys end def new @@ -101,6 +102,9 @@ class Admin::UsersController < Admin::ApplicationController email = user.emails.find(params[:email_id]) email.destroy + user.set_notification_email + user.save if user.notification_email_changed? + respond_to do |format| format.html { redirect_to :back, notice: "Successfully removed email." } format.js { render nothing: true } @@ -117,8 +121,8 @@ class Admin::UsersController < Admin::ApplicationController params.require(:user).permit( :email, :remember_me, :bio, :name, :username, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password, - :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, - :projects_limit, :can_create_group, :admin + :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password, + :projects_limit, :can_create_group, :admin, :key_id ) end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f1e1bebe5ce..df1a588313e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,9 @@ require 'gon' class ApplicationController < ActionController::Base + include Gitlab::CurrentSettings + include GitlabRoutingHelper + before_filter :authenticate_user_from_token! before_filter :authenticate_user! before_filter :reject_blocked! @@ -13,7 +16,8 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception - helper_method :abilities, :can? + helper_method :abilities, :can?, :current_application_settings + helper_method :github_import_enabled?, :gitlab_import_enabled?, :bitbucket_import_enabled? rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) @@ -46,6 +50,17 @@ class ApplicationController < ActionController::Base end end + def authenticate_user!(*args) + # If user is not signed-in and tries to access root_path - redirect him to landing page + if current_application_settings.home_page_url.present? + if current_user.nil? && controller_name == 'dashboard' && action_name == 'show' + redirect_to current_application_settings.home_page_url and return + end + end + + super(*args) + end + def log_exception(exception) application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace application_trace.map!{ |t| " #{t}\n" } @@ -80,6 +95,7 @@ class ApplicationController < ActionController::Base def project unless @project + namespace = params[:namespace_id] id = params[:project_id] || params[:id] # Redirect from @@ -91,7 +107,7 @@ class ApplicationController < ActionController::Base redirect_to request.original_url.gsub(/\.git\Z/, '') and return end - @project = Project.find_with_namespace(id) + @project = Project.find_with_namespace("#{namespace}/#{id}") if @project and can?(current_user, :read_project, @project) @project @@ -108,7 +124,8 @@ class ApplicationController < ActionController::Base def repository @repository ||= project.repository - rescue Grit::NoSuchPathError + rescue Grit::NoSuchPathError(e) + log_exception(e) nil end @@ -168,7 +185,7 @@ class ApplicationController < ActionController::Base end def add_gon_variables - gon.default_issues_tracker = Project.issues_tracker.default_value + gon.default_issues_tracker = Project.new.default_issue_tracker.to_param gon.api_version = API::API.version gon.relative_url_root = Gitlab.config.gitlab.relative_url_root gon.default_avatar_url = URI::join(Gitlab.config.gitlab.url, ActionController::Base.helpers.image_path('no_avatar.png')).to_s @@ -239,4 +256,75 @@ class ApplicationController < ActionController::Base redirect_to profile_path, notice: 'Please complete your profile with email address' and return end end + + def set_filters_params + params[:sort] ||= 'created_desc' + params[:scope] = 'all' if params[:scope].blank? + params[:state] = 'opened' if params[:state].blank? + + @filter_params = params.dup + + if @project + @filter_params[:project_id] = @project.id + elsif @group + @filter_params[:group_id] = @group.id + else + # TODO: this filter ignore issues/mr created in public or + # internal repos where you are not a member. Enable this filter + # or improve current implementation to filter only issues you + # created or assigned or mentioned + #@filter_params[:authorized_only] = true + end + + @filter_params + end + + def set_filter_values(collection) + assignee_id = @filter_params[:assignee_id] + author_id = @filter_params[:author_id] + milestone_id = @filter_params[:milestone_id] + + @sort = @filter_params[:sort] + @assignees = User.where(id: collection.pluck(:assignee_id)) + @authors = User.where(id: collection.pluck(:author_id)) + @milestones = Milestone.where(id: collection.pluck(:milestone_id)) + + if assignee_id.present? && !assignee_id.to_i.zero? + @assignee = @assignees.find_by(id: assignee_id) + end + + if author_id.present? && !author_id.to_i.zero? + @author = @authors.find_by(id: author_id) + end + + if milestone_id.present? && !milestone_id.to_i.zero? + @milestone = @milestones.find_by(id: milestone_id) + end + end + + def get_issues_collection + set_filters_params + issues = IssuesFinder.new.execute(current_user, @filter_params) + set_filter_values(issues) + issues + end + + def get_merge_requests_collection + set_filters_params + merge_requests = MergeRequestsFinder.new.execute(current_user, @filter_params) + set_filter_values(merge_requests) + merge_requests + end + + def github_import_enabled? + OauthHelper.enabled_oauth_providers.include?(:github) + end + + def gitlab_import_enabled? + OauthHelper.enabled_oauth_providers.include?(:gitlab) + end + + def bitbucket_import_enabled? + OauthHelper.enabled_oauth_providers.include?(:bitbucket) && Gitlab::BitbucketImport.public_key.present? + end end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 5aff526d1b5..eca7b39bcdf 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -3,22 +3,16 @@ class DashboardController < ApplicationController before_filter :load_projects, except: [:projects] before_filter :event_filter, only: :show - before_filter :default_filter, only: [:issues, :merge_requests] - def show # Fetch only 30 projects. # If user needs more - point to Dashboard#projects page @projects_limit = 30 - @groups = current_user.authorized_groups.sort_by(&:human_name) + @groups = current_user.authorized_groups.order_name_asc @has_authorized_projects = @projects.count > 0 @projects_count = @projects.count - @projects = @projects.limit(@projects_limit) - - @events = Event.in_projects(current_user.authorized_projects.pluck(:id)) - @events = @event_filter.apply_filter(@events) - @events = @events.limit(20).offset(params[:offset] || 0) + @projects = @projects.includes(:namespace).limit(@projects_limit) @last_push = current_user.recent_push @@ -26,8 +20,16 @@ class DashboardController < ApplicationController respond_to do |format| format.html - format.json { pager_json("events/_events", @events.count) } - format.atom { render layout: false } + + format.json do + load_events + pager_json("events/_events", @events.count) + end + + format.atom do + load_events + render layout: false + end end end @@ -55,13 +57,13 @@ class DashboardController < ApplicationController end def merge_requests - @merge_requests = MergeRequestsFinder.new.execute(current_user, params) + @merge_requests = get_merge_requests_collection @merge_requests = @merge_requests.page(params[:page]).per(20) @merge_requests = @merge_requests.preload(:author, :target_project) end def issues - @issues = IssuesFinder.new.execute(current_user, params) + @issues = get_issues_collection @issues = @issues.page(params[:page]).per(20) @issues = @issues.preload(:author, :project) @@ -77,9 +79,9 @@ class DashboardController < ApplicationController @projects = current_user.authorized_projects.sorted_by_activity.non_archived end - def default_filter - params[:scope] = 'assigned-to-me' if params[:scope].blank? - params[:state] = 'opened' if params[:state].blank? - params[:authorized_only] = true + def load_events + @events = Event.in_projects(current_user.authorized_projects.pluck(:id)) + @events = @event_filter.apply_filter(@events).with_associations + @events = @events.limit(20).offset(params[:offset] || 0) end end diff --git a/app/controllers/explore/projects_controller.rb b/app/controllers/explore/projects_controller.rb index d75fd8e72fa..0e5891ae807 100644 --- a/app/controllers/explore/projects_controller.rb +++ b/app/controllers/explore/projects_controller.rb @@ -18,7 +18,7 @@ class Explore::ProjectsController < ApplicationController def starred @starred_projects = ProjectsFinder.new.execute(current_user) - @starred_projects = @starred_projects.order('star_count DESC') + @starred_projects = @starred_projects.reorder('star_count DESC') @starred_projects = @starred_projects.page(params[:page]).per(10) end end diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb deleted file mode 100644 index 7937454810d..00000000000 --- a/app/controllers/files_controller.rb +++ /dev/null @@ -1,16 +0,0 @@ -class FilesController < ApplicationController - def download - note = Note.find(params[:id]) - uploader = note.attachment - - if uploader.file_storage? - if can?(current_user, :read_project, note.project) - send_file uploader.file.path, disposition: 'attachment' - else - not_found! - end - else - redirect_to uploader.url - end - end -end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 36222758eb2..d011523c94f 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -10,20 +10,18 @@ class GroupsController < ApplicationController # Load group projects before_filter :load_projects, except: [:new, :create, :projects, :edit, :update] - - before_filter :default_filter, only: [:issues, :merge_requests] + before_filter :event_filter, only: :show + before_filter :set_title, only: [:new, :create] layout :determine_layout - before_filter :set_title, only: [:new, :create] - def new @group = Group.new end def create @group = Group.new(group_params) - @group.path = @group.name.dup.parameterize if @group.name + @group.name = @group.path.dup unless @group.name if @group.save @group.add_owner(current_user) @@ -34,26 +32,32 @@ class GroupsController < ApplicationController end def show - @events = Event.in_projects(project_ids) - @events = event_filter.apply_filter(@events) - @events = @events.limit(20).offset(params[:offset] || 0) @last_push = current_user.recent_push if current_user + @projects = @projects.includes(:namespace) respond_to do |format| format.html - format.json { pager_json("events/_events", @events.count) } - format.atom { render layout: false } + + format.json do + load_events + pager_json("events/_events", @events.count) + end + + format.atom do + load_events + render layout: false + end end end def merge_requests - @merge_requests = MergeRequestsFinder.new.execute(current_user, params) + @merge_requests = get_merge_requests_collection @merge_requests = @merge_requests.page(params[:page]).per(20) @merge_requests = @merge_requests.preload(:author, :target_project) end def issues - @issues = IssuesFinder.new.execute(current_user, params) + @issues = get_issues_collection @issues = @issues.page(params[:page]).per(20) @issues = @issues.preload(:author, :project) @@ -148,19 +152,13 @@ class GroupsController < ApplicationController end end - def default_filter - if params[:scope].blank? - if current_user - params[:scope] = 'assigned-to-me' - else - params[:scope] = 'all' - end - end - params[:state] = 'opened' if params[:state].blank? - params[:group_id] = @group.id - end - def group_params params.require(:group).permit(:name, :description, :path, :avatar) end + + def load_events + @events = Event.in_projects(project_ids) + @events = event_filter.apply_filter(@events).with_associations + @events = @events.limit(20).offset(params[:offset] || 0) + end end diff --git a/app/controllers/import/base_controller.rb b/app/controllers/import/base_controller.rb new file mode 100644 index 00000000000..4df171dbcfe --- /dev/null +++ b/app/controllers/import/base_controller.rb @@ -0,0 +1,21 @@ +class Import::BaseController < ApplicationController + + private + + def get_or_create_namespace + existing_namespace = Namespace.find_by("path = ? OR name = ?", @target_namespace, @target_namespace) + + if existing_namespace + if existing_namespace.owner == current_user + namespace = existing_namespace + else + @already_been_taken = true + return false + end + else + namespace = Group.create(name: @target_namespace, path: @target_namespace, owner: current_user) + namespace.add_owner(current_user) + namespace + end + end +end diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb new file mode 100644 index 00000000000..83ebc5fddca --- /dev/null +++ b/app/controllers/import/bitbucket_controller.rb @@ -0,0 +1,79 @@ +class Import::BitbucketController < Import::BaseController + before_filter :verify_bitbucket_import_enabled + before_filter :bitbucket_auth, except: :callback + + rescue_from OAuth::Error, with: :bitbucket_unauthorized + + def callback + request_token = session.delete(:oauth_request_token) + raise "Session expired!" if request_token.nil? + + request_token.symbolize_keys! + + access_token = client.get_token(request_token, params[:oauth_verifier], callback_import_bitbucket_url) + + current_user.bitbucket_access_token = access_token.token + current_user.bitbucket_access_token_secret = access_token.secret + + current_user.save + redirect_to status_import_bitbucket_url + end + + def status + @repos = client.projects + + @already_added_projects = current_user.created_projects.where(import_type: "bitbucket") + already_added_projects_names = @already_added_projects.pluck(:import_source) + + @repos.to_a.reject!{ |repo| already_added_projects_names.include? "#{repo["owner"]}/#{repo["slug"]}" } + end + + def jobs + jobs = current_user.created_projects.where(import_type: "bitbucket").to_json(only: [:id, :import_status]) + render json: jobs + end + + def create + @repo_id = params[:repo_id] || "" + repo = client.project(@repo_id.gsub("___", "/")) + @target_namespace = params[:new_namespace].presence || repo["owner"] + @project_name = repo["slug"] + + namespace = get_or_create_namespace || (render and return) + + unless Gitlab::BitbucketImport::KeyAdder.new(repo, current_user).execute + @access_denied = true + render + return + end + + @project = Gitlab::BitbucketImport::ProjectCreator.new(repo, namespace, current_user).execute + end + + private + + def client + @client ||= Gitlab::BitbucketImport::Client.new(current_user.bitbucket_access_token, current_user.bitbucket_access_token_secret) + end + + def verify_bitbucket_import_enabled + not_found! unless bitbucket_import_enabled? + end + + def bitbucket_auth + if current_user.bitbucket_access_token.blank? + go_to_bitbucket_for_permissions + end + end + + def go_to_bitbucket_for_permissions + request_token = client.request_token(callback_import_bitbucket_url) + session[:oauth_request_token] = request_token + + redirect_to client.authorize_url(request_token, callback_import_bitbucket_url) + end + + def bitbucket_unauthorized + go_to_bitbucket_for_permissions + end +end diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb new file mode 100644 index 00000000000..dc7668ee6fd --- /dev/null +++ b/app/controllers/import/github_controller.rb @@ -0,0 +1,65 @@ +class Import::GithubController < Import::BaseController + before_filter :verify_github_import_enabled + before_filter :github_auth, except: :callback + + rescue_from Octokit::Unauthorized, with: :github_unauthorized + + def callback + token = client.get_token(params[:code]) + current_user.github_access_token = token + current_user.save + redirect_to status_import_github_url + end + + def status + @repos = client.repos + client.orgs.each do |org| + @repos += client.repos(org.login) + end + + @already_added_projects = current_user.created_projects.where(import_type: "github") + already_added_projects_names = @already_added_projects.pluck(:import_source) + + @repos.reject!{ |repo| already_added_projects_names.include? repo.full_name } + end + + def jobs + jobs = current_user.created_projects.where(import_type: "github").to_json(only: [:id, :import_status]) + render json: jobs + end + + def create + @repo_id = params[:repo_id].to_i + repo = client.repo(@repo_id) + @target_namespace = params[:new_namespace].presence || repo.owner.login + @project_name = repo.name + + namespace = get_or_create_namespace || (render and return) + + @project = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, current_user).execute + end + + private + + def client + @client ||= Gitlab::GithubImport::Client.new(current_user.github_access_token) + end + + def verify_github_import_enabled + not_found! unless github_import_enabled? + end + + def github_auth + if current_user.github_access_token.blank? + go_to_github_for_permissions + end + end + + def go_to_github_for_permissions + redirect_to client.authorize_url(callback_import_github_url) + end + + def github_unauthorized + go_to_github_for_permissions + end +end diff --git a/app/controllers/import/gitlab_controller.rb b/app/controllers/import/gitlab_controller.rb new file mode 100644 index 00000000000..e979dad4b11 --- /dev/null +++ b/app/controllers/import/gitlab_controller.rb @@ -0,0 +1,62 @@ +class Import::GitlabController < Import::BaseController + before_filter :verify_gitlab_import_enabled + before_filter :gitlab_auth, except: :callback + + rescue_from OAuth2::Error, with: :gitlab_unauthorized + + def callback + token = client.get_token(params[:code], callback_import_gitlab_url) + current_user.gitlab_access_token = token + current_user.save + redirect_to status_import_gitlab_url + end + + def status + @repos = client.projects + + @already_added_projects = current_user.created_projects.where(import_type: "gitlab") + already_added_projects_names = @already_added_projects.pluck(:import_source) + + @repos = @repos.to_a.reject{ |repo| already_added_projects_names.include? repo["path_with_namespace"] } + end + + def jobs + jobs = current_user.created_projects.where(import_type: "gitlab").to_json(only: [:id, :import_status]) + render json: jobs + end + + def create + @repo_id = params[:repo_id].to_i + repo = client.project(@repo_id) + @target_namespace = params[:new_namespace].presence || repo["namespace"]["path"] + @project_name = repo["name"] + + namespace = get_or_create_namespace || (render and return) + + @project = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, current_user).execute + end + + private + + def client + @client ||= Gitlab::GitlabImport::Client.new(current_user.gitlab_access_token) + end + + def verify_gitlab_import_enabled + not_found! unless gitlab_import_enabled? + end + + def gitlab_auth + if current_user.gitlab_access_token.blank? + go_to_gitlab_for_permissions + end + end + + def go_to_gitlab_for_permissions + redirect_to client.authorize_url(callback_import_gitlab_url) + end + + def gitlab_unauthorized + go_to_gitlab_for_permissions + end +end diff --git a/app/controllers/import/gitorious_controller.rb b/app/controllers/import/gitorious_controller.rb new file mode 100644 index 00000000000..6067a87ee04 --- /dev/null +++ b/app/controllers/import/gitorious_controller.rb @@ -0,0 +1,43 @@ +class Import::GitoriousController < Import::BaseController + + def new + redirect_to client.authorize_url(callback_import_gitorious_url) + end + + def callback + session[:gitorious_repos] = params[:repos] + redirect_to status_import_gitorious_url + end + + def status + @repos = client.repos + + @already_added_projects = current_user.created_projects.where(import_type: "gitorious") + already_added_projects_names = @already_added_projects.pluck(:import_source) + + @repos.reject! { |repo| already_added_projects_names.include? repo.full_name } + end + + def jobs + jobs = current_user.created_projects.where(import_type: "gitorious").to_json(only: [:id, :import_status]) + render json: jobs + end + + def create + @repo_id = params[:repo_id] + repo = client.repo(@repo_id) + @target_namespace = params[:new_namespace].presence || repo.namespace + @project_name = repo.name + + namespace = get_or_create_namespace || (render and return) + + @project = Gitlab::GitoriousImport::ProjectCreator.new(repo, namespace, current_user).execute + end + + private + + def client + @client ||= Gitlab::GitoriousImport::Client.new(session[:gitorious_repos]) + end + +end diff --git a/app/controllers/namespaces_controller.rb b/app/controllers/namespaces_controller.rb index c59a2401cef..b7a9d8c1291 100644 --- a/app/controllers/namespaces_controller.rb +++ b/app/controllers/namespaces_controller.rb @@ -15,4 +15,3 @@ class NamespacesController < ApplicationController end end end - diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb new file mode 100644 index 00000000000..efa291d9397 --- /dev/null +++ b/app/controllers/oauth/applications_controller.rb @@ -0,0 +1,39 @@ +class Oauth::ApplicationsController < Doorkeeper::ApplicationsController + before_filter :authenticate_user! + layout "profile" + + def index + head :forbidden and return + end + + def create + @application = Doorkeeper::Application.new(application_params) + + @application.owner = current_user + + if @application.save + flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) + redirect_to oauth_application_url(@application) + else + render :new + end + end + + def destroy + if @application.destroy + flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy]) + end + + redirect_to applications_profile_url + end + + private + + def set_application + @application = current_user.oauth_applications.find(params[:id]) + end + + rescue_from ActiveRecord::RecordNotFound do |exception| + render "errors/not_found", layout: "errors", status: 404 + end +end diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb new file mode 100644 index 00000000000..a57b4a60c24 --- /dev/null +++ b/app/controllers/oauth/authorizations_controller.rb @@ -0,0 +1,57 @@ +class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController + before_filter :authenticate_resource_owner! + layout "profile" + + def new + if pre_auth.authorizable? + if skip_authorization? || matching_token? + auth = authorization.authorize + redirect_to auth.redirect_uri + else + render "doorkeeper/authorizations/new" + end + else + render "doorkeeper/authorizations/error" + end + end + + # TODO: Handle raise invalid authorization + def create + redirect_or_render authorization.authorize + end + + def destroy + redirect_or_render authorization.deny + end + + private + + def matching_token? + Doorkeeper::AccessToken.matching_token_for(pre_auth.client, + current_resource_owner.id, + pre_auth.scopes) + end + + def redirect_or_render(auth) + if auth.redirectable? + redirect_to auth.redirect_uri + else + render json: auth.body, status: auth.status + end + end + + def pre_auth + @pre_auth ||= + Doorkeeper::OAuth::PreAuthorization.new(Doorkeeper.configuration, + server.client_via_uid, + params) + end + + def authorization + @authorization ||= strategy.request + end + + def strategy + @strategy ||= server.authorization_request(pre_auth.response_type) + end +end diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb new file mode 100644 index 00000000000..0b27ce7da72 --- /dev/null +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -0,0 +1,8 @@ +class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController + layout "profile" + + def destroy + Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner) + redirect_to applications_profile_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) + end +end diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index bd4b310fcbf..bb9d65c9ed6 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -42,11 +42,9 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def handle_omniauth if current_user - # Change a logged-in user's authentication method: - current_user.extern_uid = oauth['uid'] - current_user.provider = oauth['provider'] - current_user.save - redirect_to profile_path + # Add new authentication method + current_user.identities.find_or_create_by(extern_uid: oauth['uid'], provider: oauth['provider']) + redirect_to profile_account_path, notice: 'Authentication method updated' else @user = Gitlab::OAuth::User.new(oauth) @user.save @@ -67,8 +65,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return end end - rescue StandardError - flash[:notice] = "There's no such user!" + rescue Gitlab::OAuth::ForbiddenAction => e + flash[:notice] = e.message redirect_to new_user_session_path end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 988ede3007b..dcbbe5baa4b 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -5,12 +5,12 @@ class PasswordsController < Devise::PasswordsController resource_found = resource_class.find_by_email(email) if resource_found && resource_found.ldap_user? flash[:alert] = "Cannot reset password for LDAP user." - respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) and return + respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) and return end self.resource = resource_class.send_reset_password_instructions(resource_params) if successfully_sent?(resource) - respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) + respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) else respond_with(resource) end diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb index f3f0e69b83a..4a65c978e5c 100644 --- a/app/controllers/profiles/emails_controller.rb +++ b/app/controllers/profiles/emails_controller.rb @@ -18,6 +18,9 @@ class Profiles::EmailsController < ApplicationController @email = current_user.emails.find(params[:id]) @email.destroy + current_user.set_notification_email + current_user.save if current_user.notification_email_changed? + respond_to do |format| format.html { redirect_to profile_emails_url } format.js { render nothing: true } diff --git a/app/controllers/profiles/keys_controller.rb b/app/controllers/profiles/keys_controller.rb index 88414b13564..4e2bd0a9b4b 100644 --- a/app/controllers/profiles/keys_controller.rb +++ b/app/controllers/profiles/keys_controller.rb @@ -3,7 +3,7 @@ class Profiles::KeysController < ApplicationController skip_before_filter :authenticate_user!, only: [:get_keys] def index - @keys = current_user.keys.order('id DESC') + @keys = current_user.keys end def show diff --git a/app/controllers/profiles/notifications_controller.rb b/app/controllers/profiles/notifications_controller.rb index 638d1f9789b..433c19189af 100644 --- a/app/controllers/profiles/notifications_controller.rb +++ b/app/controllers/profiles/notifications_controller.rb @@ -2,6 +2,7 @@ class Profiles::NotificationsController < ApplicationController layout 'profile' def show + @user = current_user @notification = current_user.notification @project_members = current_user.project_members @group_members = current_user.group_members @@ -11,8 +12,7 @@ class Profiles::NotificationsController < ApplicationController type = params[:notification_type] @saved = if type == 'global' - current_user.notification_level = params[:notification_level] - current_user.save + current_user.update_attributes(user_params) elsif type == 'group' users_group = current_user.group_members.find(params[:notification_id]) users_group.notification_level = params[:notification_level] @@ -22,5 +22,23 @@ class Profiles::NotificationsController < ApplicationController project_member.notification_level = params[:notification_level] project_member.save end + + respond_to do |format| + format.html do + if @saved + flash[:notice] = "Notification settings saved" + else + flash[:alert] = "Failed to save new settings" + end + + redirect_to :back + end + + format.js + end + end + + def user_params + params.require(:user).permit(:notification_email, :notification_level) end end diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index 1191ce47eba..0c614969a3f 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController end def create - unless @user.valid_password?(user_params[:current_password]) + unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password]) redirect_to new_profile_password_path, alert: 'You must provide a valid current password' return end @@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController result = @user.update_attributes( password: new_password, - password_confirmation: new_password_confirmation + password_confirmation: new_password_confirmation, + password_automatically_set: false ) if result @@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController password_attributes = user_params.select do |key, value| %w(password password_confirmation).include?(key.to_s) end + password_attributes[:password_automatically_set] = false - unless @user.valid_password?(user_params[:current_password]) + unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password]) redirect_to edit_profile_password_path, alert: 'You must provide a valid current password' return end diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index e877f9b9049..a7863aba756 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -13,6 +13,12 @@ class ProfilesController < ApplicationController def design end + def applications + @applications = current_user.oauth_applications + @authorized_tokens = current_user.oauth_authorized_tokens + @authorized_apps = @authorized_tokens.map(&:application).uniq + end + def update user_params.except!(:email) if @user.ldap_user? @@ -62,7 +68,7 @@ class ProfilesController < ApplicationController params.require(:user).permit( :email, :password, :password_confirmation, :bio, :name, :username, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, - :avatar, :hide_no_ssh_key, + :avatar, :hide_no_ssh_key, :hide_no_password ) end end diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index 7e4580017dd..4719933394f 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -8,7 +8,8 @@ class Projects::ApplicationController < ApplicationController # for non-signed users if !current_user id = params[:project_id] || params[:id] - @project = Project.find_with_namespace(id) + project_with_namespace = "#{params[:namespace_id]}/#{id}" + @project = Project.find_with_namespace(project_with_namespace) return if @project && @project.public? end @@ -26,7 +27,10 @@ class Projects::ApplicationController < ApplicationController def require_branch_head unless @repository.branch_names.include?(@ref) - redirect_to project_tree_path(@project, @ref), notice: "This action is not allowed unless you are on top of a branch" + redirect_to( + namespace_project_tree_path(@project.namespace, @project, @ref), + notice: "This action is not allowed unless you are on top of a branch" + ) end end end diff --git a/app/controllers/projects/avatars_controller.rb b/app/controllers/projects/avatars_controller.rb new file mode 100644 index 00000000000..a482b90880d --- /dev/null +++ b/app/controllers/projects/avatars_controller.rb @@ -0,0 +1,29 @@ +class Projects::AvatarsController < Projects::ApplicationController + layout 'project' + + before_filter :project + + def show + @blob = @project.repository.blob_at_branch('master', @project.avatar_in_git) + if @blob + headers['X-Content-Type-Options'] = 'nosniff' + send_data( + @blob.data, + type: @blob.mime_type, + disposition: 'inline', + filename: @blob.name + ) + else + not_found! + end + end + + def destroy + @project.remove_avatar! + + @project.save + @project.reset_events_cache + + redirect_to edit_project_path(@project) + end +end diff --git a/app/controllers/projects/base_tree_controller.rb b/app/controllers/projects/base_tree_controller.rb deleted file mode 100644 index 56c306063c8..00000000000 --- a/app/controllers/projects/base_tree_controller.rb +++ /dev/null @@ -1,8 +0,0 @@ -class Projects::BaseTreeController < Projects::ApplicationController - include ExtractsPath - - before_filter :authorize_read_project! - before_filter :authorize_download_code! - before_filter :require_non_empty_project -end - diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb index bad06e7aa2d..489a6ae5666 100644 --- a/app/controllers/projects/blame_controller.rb +++ b/app/controllers/projects/blame_controller.rb @@ -2,10 +2,9 @@ class Projects::BlameController < Projects::ApplicationController include ExtractsPath - # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :assign_ref_vars + before_filter :authorize_download_code! def show @blob = @repository.blob_at(@commit.id, @path) diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 04aa044001e..4b7eb4df298 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -1,24 +1,91 @@ # Controller for viewing a file's blame class Projects::BlobController < Projects::ApplicationController include ExtractsPath + include ActionView::Helpers::SanitizeHelper - # Authorize - before_filter :authorize_read_project! + # Raised when given an invalid file path + class InvalidPathError < StandardError; end + + before_filter :require_non_empty_project, except: [:new, :create] before_filter :authorize_download_code! - before_filter :require_non_empty_project before_filter :authorize_push_code!, only: [:destroy] + before_filter :assign_blob_vars + before_filter :commit, except: [:new, :create] + before_filter :blob, except: [:new, :create] + before_filter :from_merge_request, only: [:edit, :update] + before_filter :after_edit_path, only: [:edit, :update] + before_filter :require_branch_head, only: [:edit, :update] + + def new + commit unless @repository.empty? + end - before_filter :blob + def create + file_path = File.join(@path, File.basename(params[:file_name])) + result = Files::CreateService.new( + @project, + current_user, + params.merge(new_branch: sanitized_new_branch_name), + @ref, + file_path + ).execute + + if result[:status] == :success + flash[:notice] = "Your changes have been successfully committed" + ref = sanitized_new_branch_name.presence || @ref + redirect_to namespace_project_blob_path(@project.namespace, @project, File.join(ref, file_path)) + else + flash[:alert] = result[:message] + render :new + end + end def show end + def edit + @last_commit = Gitlab::Git::Commit.last_for_path(@repository, @ref, @path).sha + end + + def update + result = Files::UpdateService. + new( + @project, + current_user, + params.merge(new_branch: sanitized_new_branch_name), + @ref, + @path + ).execute + + if result[:status] == :success + flash[:notice] = "Your changes have been successfully committed" + + if from_merge_request + from_merge_request.reload_code + end + + redirect_to after_edit_path + else + flash[:alert] = result[:message] + render :edit + end + end + + def preview + @content = params[:content] + diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true) + @diff_lines = Gitlab::Diff::Parser.new.parse(diffy.diff.scan(/.*\n/)) + + render layout: false + end + def destroy result = Files::DeleteService.new(@project, current_user, params, @ref, @path).execute if result[:status] == :success flash[:notice] = "Your changes have been successfully committed" - redirect_to project_tree_path(@project, @ref) + redirect_to namespace_project_tree_path(@project.namespace, @project, + @ref) else flash[:alert] = result[:message] render :show @@ -47,10 +114,50 @@ class Projects::BlobController < Projects::ApplicationController if @blob @blob - elsif tree.entries.any? - redirect_to project_tree_path(@project, File.join(@ref, @path)) and return else + if tree = @repository.tree(@commit.id, @path) + if tree.entries.any? + redirect_to namespace_project_tree_path(@project.namespace, @project, File.join(@ref, @path)) and return + end + end + return not_found! end end + + def commit + @commit = @repository.commit(@ref) + + return not_found! unless @commit + end + + def assign_blob_vars + @id = params[:id] + @ref, @path = extract_ref(@id) + + + rescue InvalidPathError + not_found! + end + + def after_edit_path + @after_edit_path ||= + if from_merge_request + diffs_namespace_project_merge_request_path(from_merge_request.target_project.namespace, from_merge_request.target_project, from_merge_request) + + "#file-path-#{hexdigest(@path)}" + elsif sanitized_new_branch_name.present? + namespace_project_blob_path(@project.namespace, @project, File.join(sanitized_new_branch_name, @path)) + else + namespace_project_blob_path(@project.namespace, @project, @id) + end + end + + def from_merge_request + # If blob edit was initiated from merge request page + @from_merge_request ||= MergeRequest.find_by(id: params[:from_merge_request_id]) + end + + def sanitized_new_branch_name + @new_branch ||= sanitize(strip_tags(params[:new_branch])) + end end diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 9f50660a5ad..690501f3060 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -1,8 +1,7 @@ class Projects::BranchesController < Projects::ApplicationController + include ActionView::Helpers::SanitizeHelper # Authorize - before_filter :authorize_read_project! before_filter :require_non_empty_project - before_filter :authorize_download_code! before_filter :authorize_push_code!, only: [:create, :destroy] @@ -17,12 +16,15 @@ class Projects::BranchesController < Projects::ApplicationController end def create + branch_name = sanitize(strip_tags(params[:branch_name])) + ref = sanitize(strip_tags(params[:ref])) result = CreateBranchService.new(project, current_user). - execute(params[:branch_name], params[:ref]) + execute(branch_name, ref) if result[:status] == :success @branch = result[:branch] - redirect_to project_tree_path(@project, @branch.name) + redirect_to namespace_project_tree_path(@project.namespace, @project, + @branch.name) else @error = result[:message] render action: 'new' @@ -34,7 +36,10 @@ class Projects::BranchesController < Projects::ApplicationController @branch_name = params[:id] respond_to do |format| - format.html { redirect_to project_branches_path(@project) } + format.html do + redirect_to namespace_project_branches_path(@project.namespace, + @project) + end format.js end end diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index cf05e6ea220..87e39f1363a 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -3,16 +3,14 @@ # Not to be confused with CommitsController, plural. class Projects::CommitController < Projects::ApplicationController # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :authorize_download_code! before_filter :commit def show return git_not_found! unless @commit @line_notes = @project.notes.for_commit_id(commit.id).inline - @branches = @project.repository.branch_names_contains(commit.id) @diffs = @commit.diffs @note = @project.build_commit_note(commit) @notes_count = @project.notes.for_commit_id(commit.id).count @@ -31,6 +29,12 @@ class Projects::CommitController < Projects::ApplicationController end end + def branches + @branches = @project.repository.branch_names_contains(commit.id) + @tags = @project.repository.tag_names_contains(commit.id) + render layout: false + end + def commit @commit ||= @project.repository.commit(params[:id]) end diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index 53a0d063d8e..4b6ab437476 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -3,10 +3,9 @@ require "base64" class Projects::CommitsController < Projects::ApplicationController include ExtractsPath - # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :assign_ref_vars + before_filter :authorize_download_code! def show @repo = @project.repository @@ -14,7 +13,7 @@ class Projects::CommitsController < Projects::ApplicationController @commits = @repo.commits(@ref, @path, @limit, @offset) @note_counts = Note.where(commit_id: @commits.map(&:id)). - group(:commit_id).count + group(:commit_id).count respond_to do |format| format.html diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 6d944025598..146808fa562 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -1,8 +1,7 @@ class Projects::CompareController < Projects::ApplicationController # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :authorize_download_code! def index end @@ -26,6 +25,7 @@ class Projects::CompareController < Projects::ApplicationController end def create - redirect_to project_compare_path(@project, params[:from], params[:to]) + redirect_to namespace_project_compare_path(@project.namespace, @project, + params[:from], params[:to]) end end diff --git a/app/controllers/projects/deploy_keys_controller.rb b/app/controllers/projects/deploy_keys_controller.rb index 024b9520d30..b7cc305899c 100644 --- a/app/controllers/projects/deploy_keys_controller.rb +++ b/app/controllers/projects/deploy_keys_controller.rb @@ -25,7 +25,8 @@ class Projects::DeployKeysController < Projects::ApplicationController @key = DeployKey.new(deploy_key_params) if @key.valid? && @project.deploy_keys << @key - redirect_to project_deploy_keys_path(@project) + redirect_to namespace_project_deploy_keys_path(@project.namespace, + @project) else render "new" end @@ -44,13 +45,15 @@ class Projects::DeployKeysController < Projects::ApplicationController def enable @project.deploy_keys << available_keys.find(params[:id]) - redirect_to project_deploy_keys_path(@project) + redirect_to namespace_project_deploy_keys_path(@project.namespace, + @project) end def disable @project.deploy_keys_projects.where(deploy_key_id: params[:id]).last.destroy - redirect_to project_deploy_keys_path(@project) + redirect_to namespace_project_deploy_keys_path(@project.namespace, + @project) end protected diff --git a/app/controllers/projects/edit_tree_controller.rb b/app/controllers/projects/edit_tree_controller.rb deleted file mode 100644 index 65661c80410..00000000000 --- a/app/controllers/projects/edit_tree_controller.rb +++ /dev/null @@ -1,60 +0,0 @@ -class Projects::EditTreeController < Projects::BaseTreeController - before_filter :require_branch_head - before_filter :blob - before_filter :authorize_push_code! - before_filter :from_merge_request - before_filter :after_edit_path - - def show - @last_commit = Gitlab::Git::Commit.last_for_path(@repository, @ref, @path).sha - end - - def update - result = Files::UpdateService. - new(@project, current_user, params, @ref, @path).execute - - if result[:status] == :success - flash[:notice] = "Your changes have been successfully committed" - - if from_merge_request - from_merge_request.reload_code - end - - redirect_to after_edit_path - else - flash[:alert] = result[:message] - render :show - end - end - - def preview - @content = params[:content] - - diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', - include_diff_info: true) - @diff_lines = Gitlab::Diff::Parser.new.parse(diffy.diff.scan(/.*\n/)) - - render layout: false - end - - private - - def blob - @blob ||= @repository.blob_at(@commit.id, @path) - end - - def after_edit_path - @after_edit_path ||= - if from_merge_request - diffs_project_merge_request_path(from_merge_request.target_project, from_merge_request) + - "#file-path-#{hexdigest(@path)}" - else - project_blob_path(@project, @id) - end - end - - def from_merge_request - # If blob edit was initiated from merge request page - @from_merge_request ||= MergeRequest.find_by(id: params[:from_merge_request_id]) - end -end diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb new file mode 100644 index 00000000000..21a151a426e --- /dev/null +++ b/app/controllers/projects/forks_controller.rb @@ -0,0 +1,25 @@ +class Projects::ForksController < Projects::ApplicationController + # Authorize + before_filter :require_non_empty_project + before_filter :authorize_download_code! + + def new + @namespaces = current_user.manageable_namespaces + @namespaces.delete(@project.namespace) + end + + def create + namespace = Namespace.find(params[:namespace_key]) + @forked_project = ::Projects::ForkService.new(project, current_user, namespace: namespace).execute + + if @forked_project.saved? && @forked_project.forked? + redirect_to( + namespace_project_path(@forked_project.namespace, @forked_project), + notice: 'Project was successfully forked.' + ) + else + @title = 'Fork project' + render :error + end + end +end diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb index 21d3970d65a..752474b4a4c 100644 --- a/app/controllers/projects/graphs_controller.rb +++ b/app/controllers/projects/graphs_controller.rb @@ -1,8 +1,7 @@ class Projects::GraphsController < Projects::ApplicationController # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :authorize_download_code! def show respond_to do |format| diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index cab8fd76e6c..ba95bb13e1f 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -16,7 +16,7 @@ class Projects::HooksController < Projects::ApplicationController @hook.save if @hook.valid? - redirect_to project_hooks_path(@project) + redirect_to namespace_project_hooks_path(@project.namespace, @project) else @hooks = @project.hooks.select(&:persisted?) render :index @@ -26,6 +26,7 @@ class Projects::HooksController < Projects::ApplicationController def test if !@project.empty_repo? status = TestHookService.new.execute(hook, current_user) + if status flash[:notice] = 'Hook successfully executed.' else @@ -42,7 +43,7 @@ class Projects::HooksController < Projects::ApplicationController def destroy hook.destroy - redirect_to project_hooks_path(@project) + redirect_to namespace_project_hooks_path(@project.namespace, @project) end private diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb new file mode 100644 index 00000000000..e2f957a640c --- /dev/null +++ b/app/controllers/projects/imports_controller.rb @@ -0,0 +1,51 @@ +class Projects::ImportsController < Projects::ApplicationController + # Authorize + before_filter :authorize_admin_project! + before_filter :require_no_repo + before_filter :redirect_if_progress, except: :show + + def new + end + + def create + @project.import_url = params[:project][:import_url] + + if @project.save + @project.reload + + if @project.import_failed? + @project.import_retry + else + @project.import_start + end + end + + redirect_to namespace_project_import_path(@project.namespace, @project) + end + + def show + unless @project.import_in_progress? + if @project.import_finished? + redirect_to(@project) and return + else + redirect_to new_namespace_project_import_path(@project.namespace, + @project) && return + end + end + end + + private + + def require_no_repo + if @project.repository_exists? + redirect_to(namespace_project_path(@project.namespace, @project)) and return + end + end + + def redirect_if_progress + if @project.import_in_progress? + redirect_to namespace_project_import_path(@project.namespace, @project) && + return + end + end +end diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index c6d526f05c5..6a2af08a199 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -18,18 +18,10 @@ class Projects::IssuesController < Projects::ApplicationController def index terms = params['issue_search'] - - @issues = issues_filtered + @issues = get_issues_collection @issues = @issues.full_search(terms) if terms.present? @issues = @issues.page(params[:page]).per(20) - assignee_id, milestone_id = params[:assignee_id], params[:milestone_id] - @assignee = @project.team.find(assignee_id) if assignee_id.present? && !assignee_id.to_i.zero? - @milestone = @project.milestones.find(milestone_id) if milestone_id.present? && !milestone_id.to_i.zero? - sort_param = params[:sort] || 'newest' - @sort = sort_param.humanize unless sort_param.empty? - @assignees = User.where(id: @project.issues.pluck(:assignee_id)).active - respond_to do |format| format.html format.atom { render layout: false } @@ -68,7 +60,7 @@ class Projects::IssuesController < Projects::ApplicationController respond_to do |format| format.html do if @issue.valid? - redirect_to project_issue_path(@project, @issue) + redirect_to issue_path(@issue) else render :new end @@ -86,7 +78,7 @@ class Projects::IssuesController < Projects::ApplicationController format.js format.html do if @issue.valid? - redirect_to [@project, @issue] + redirect_to issue_path(@issue) else render :edit end @@ -127,12 +119,6 @@ class Projects::IssuesController < Projects::ApplicationController return render_404 unless @project.issues_enabled end - def issues_filtered - params[:scope] = 'all' if params[:scope].blank? - params[:state] = 'opened' if params[:state].blank? - @issues = IssuesFinder.new.execute(current_user, params.merge(project_id: @project.id)) - end - # Since iids are implemented only in 6.1 # user may navigate to issue page using old global ids. # @@ -142,7 +128,7 @@ class Projects::IssuesController < Projects::ApplicationController issue = @project.issues.find_by(id: params[:id]) if issue - redirect_to project_issue_path(@project, issue) + redirect_to issue_path(issue) return else raise ActiveRecord::RecordNotFound.new diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index 6c7bde9c5d5..5e31fce4b0e 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -7,7 +7,7 @@ class Projects::LabelsController < Projects::ApplicationController respond_to :js, :html def index - @labels = @project.labels.order_by_name.page(params[:page]).per(20) + @labels = @project.labels.page(params[:page]).per(20) end def new @@ -18,7 +18,7 @@ class Projects::LabelsController < Projects::ApplicationController @label = @project.labels.create(label_params) if @label.valid? - redirect_to project_labels_path(@project) + redirect_to namespace_project_labels_path(@project.namespace, @project) else render 'new' end @@ -29,7 +29,7 @@ class Projects::LabelsController < Projects::ApplicationController def update if @label.update_attributes(label_params) - redirect_to project_labels_path(@project) + redirect_to namespace_project_labels_path(@project.namespace, @project) else render 'edit' end @@ -39,11 +39,12 @@ class Projects::LabelsController < Projects::ApplicationController Gitlab::IssuesLabels.generate(@project) if params[:redirect] == 'issues' - redirect_to project_issues_path(@project) + redirect_to namespace_project_issues_path(@project.namespace, @project) elsif params[:redirect] == 'merge_requests' - redirect_to project_merge_requests_path(@project) + redirect_to namespace_project_merge_requests_path(@project.namespace, + @project) else - redirect_to project_labels_path(@project) + redirect_to namespace_project_labels_path(@project.namespace, @project) end end @@ -51,7 +52,10 @@ class Projects::LabelsController < Projects::ApplicationController @label.destroy respond_to do |format| - format.html { redirect_to project_labels_path(@project), notice: 'Label was removed' } + format.html do + redirect_to(namespace_project_labels_path(@project.namespace, @project), + notice: 'Label was removed') + end format.js end end diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 20a733b10e1..26d4c51773f 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -17,26 +17,17 @@ class Projects::MergeRequestsController < Projects::ApplicationController before_filter :authorize_modify_merge_request!, only: [:close, :edit, :update, :sort] def index - params[:sort] ||= 'newest' - params[:scope] = 'all' if params[:scope].blank? - params[:state] = 'opened' if params[:state].blank? - - @merge_requests = MergeRequestsFinder.new.execute(current_user, params.merge(project_id: @project.id)) + @merge_requests = get_merge_requests_collection @merge_requests = @merge_requests.page(params[:page]).per(20) - - @sort = params[:sort].humanize - assignee_id, milestone_id = params[:assignee_id], params[:milestone_id] - @assignee = @project.team.find(assignee_id) if assignee_id.present? && !assignee_id.to_i.zero? - @milestone = @project.milestones.find(milestone_id) if milestone_id.present? && !milestone_id.to_i.zero? - @assignees = User.where(id: @project.merge_requests.pluck(:assignee_id)) end def show @note_counts = Note.where(commit_id: @merge_request.commits.map(&:id)). - group(:commit_id).count + group(:commit_id).count respond_to do |format| format.html + format.json { render json: @merge_request } format.diff { render text: @merge_request.to_diff(current_user) } format.patch { render text: @merge_request.to_patch(current_user) } end @@ -87,7 +78,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController @merge_request = MergeRequests::CreateService.new(project, current_user, merge_request_params).execute if @merge_request.valid? - redirect_to project_merge_request_path(@merge_request.target_project, @merge_request), notice: 'Merge request was successfully created.' + redirect_to( + merge_request_path(@merge_request), + notice: 'Merge request was successfully created.' + ) else @source_project = @merge_request.source_project @target_project = @merge_request.target_project @@ -102,7 +96,9 @@ class Projects::MergeRequestsController < Projects::ApplicationController respond_to do |format| format.js format.html do - redirect_to [@merge_request.target_project, @merge_request], notice: 'Merge request was successfully updated.' + redirect_to([@merge_request.target_project.namespace.becomes(Namespace), + @merge_request.target_project, @merge_request], + notice: 'Merge request was successfully updated.') end end else @@ -114,15 +110,15 @@ class Projects::MergeRequestsController < Projects::ApplicationController if @merge_request.unchecked? @merge_request.check_if_can_be_merged end - render json: {merge_status: @merge_request.merge_status_name} + + render json: { merge_status: @merge_request.merge_status_name } end def automerge return access_denied! unless allowed_to_merge? if @merge_request.open? && @merge_request.can_be_merged? - @merge_request.should_remove_source_branch = params[:should_remove_source_branch] - @merge_request.automerge!(current_user, params[:commit_message]) + AutoMergeWorker.perform_async(@merge_request.id, current_user.id, params) @status = true else @status = false @@ -225,6 +221,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController @allowed_to_merge = allowed_to_merge? @show_merge_controls = @merge_request.open? && @commits.any? && @allowed_to_merge @source_branch = @merge_request.source_project.repository.find_branch(@merge_request.source_branch).try(:name) + + if @merge_request.locked_long_ago? + @merge_request.unlock_mr + @merge_request.close + end end def allowed_to_merge? @@ -237,13 +238,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController end def allowed_to_push_code?(project, branch) - action = if project.protected_branch?(branch) - :push_code_to_protected_branches - else - :push_code - end - - can?(current_user, action, project) + ::Gitlab::GitAccess.can_push_to_branch?(current_user, project, branch) end def merge_request_params diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb index d338cdedfaf..97eaabb15c3 100644 --- a/app/controllers/projects/milestones_controller.rb +++ b/app/controllers/projects/milestones_controller.rb @@ -11,7 +11,7 @@ class Projects::MilestonesController < Projects::ApplicationController respond_to :html def index - @milestones = case params[:f] + @milestones = case params[:state] when 'all'; @project.milestones.order("state, due_date DESC") when 'closed'; @project.milestones.closed.order("due_date DESC") else @project.milestones.active.order("due_date ASC") @@ -40,7 +40,8 @@ class Projects::MilestonesController < Projects::ApplicationController @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute if @milestone.save - redirect_to project_milestone_path(@project, @milestone) + redirect_to namespace_project_milestone_path(@project.namespace, + @project, @milestone) else render "new" end @@ -67,7 +68,7 @@ class Projects::MilestonesController < Projects::ApplicationController @milestone.destroy respond_to do |format| - format.html { redirect_to project_milestones_path } + format.html { redirect_to namespace_project_milestones_path } format.js { render nothing: true } end end @@ -103,7 +104,9 @@ class Projects::MilestonesController < Projects::ApplicationController end def module_enabled - return render_404 unless @project.issues_enabled + unless @project.issues_enabled || @project.merge_requests_enabled + return render_404 + end end def milestone_params diff --git a/app/controllers/projects/network_controller.rb b/app/controllers/projects/network_controller.rb index 009089ee639..83d1c1dacae 100644 --- a/app/controllers/projects/network_controller.rb +++ b/app/controllers/projects/network_controller.rb @@ -2,10 +2,9 @@ class Projects::NetworkController < Projects::ApplicationController include ExtractsPath include ApplicationHelper - # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :assign_ref_vars + before_filter :authorize_download_code! def show respond_to do |format| diff --git a/app/controllers/projects/new_tree_controller.rb b/app/controllers/projects/new_tree_controller.rb deleted file mode 100644 index ffba706b2f6..00000000000 --- a/app/controllers/projects/new_tree_controller.rb +++ /dev/null @@ -1,20 +0,0 @@ -class Projects::NewTreeController < Projects::BaseTreeController - before_filter :require_branch_head - before_filter :authorize_push_code! - - def show - end - - def update - file_path = File.join(@path, File.basename(params[:file_name])) - result = Files::CreateService.new(@project, current_user, params, @ref, file_path).execute - - if result[:status] == :success - flash[:notice] = "Your changes have been successfully committed" - redirect_to project_blob_path(@project, File.join(@ref, file_path)) - else - flash[:alert] = result[:message] - render :show - end - end -end diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index 7b08b79d236..2f1d631c14a 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -61,10 +61,6 @@ class Projects::NotesController < Projects::ApplicationController end end - def preview - render text: view_context.markdown(params[:note]) - end - private def note diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb index bd31b1d3c54..ac36ac6fcd3 100644 --- a/app/controllers/projects/protected_branches_controller.rb +++ b/app/controllers/projects/protected_branches_controller.rb @@ -12,14 +12,33 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController def create @project.protected_branches.create(protected_branch_params) - redirect_to project_protected_branches_path(@project) + redirect_to namespace_project_protected_branches_path(@project.namespace, + @project) + end + + def update + protected_branch = @project.protected_branches.find(params[:id]) + + if protected_branch && + protected_branch.update_attributes( + developers_can_push: params[:developers_can_push] + ) + + respond_to do |format| + format.json { render json: protected_branch, status: :ok } + end + else + respond_to do |format| + format.json { render json: protected_branch.errors, status: :unprocessable_entity } + end + end end def destroy @project.protected_branches.find(params[:id]).destroy respond_to do |format| - format.html { redirect_to project_protected_branches_path } + format.html { redirect_to namespace_project_protected_branches_path } format.js { render nothing: true } end end @@ -27,6 +46,6 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController private def protected_branch_params - params.require(:protected_branch).permit(:name) + params.require(:protected_branch).permit(:name, :developers_can_push) end end diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index f4fdd616c50..b1a029ce696 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -2,10 +2,9 @@ class Projects::RawController < Projects::ApplicationController include ExtractsPath - # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :assign_ref_vars + before_filter :authorize_download_code! def show @blob = @repository.blob_at(@commit.id, @path) @@ -36,4 +35,3 @@ class Projects::RawController < Projects::ApplicationController end end end - diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 9ac189a78b3..67acf45ab7f 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -1,22 +1,23 @@ class Projects::RefsController < Projects::ApplicationController include ExtractsPath - # Authorize - before_filter :authorize_read_project! - before_filter :authorize_download_code! before_filter :require_non_empty_project + before_filter :assign_ref_vars + before_filter :authorize_download_code! def switch respond_to do |format| format.html do new_path = if params[:destination] == "tree" - project_tree_path(@project, (@id)) + namespace_project_tree_path(@project.namespace, @project, + (@id)) elsif params[:destination] == "blob" - project_blob_path(@project, (@id)) + namespace_project_blob_path(@project.namespace, @project, + (@id)) elsif params[:destination] == "graph" - project_network_path(@project, @id, @options) + namespace_project_network_path(@project.namespace, @project, @id, @options) else - project_commits_path(@project, @id) + namespace_project_commits_path(@project.namespace, @project, @id) end redirect_to new_path @@ -32,19 +33,19 @@ class Projects::RefsController < Projects::ApplicationController def logs_tree @offset = if params[:offset].present? - params[:offset].to_i - else - 0 - end + params[:offset].to_i + else + 0 + end @limit = 25 @path = params[:path] contents = [] - contents += tree.trees - contents += tree.blobs - contents += tree.submodules + contents.push(*tree.trees) + contents.push(*tree.blobs) + contents.push(*tree.submodules) @logs = contents[@offset, @limit].to_a.map do |content| file = @path ? File.join(@path, content.name) : content.name diff --git a/app/controllers/projects/repositories_controller.rb b/app/controllers/projects/repositories_controller.rb index 6d8ef0f1ac8..cbb888b25e8 100644 --- a/app/controllers/projects/repositories_controller.rb +++ b/app/controllers/projects/repositories_controller.rb @@ -1,8 +1,14 @@ class Projects::RepositoriesController < Projects::ApplicationController # Authorize - before_filter :authorize_read_project! + before_filter :require_non_empty_project, except: :create before_filter :authorize_download_code! - before_filter :require_non_empty_project + before_filter :authorize_admin_project!, only: :create + + def create + @project.create_repository + + redirect_to project_path(@project) + end def archive unless can?(current_user, :download_code, @project) diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb index a5f30dcfd9d..5c29a6550f5 100644 --- a/app/controllers/projects/services_controller.rb +++ b/app/controllers/projects/services_controller.rb @@ -9,7 +9,7 @@ class Projects::ServicesController < Projects::ApplicationController def index @project.build_missing_services - @services = @project.services.reload + @services = @project.services.visible.reload end def edit @@ -17,18 +17,25 @@ class Projects::ServicesController < Projects::ApplicationController def update if @service.update_attributes(service_params) - redirect_to edit_project_service_path(@project, @service.to_param) + redirect_to( + edit_namespace_project_service_path(@project.namespace, @project, + @service.to_param, notice: + 'Successfully updated.') + ) else render 'edit' end end def test - data = GitPushService.new.sample_data(project, current_user) - - @service.execute(data) + data = Gitlab::PushDataBuilder.build_sample(project, current_user) + if @service.execute(data) + message = { notice: 'We sent a request to the provided URL' } + else + message = { alert: 'We tried to send a request to the provided URL but an error occured' } + end - redirect_to :back + redirect_to :back, message end private @@ -42,7 +49,8 @@ class Projects::ServicesController < Projects::ApplicationController :title, :token, :type, :active, :api_key, :subdomain, :room, :recipients, :project_url, :webhook, :user_key, :device, :priority, :sound, :bamboo_url, :username, :password, - :build_key + :build_key, :server, :teamcity_url, :build_type, + :description, :issues_url, :new_issue_url, :restrict_to_branch ) end end diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index 9d5dd8a95cc..6c250e4ffed 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -32,7 +32,8 @@ class Projects::SnippetsController < Projects::ApplicationController @snippet.author = current_user if @snippet.save - redirect_to project_snippet_path(@project, @snippet) + redirect_to namespace_project_snippet_path(@project.namespace, @project, + @snippet) else respond_with(@snippet) end @@ -43,7 +44,7 @@ class Projects::SnippetsController < Projects::ApplicationController def update if @snippet.update_attributes(snippet_params) - redirect_to project_snippet_path(@project, @snippet) + redirect_to namespace_project_snippet_path(@project.namespace, @project, @snippet) else respond_with(@snippet) end @@ -60,7 +61,7 @@ class Projects::SnippetsController < Projects::ApplicationController @snippet.destroy - redirect_to project_snippets_path(@project) + redirect_to namespace_project_snippets_path(@project.namespace, @project) end def raw @@ -68,7 +69,7 @@ class Projects::SnippetsController < Projects::ApplicationController @snippet.content, type: 'text/plain; charset=utf-8', disposition: 'inline', - filename: @snippet.file_name + filename: @snippet.sanitized_file_name ) end diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index 94794fb5dd0..08c7ce3f37d 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -1,8 +1,6 @@ class Projects::TagsController < Projects::ApplicationController # Authorize - before_filter :authorize_read_project! before_filter :require_non_empty_project - before_filter :authorize_download_code! before_filter :authorize_push_code!, only: [:create] before_filter :authorize_admin_project!, only: [:destroy] @@ -15,9 +13,10 @@ class Projects::TagsController < Projects::ApplicationController def create result = CreateTagService.new(@project, current_user). execute(params[:tag_name], params[:ref], params[:message]) + if result[:status] == :success @tag = result[:tag] - redirect_to project_tags_path(@project) + redirect_to namespace_project_tags_path(@project.namespace, @project) else @error = result[:message] render action: 'new' @@ -28,11 +27,11 @@ class Projects::TagsController < Projects::ApplicationController tag = @repository.find_tag(params[:id]) if tag && @repository.rm_tag(tag.name) - Event.create_ref_event(@project, current_user, tag, 'rm', 'refs/tags') + EventCreateService.new.push_ref(@project, current_user, tag, 'rm', 'refs/tags') end respond_to do |format| - format.html { redirect_to project_tags_path } + format.html { redirect_to namespace_project_tags_path } format.js end end diff --git a/app/controllers/projects/team_members_controller.rb b/app/controllers/projects/team_members_controller.rb index 0791e6080fb..71b0ab7ee82 100644 --- a/app/controllers/projects/team_members_controller.rb +++ b/app/controllers/projects/team_members_controller.rb @@ -21,7 +21,8 @@ class Projects::TeamMembersController < Projects::ApplicationController if params[:redirect_to] redirect_to params[:redirect_to] else - redirect_to project_team_index_path(@project) + redirect_to namespace_project_team_index_path(@project.namespace, + @project) end end @@ -32,7 +33,7 @@ class Projects::TeamMembersController < Projects::ApplicationController unless @user_project_relation.valid? flash[:alert] = "User should have at least one role" end - redirect_to project_team_index_path(@project) + redirect_to namespace_project_team_index_path(@project.namespace, @project) end def destroy @@ -40,7 +41,10 @@ class Projects::TeamMembersController < Projects::ApplicationController @user_project_relation.destroy respond_to do |format| - format.html { redirect_to project_team_index_path(@project) } + format.html do + redirect_to namespace_project_team_index_path(@project.namespace, + @project) + end format.js { render nothing: true } end end @@ -59,7 +63,8 @@ class Projects::TeamMembersController < Projects::ApplicationController status = @project.team.import(giver) notice = status ? "Successfully imported" : "Import failed" - redirect_to project_team_index_path(project), notice: notice + redirect_to(namespace_project_team_index_path(project.namespace, project), + notice: notice) end protected diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index 4d033b36848..b23010bf595 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -1,10 +1,18 @@ # Controller for viewing a repository's file structure -class Projects::TreeController < Projects::BaseTreeController - def show +class Projects::TreeController < Projects::ApplicationController + include ExtractsPath + + before_filter :require_non_empty_project, except: [:new, :create] + before_filter :assign_ref_vars + before_filter :authorize_download_code! + def show if tree.entries.empty? if @repository.blob_at(@commit.id, @path) - redirect_to project_blob_path(@project, File.join(@ref, @path)) and return + redirect_to( + namespace_project_blob_path(@project.namespace, @project, + File.join(@ref, @path)) + ) and return else return not_found! end diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb new file mode 100644 index 00000000000..9020e86c44e --- /dev/null +++ b/app/controllers/projects/uploads_controller.rb @@ -0,0 +1,35 @@ +class Projects::UploadsController < Projects::ApplicationController + layout 'project' + + before_filter :project + + def create + link_to_file = ::Projects::UploadService.new(project, params[:file]). + execute + + respond_to do |format| + if link_to_file + format.json do + render json: { link: link_to_file } + end + else + format.json do + render json: 'Invalid file.', status: :unprocessable_entity + end + end + end + end + + def show + uploader = FileUploader.new(project, params[:secret]) + + return redirect_to uploader.url unless uploader.file_storage? + + uploader.retrieve_from_store!(params[:filename]) + + return not_found! unless uploader.file.exists? + + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + end +end diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index 0e03956e738..69824dca944 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -16,16 +16,16 @@ class Projects::WikisController < Projects::ApplicationController if @page render 'show' elsif file = @project_wiki.find_file(params[:id], params[:version_id]) - if file.on_disk? - send_file file.on_disk_path, disposition: 'inline' - else - send_data( - file.raw_data, - type: file.mime_type, - disposition: 'inline', - filename: file.name - ) - end + if file.on_disk? + send_file file.on_disk_path, disposition: 'inline' + else + send_data( + file.raw_data, + type: file.mime_type, + disposition: 'inline', + filename: file.name + ) + end else return render('empty') unless can?(current_user, :write_wiki, @project) @page = WikiPage.new(@project_wiki) @@ -45,7 +45,7 @@ class Projects::WikisController < Projects::ApplicationController return render('empty') unless can?(current_user, :write_wiki, @project) if @page.update(content, format, message) - redirect_to [@project, @page], notice: 'Wiki was successfully updated.' + redirect_to [@project.namespace.becomes(Namespace), @project, @page], notice: 'Wiki was successfully updated.' else render 'edit' end @@ -55,7 +55,10 @@ class Projects::WikisController < Projects::ApplicationController @page = WikiPage.new(@project_wiki) if @page.create(wiki_params) - redirect_to project_wiki_path(@project, @page), notice: 'Wiki was successfully updated.' + redirect_to( + namespace_project_wiki_path(@project.namespace, @project, @page), + notice: 'Wiki was successfully updated.' + ) else render action: "edit" end @@ -65,7 +68,10 @@ class Projects::WikisController < Projects::ApplicationController @page = @project_wiki.find_page(params[:id]) unless @page - redirect_to(project_wiki_path(@project, :home), notice: "Page not found") + redirect_to( + namespace_project_wiki_path(@project.namespace, @project, :home), + notice: "Page not found" + ) end end @@ -73,7 +79,10 @@ class Projects::WikisController < Projects::ApplicationController @page = @project_wiki.find_page(params[:id]) @page.delete if @page - redirect_to project_wiki_path(@project, :home), notice: "Page was successfully deleted" + redirect_to( + namespace_project_wiki_path(@project.namespace, @project, :home), + notice: "Page was successfully deleted" + ) end def git_access diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index f81fc29677b..5486a97e51d 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -4,26 +4,30 @@ class ProjectsController < ApplicationController before_filter :repository, except: [:new, :create] # Authorize - before_filter :authorize_read_project!, except: [:index, :new, :create] - before_filter :authorize_admin_project!, only: [:edit, :update, :destroy, :transfer, :archive, :unarchive, :retry_import] + before_filter :authorize_admin_project!, only: [:edit, :update, :destroy, :transfer, :archive, :unarchive] + before_filter :set_title, only: [:new, :create] + before_filter :event_filter, only: :show layout 'navless', only: [:new, :create, :fork] - before_filter :set_title, only: [:new, :create] def new @project = Project.new end def edit - render 'edit', layout: "project_settings" + render 'edit', layout: 'project_settings' end def create @project = ::Projects::CreateService.new(current_user, project_params).execute - flash[:notice] = 'Project was successfully created.' if @project.saved? - respond_to do |format| - format.js + if @project.saved? + redirect_to( + project_path(@project), + notice: 'Project was successfully created.' + ) + else + render 'new' end end @@ -33,67 +37,59 @@ class ProjectsController < ApplicationController respond_to do |format| if status flash[:notice] = 'Project was successfully updated.' - format.html { redirect_to edit_project_path(@project), notice: 'Project was successfully updated.' } + format.html do + redirect_to( + edit_project_path(@project), + notice: 'Project was successfully updated.' + ) + end format.js else - format.html { render "edit", layout: "project_settings" } + format.html { render 'edit', layout: 'project_settings' } format.js end end end def transfer - ::Projects::TransferService.new(project, current_user, project_params).execute + transfer_params = params.permit(:new_namespace_id) + ::Projects::TransferService.new(project, current_user, transfer_params).execute + if @project.errors[:namespace_id].present? + flash[:alert] = @project.errors[:namespace_id].first + end end def show if @project.import_in_progress? - redirect_to import_project_path(@project) + redirect_to namespace_project_import_path(@project.namespace, @project) return end - return authenticate_user! unless @project.public? || current_user - limit = (params[:limit] || 20).to_i - @events = @project.events.recent - @events = event_filter.apply_filter(@events) - @events = @events.limit(limit).offset(params[:offset] || 0) @show_star = !(current_user && current_user.starred?(@project)) respond_to do |format| format.html do - if @project.empty_repo? - render "projects/empty", layout: user_layout + if @project.repository_exists? + if @project.empty_repo? + render 'projects/empty', layout: user_layout + else + @last_push = current_user.recent_push(@project.id) if current_user + render :show, layout: user_layout + end else - @last_push = current_user.recent_push(@project.id) if current_user - render :show, layout: user_layout + render 'projects/no_repo', layout: user_layout end end - format.json { pager_json("events/_events", @events.count) } - end - end - def import - if @project.import_finished? - redirect_to @project - return - end - end - - def retry_import - unless @project.import_failed? - redirect_to import_project_path(@project) - end - - @project.import_url = project_params[:import_url] - - if @project.save - @project.reload - @project.import_retry + format.json do + @events = @project.events.recent + @events = event_filter.apply_filter(@events).with_associations + @events = @events.limit(limit).offset(params[:offset] || 0) + pager_json('events/_events', @events.count) + end end - - redirect_to import_project_path(@project) end def destroy @@ -103,10 +99,10 @@ class ProjectsController < ApplicationController respond_to do |format| format.html do - flash[:alert] = "Project deleted." + flash[:alert] = 'Project deleted.' - if request.referer.include?("/admin") - redirect_to admin_projects_path + if request.referer.include?('/admin') + redirect_to admin_namespaces_projects_path else redirect_to projects_dashboard_path end @@ -114,35 +110,21 @@ class ProjectsController < ApplicationController end end - def fork - @forked_project = ::Projects::ForkService.new(project, current_user).execute - - respond_to do |format| - format.html do - if @forked_project.saved? && @forked_project.forked? - redirect_to(@forked_project, notice: 'Project was successfully forked.') - else - @title = 'Fork project' - render "fork" - end - end - format.js - end - end - def autocomplete_sources note_type = params['type'] note_id = params['type_id'] - participants = ::Projects::ParticipantsService.new(@project).execute(note_type, note_id) + autocomplete = ::Projects::AutocompleteService.new(@project) + participants = ::Projects::ParticipantsService.new(@project, current_user).execute(note_type, note_id) + @suggestions = { - emojis: Emoji.names.map { |e| { name: e, path: view_context.image_url("emoji/#{e}.png") } }, - issues: @project.issues.select([:iid, :title, :description]), - mergerequests: @project.merge_requests.select([:iid, :title, :description]), + emojis: autocomplete_emojis, + issues: autocomplete.issues, + mergerequests: autocomplete.merge_requests, members: participants } respond_to do |format| - format.json { render :json => @suggestions } + format.json { render json: @suggestions } end end @@ -151,7 +133,7 @@ class ProjectsController < ApplicationController @project.archive! respond_to do |format| - format.html { redirect_to @project } + format.html { redirect_to project_path(@project) } end end @@ -160,19 +142,7 @@ class ProjectsController < ApplicationController @project.unarchive! respond_to do |format| - format.html { redirect_to @project } - end - end - - def upload_image - link_to_image = ::Projects::ImageService.new(repository, params, root_url).execute - - respond_to do |format| - if link_to_image - format.json { render json: { link: link_to_image } } - else - format.json { render json: "Invalid file.", status: :unprocessable_entity } - end + format.html { redirect_to project_path(@project) } end end @@ -182,30 +152,36 @@ class ProjectsController < ApplicationController render json: { star_count: @project.star_count } end - private - - def upload_path - base_dir = FileUploader.generate_dir - File.join(repository.path_with_namespace, base_dir) + def markdown_preview + render text: view_context.markdown(params[:md_text]) end - def accepted_images - %w(png jpg jpeg gif) - end + private def set_title @title = 'New Project' end def user_layout - current_user ? "projects" : "public_projects" + current_user ? 'projects' : 'public_projects' end def project_params params.require(:project).permit( :name, :path, :description, :issues_tracker, :tag_list, :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch, - :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id + :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar ) end + + def autocomplete_emojis + Rails.cache.fetch("autocomplete-emoji-#{Emoji::VERSION}") do + Emoji.names.map do |e| + { + name: e, + path: view_context.image_url("emoji/#{e}.png") + } + end + end + end end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 6d3214b70a8..38d116a4ee3 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -1,6 +1,10 @@ class RegistrationsController < Devise::RegistrationsController before_filter :signup_enabled? + def new + redirect_to(new_user_session_path) + end + def destroy current_user.destroy @@ -15,18 +19,20 @@ class RegistrationsController < Devise::RegistrationsController super end - def after_sign_up_path_for(resource) + def after_sign_up_path_for(_resource) new_user_session_path end - def after_inactive_sign_up_path_for(resource) + def after_inactive_sign_up_path_for(_resource) new_user_session_path end private def signup_enabled? - redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled + unless current_application_settings.signup_enabled? + redirect_to(new_user_session_path) + end end def sign_up_params diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 5ced98152a5..7b6982c5074 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,16 +1,16 @@ class SessionsController < Devise::SessionsController - def new - redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes') - referer_uri = URI(request.referer) - if referer_uri.host == Gitlab.config.gitlab.host - referer_uri.path - else - request.fullpath - end - else - request.fullpath - end + redirect_path = + if request.referer.present? && (params['redirect_to_referer'] == 'yes') + referer_uri = URI(request.referer) + if referer_uri.host == Gitlab.config.gitlab.host + referer_uri.path + else + request.fullpath + end + else + request.fullpath + end # Prevent a 'you are already signed in' message directly after signing: # we should never redirect to '/users/sign_in' after signing in successfully. diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index bf3312fedc8..6ac048e4b83 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -27,7 +27,7 @@ class SnippetsController < ApplicationController @snippets = SnippetsFinder.new.execute(current_user, { filter: :by_user, user: @user, - scope: params[:scope]}). + scope: params[:scope] }). page(params[:page]).per(20) if @user == current_user @@ -79,7 +79,7 @@ class SnippetsController < ApplicationController @snippet.content, type: 'text/plain; charset=utf-8', disposition: 'inline', - filename: @snippet.file_name + filename: @snippet.sanitized_file_name ) end @@ -106,6 +106,7 @@ class SnippetsController < ApplicationController def set_title @title = 'Snippets' + @title_url = snippets_path end def snippet_params diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb new file mode 100644 index 00000000000..b096c3913e1 --- /dev/null +++ b/app/controllers/uploads_controller.rb @@ -0,0 +1,24 @@ +class UploadsController < ApplicationController + skip_before_filter :authenticate_user!, :reject_blocked! + before_filter :authorize_access + + def show + model = params[:model].camelize.constantize.find(params[:id]) + uploader = model.send(params[:mounted_as]) + + return not_found! if model.respond_to?(:project) && !can?(current_user, :read_project, model.project) + + return redirect_to uploader.url unless uploader.file_storage? + + return not_found! unless uploader.file.exists? + + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + end + + def authorize_access + unless params[:mounted_as] == 'avatar' + authenticate_user! && reject_blocked! + end + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0b442f5383a..8a13394dbac 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,28 +1,43 @@ class UsersController < ApplicationController - skip_before_filter :authenticate_user!, only: [:show] + skip_before_filter :authenticate_user! + before_filter :set_user layout :determine_layout def show - @user = User.find_by_username!(params[:username]) - - unless current_user || @user.public_profile? - return authenticate_user! - end - - # Projects user can view - authorized_projects_ids = ProjectsFinder.new.execute(current_user).pluck(:id) + @contributed_projects = Project. + where(id: authorized_projects_ids & @user.contributed_projects_ids). + in_group_namespace. + includes(:namespace). + reject(&:forked?) @projects = @user.personal_projects. - where(id: authorized_projects_ids) + where(id: authorized_projects_ids).includes(:namespace) # Collect only groups common for both users @groups = @user.groups & GroupsFinder.new.execute(current_user) # Get user activity feed for projects common for both users @events = @user.recent_events. - where(project_id: authorized_projects_ids).limit(20) + where(project_id: authorized_projects_ids). + with_associations.limit(30) @title = @user.name + @title_url = user_path(@user) + + respond_to do |format| + format.html + format.atom { render layout: false } + end + end + + def calendar + projects = Project.where(id: authorized_projects_ids & @user.contributed_projects_ids) + calendar = Gitlab::CommitsCalendar.new(projects, @user) + @timestamps = calendar.timestamps + @starting_year = calendar.starting_year + @starting_month = calendar.starting_month + + render 'calendar', layout: false end def determine_layout @@ -32,4 +47,20 @@ class UsersController < ApplicationController 'public_users' end end + + private + + def set_user + @user = User.find_by_username!(params[:username]) + + unless current_user || @user.public_profile? + return authenticate_user! + end + end + + def authorized_projects_ids + # Projects user can view + @authorized_projects_ids ||= + ProjectsFinder.new.execute(current_user).pluck(:id) + end end |