diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 13:29:34 +0000 | 
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 13:45:51 +0000 | 
| commit | 5dedea358dc3012b4c2a876065c16cf748fbf7ea (patch) | |
| tree | fe98aaca557bb4c1e4bced6f1a8508c63c1587a0 /lib/api | |
| parent | 3c88a7869b87693ba8c3fb9814d39437dd569a31 (diff) | |
| parent | 81dba76b9d7d120cd22e3619a4058bd4885be9bc (diff) | |
| download | gitlab-ce-5dedea358dc3012b4c2a876065c16cf748fbf7ea.tar.gz | |
Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api
- Modify policy code to work with the `DeclarativePolicy` refactor
  in 37c401433b76170f0150d70865f1f4584db01fa8.
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/commit_statuses.rb | 3 | ||||
| -rw-r--r-- | lib/api/entities.rb | 10 | ||||
| -rw-r--r-- | lib/api/features.rb | 39 | ||||
| -rw-r--r-- | lib/api/helpers/runner.rb | 3 | ||||
| -rw-r--r-- | lib/api/internal.rb | 7 | ||||
| -rw-r--r-- | lib/api/namespaces.rb | 2 | ||||
| -rw-r--r-- | lib/api/notification_settings.rb | 5 | ||||
| -rw-r--r-- | lib/api/projects.rb | 4 | ||||
| -rw-r--r-- | lib/api/users.rb | 20 | ||||
| -rw-r--r-- | lib/api/variables.rb | 2 | 
10 files changed, 72 insertions, 23 deletions
| diff --git a/lib/api/commit_statuses.rb b/lib/api/commit_statuses.rb index 10f2d5ef6a3..485b680cd5f 100644 --- a/lib/api/commit_statuses.rb +++ b/lib/api/commit_statuses.rb @@ -108,6 +108,9 @@ module API              render_api_error!('invalid state', 400)            end +          MergeRequest.where(source_project: @project, source_branch: ref) +            .update_all(head_pipeline_id: pipeline) if pipeline.latest? +            present status, with: Entities::CommitStatus          rescue StateMachines::InvalidTransition => e            render_api_error!(e.message, 400) diff --git a/lib/api/entities.rb b/lib/api/entities.rb index aa91451c9f4..cef5a0abe12 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -444,7 +444,15 @@ module API      end      class Namespace < Grape::Entity -      expose :id, :name, :path, :kind, :full_path +      expose :id, :name, :path, :kind, :full_path, :parent_id + +      expose :members_count_with_descendants, if: -> (namespace, opts) { expose_members_count_with_descendants?(namespace, opts) } do |namespace, _| +        namespace.users_with_descendants.count +      end + +      def expose_members_count_with_descendants?(namespace, opts) +        namespace.kind == 'group' && Ability.allowed?(opts[:current_user], :admin_group, namespace) +      end      end      class MemberAccess < Grape::Entity diff --git a/lib/api/features.rb b/lib/api/features.rb index cff0ba2ddff..21745916463 100644 --- a/lib/api/features.rb +++ b/lib/api/features.rb @@ -2,6 +2,29 @@ module API    class Features < Grape::API      before { authenticated_as_admin! } +    helpers do +      def gate_value(params) +        case params[:value] +        when 'true' +          true +        when '0', 'false' +          false +        else +          params[:value].to_i +        end +      end + +      def gate_target(params) +        if params[:feature_group] +          Feature.group(params[:feature_group]) +        elsif params[:user] +          User.find_by_username(params[:user]) +        else +          gate_value(params) +        end +      end +    end +      resource :features do        desc 'Get a list of all features' do          success Entities::Feature @@ -17,16 +40,22 @@ module API        end        params do          requires :value, type: String, desc: '`true` or `false` to enable/disable, an integer for percentage of time' +        optional :feature_group, type: String, desc: 'A Feature group name' +        optional :user, type: String, desc: 'A GitLab username' +        mutually_exclusive :feature_group, :user        end        post ':name' do          feature = Feature.get(params[:name]) +        target = gate_target(params) +        value = gate_value(params) -        if %w(0 false).include?(params[:value]) -          feature.disable -        elsif params[:value] == 'true' -          feature.enable +        case value +        when true +          feature.enable(target) +        when false +          feature.disable(target)          else -          feature.enable_percentage_of_time(params[:value].to_i) +          feature.enable_percentage_of_time(value)          end          present feature, with: Entities::Feature, current_user: current_user diff --git a/lib/api/helpers/runner.rb b/lib/api/helpers/runner.rb index 1369b021ea4..f8645e364ce 100644 --- a/lib/api/helpers/runner.rb +++ b/lib/api/helpers/runner.rb @@ -46,7 +46,8 @@ module API          yield if block_given? -        forbidden!('Project has been deleted!') unless job.project +        project = job.project +        forbidden!('Project has been deleted!') if project.nil? || project.pending_delete?          forbidden!('Job has been erased!') if job.erased?        end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 479ee16a611..f1c79970ba4 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -132,8 +132,11 @@ module API            return { success: false, message: 'Two-factor authentication is not enabled for this user' }          end -        codes = user.generate_otp_backup_codes! -        user.save! +        codes = nil + +        ::Users::UpdateService.new(user).execute! do |user| +          codes = user.generate_otp_backup_codes! +        end          { success: true, recovery_codes: codes }        end diff --git a/lib/api/namespaces.rb b/lib/api/namespaces.rb index 30761cb9b55..f1eaff6b0eb 100644 --- a/lib/api/namespaces.rb +++ b/lib/api/namespaces.rb @@ -17,7 +17,7 @@ module API          namespaces = namespaces.search(params[:search]) if params[:search].present? -        present paginate(namespaces), with: Entities::Namespace +        present paginate(namespaces), with: Entities::Namespace, current_user: current_user        end      end    end diff --git a/lib/api/notification_settings.rb b/lib/api/notification_settings.rb index 992ea5dc24d..5d113c94b22 100644 --- a/lib/api/notification_settings.rb +++ b/lib/api/notification_settings.rb @@ -34,7 +34,10 @@ module API            notification_setting.transaction do              new_notification_email = params.delete(:notification_email) -            current_user.update(notification_email: new_notification_email) if new_notification_email +            if new_notification_email +              ::Users::UpdateService.new(current_user, notification_email: new_notification_email).execute +            end +              notification_setting.update(declared_params(include_missing: false))            end          rescue ArgumentError => e # catch level enum error diff --git a/lib/api/projects.rb b/lib/api/projects.rb index c5df45b7902..d0bd64b2972 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -1,3 +1,5 @@ +require_dependency 'declarative_policy' +  module API    # Projects API    class Projects < Grape::API @@ -396,7 +398,7 @@ module API          use :pagination        end        get ':id/users' do -        users = user_project.team.users +        users = DeclarativePolicy.subject_scope { user_project.team.users }          users = users.search(params[:search]) if params[:search].present?          present paginate(users), with: Entities::UserBasic diff --git a/lib/api/users.rb b/lib/api/users.rb index 18ce58299e7..bad4d76b428 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -105,7 +105,7 @@ module API          authenticated_as_admin!          params = declared_params(include_missing: false) -        user = ::Users::CreateService.new(current_user, params).execute +        user = ::Users::CreateService.new(current_user, params).execute(skip_authorization: true)          if user.persisted?            present user, with: Entities::UserPublic @@ -163,7 +163,9 @@ module API          user_params[:password_expires_at] = Time.now if user_params[:password].present? -        if user.update_attributes(user_params.except(:extern_uid, :provider)) +        result = ::Users::UpdateService.new(user, user_params.except(:extern_uid, :provider)).execute + +        if result[:status] == :success            present user, with: Entities::UserPublic          else            render_validation_error!(user) @@ -241,9 +243,9 @@ module API          user = User.find_by(id: params.delete(:id))          not_found!('User') unless user -        email = user.emails.new(declared_params(include_missing: false)) +        email = Emails::CreateService.new(user, declared_params(include_missing: false)).execute -        if email.save +        if email.errors.blank?            NotificationService.new.new_email(email)            present email, with: Entities::Email          else @@ -281,8 +283,7 @@ module API          email = user.emails.find_by(id: params[:email_id])          not_found!('Email') unless email -        email.destroy -        user.update_secondary_emails! +        Emails::DestroyService.new(user, email: email.email).execute        end        desc 'Delete a user. Available only for admins.' do @@ -494,9 +495,9 @@ module API          requires :email, type: String, desc: 'The new email'        end        post "emails" do -        email = current_user.emails.new(declared_params) +        email = Emails::CreateService.new(current_user, declared_params).execute -        if email.save +        if email.errors.blank?            NotificationService.new.new_email(email)            present email, with: Entities::Email          else @@ -512,8 +513,7 @@ module API          email = current_user.emails.find_by(id: params[:email_id])          not_found!('Email') unless email -        email.destroy -        current_user.update_secondary_emails! +        Emails::DestroyService.new(current_user, email: email.email).execute        end        desc 'Get a list of user activities' diff --git a/lib/api/variables.rb b/lib/api/variables.rb index 381c4ef50b0..10374995497 100644 --- a/lib/api/variables.rb +++ b/lib/api/variables.rb @@ -45,7 +45,7 @@ module API          optional :protected, type: String, desc: 'Whether the variable is protected'        end        post ':id/variables' do -        variable = user_project.variables.create(declared(params, include_parent_namespaces: false).to_h) +        variable = user_project.variables.create(declared_params(include_missing: false))          if variable.valid?            present variable, with: Entities::Variable | 
