Merge remote-tracking branch 'origin/master' into ci-permissions

# Conflicts: # app/views/projects/builds/index.html.haml
author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-02-04 13:16:48 +0100
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2016-02-04 13:16:48 +0100
commit: 6fea7c386ff27e5081ff3532b06f71d29eee956b (patch)
tree: e1a1035725399135e86a6341c8349dfdab417107 /lib/api
parent: d231b6b9182ce9f68f267af0a073136c898f6892 (diff)
parent: e933a50b6b8e7feec76bcc71313c14736967cd7a (diff)
download: gitlab-ce-6fea7c386ff27e5081ff3532b06f71d29eee956b.tar.gz
4 files changed, 43 insertions, 10 deletions
diff --git a/lib/api/files.rb b/lib/api/files.rb
index 8ad2c1883c7..c1d86f313b0 100644
--- a/lib/api/files.rb
+++ b/lib/api/files.rb
@@ -58,9 +58,11 @@ module API
         commit = user_project.commit(ref)
         not_found! 'Commit' unless commit
 
-        blob = user_project.repository.blob_at(commit.sha, file_path)
+        repo = user_project.repository
+        blob = repo.blob_at(commit.sha, file_path)
 
         if blob
+          blob.load_all_data!(repo)
           status(200)
 
           {
@@ -72,7 +74,7 @@ module API
             ref: ref,
             blob_id: blob.id,
             commit_id: commit.id,
-            last_commit_id: user_project.repository.last_commit_for_path(commit.sha, file_path).id
+            last_commit_id: repo.last_commit_for_path(commit.sha, file_path).id
           }
         else
           not_found! 'File'
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 9dacf7c1e86..a72044e8058 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -30,7 +30,7 @@ module API
     end
 
     def sudo_identifier()
-      identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER]
+      identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
 
       # Regex for integers
       if !!(identifier =~ /^[0-9]+$/)
@@ -344,12 +344,22 @@ module API
 
     def pagination_links(paginated_data)
       request_url = request.url.split('?').first
+      request_params = params.clone
+      request_params[:per_page] = paginated_data.limit_value
 
       links = []
-      links << %(<#{request_url}?page=#{paginated_data.current_page - 1}&per_page=#{paginated_data.limit_value}>; rel="prev") unless paginated_data.first_page?
-      links << %(<#{request_url}?page=#{paginated_data.current_page + 1}&per_page=#{paginated_data.limit_value}>; rel="next") unless paginated_data.last_page?
-      links << %(<#{request_url}?page=1&per_page=#{paginated_data.limit_value}>; rel="first")
-      links << %(<#{request_url}?page=#{paginated_data.total_pages}&per_page=#{paginated_data.limit_value}>; rel="last")
+
+      request_params[:page] = paginated_data.current_page - 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="prev") unless paginated_data.first_page?
+
+      request_params[:page] = paginated_data.current_page + 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="next") unless paginated_data.last_page?
+
+      request_params[:page] = 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="first")
+
+      request_params[:page] = paginated_data.total_pages
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="last")
 
       links.join(', ')
     end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 6e7a7672070..252744515da 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -3,6 +3,8 @@ module API
   class Issues < Grape::API
     before { authenticate! }
 
+    helpers ::Gitlab::AkismetHelper
+
     helpers do
       def filter_issues_state(issues, state)
         case state
@@ -19,6 +21,17 @@ module API
       def filter_issues_milestone(issues, milestone)
         issues.includes(:milestone).where('milestones.title' => milestone)
       end
+
+      def create_spam_log(project, current_user, attrs)
+        params = attrs.merge({
+          source_ip: env['REMOTE_ADDR'],
+          user_agent: env['HTTP_USER_AGENT'],
+          noteable_type: 'Issue',
+          via_api: true
+        })
+
+        ::CreateSpamLogService.new(project, current_user, params).execute
+      end
     end
 
     resource :issues do
@@ -114,7 +127,15 @@ module API
           render_api_error!({ labels: errors }, 400)
         end
 
-        issue = ::Issues::CreateService.new(user_project, current_user, attrs).execute
+        project = user_project
+        text = [attrs[:title], attrs[:description]].reject(&:blank?).join("\n")
+
+        if check_for_spam?(project, current_user) && is_spam?(env, current_user, text)
+          create_spam_log(project, current_user, attrs)
+          render_api_error!({ error: 'Spam detected' }, 400)
+        end
+
+        issue = ::Issues::CreateService.new(project, current_user, attrs).execute
 
         if issue.valid?
           # Find or create labels and attach to issue. Labels are valid because
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index d7c48639eba..c95d2d2001d 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -57,7 +57,7 @@ module API
         not_found! "File" unless blob
 
         content_type 'text/plain'
-        present blob.data
+        header *Gitlab::Workhorse.send_git_blob(repo, blob)
       end
 
       # Get a raw blob contents by blob sha
@@ -83,7 +83,7 @@ module API
         env['api.format'] = :txt
 
         content_type blob.mime_type
-        present blob.data
+        header *Gitlab::Workhorse.send_git_blob(repo, blob)
       end
 
       # Get a an archive of the repository
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-02-04 13:16:48 +0100
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2016-02-04 13:16:48 +0100
commit	6fea7c386ff27e5081ff3532b06f71d29eee956b (patch)
tree	e1a1035725399135e86a6341c8349dfdab417107 /lib/api
parent	d231b6b9182ce9f68f267af0a073136c898f6892 (diff)
parent	e933a50b6b8e7feec76bcc71313c14736967cd7a (diff)
download	gitlab-ce-6fea7c386ff27e5081ff3532b06f71d29eee956b.tar.gz