diff options
| author | Phil Hughes <me@iamphill.com> | 2018-04-25 10:51:41 +0100 |
|---|---|---|
| committer | Phil Hughes <me@iamphill.com> | 2018-04-25 10:51:41 +0100 |
| commit | 9990afb92c28c94e89a1c81c8b2f2c02c04dc86b (patch) | |
| tree | aecb679c6954c85b435b9fcad5c5199cde34b9b6 /lib | |
| parent | 10bba03843c155beb58b9d054029d2083776cc56 (diff) | |
| parent | b36941bdaad03eeb5ab23235b77f1bfad0348f18 (diff) | |
| download | gitlab-ce-9990afb92c28c94e89a1c81c8b2f2c02c04dc86b.tar.gz | |
Merge branch 'master' into ide-temp-file-folder-fixes
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/helpers/notes_helpers.rb | 4 | ||||
| -rw-r--r-- | lib/api/projects.rb | 10 | ||||
| -rw-r--r-- | lib/api/users.rb | 2 | ||||
| -rw-r--r-- | lib/backup/files.rb | 2 | ||||
| -rw-r--r-- | lib/backup/helper.rb | 14 | ||||
| -rw-r--r-- | lib/backup/repository.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab.rb | 14 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/user.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/auth/o_auth/identity_linker.rb | 8 | ||||
| -rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 14 | ||||
| -rw-r--r-- | lib/gitlab/auth/omniauth_identity_linker_base.rb | 47 | ||||
| -rw-r--r-- | lib/gitlab/auth/saml/identity_linker.rb | 8 | ||||
| -rw-r--r-- | lib/gitlab/auth/saml/user.rb | 13 | ||||
| -rw-r--r-- | lib/gitlab/git.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/git/committer_with_hooks.rb (renamed from lib/gitlab/wiki/committer_with_hooks.rb) | 10 | ||||
| -rw-r--r-- | lib/gitlab/git/wiki.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/import_export/import_export.yml | 3 | ||||
| -rw-r--r-- | lib/gitlab/import_export/relation_factory.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab/user_access.rb | 8 |
19 files changed, 160 insertions, 15 deletions
diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb index cd91df1ecd8..b74b8149834 100644 --- a/lib/api/helpers/notes_helpers.rb +++ b/lib/api/helpers/notes_helpers.rb @@ -64,8 +64,10 @@ module API authorize! :create_note, noteable parent = noteable_parent(noteable) + if opts[:created_at] - opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user + opts.delete(:created_at) unless + current_user.admin? || parent.owned_by?(current_user) end project = parent if parent.is_a?(Project) diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 51b3b0459f3..8871792060b 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -74,6 +74,11 @@ module API present options[:with].prepare_relation(projects, options), options end + + def translate_params_for_compatibility(params) + params[:builds_enabled] = params.delete(:jobs_enabled) if params.key?(:jobs_enabled) + params + end end resource :users, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do @@ -123,7 +128,7 @@ module API end post do attrs = declared_params(include_missing: false) - attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled) + attrs = translate_params_for_compatibility(attrs) project = ::Projects::CreateService.new(current_user, attrs).execute if project.saved? @@ -155,6 +160,7 @@ module API not_found!('User') unless user attrs = declared_params(include_missing: false) + attrs = translate_params_for_compatibility(attrs) project = ::Projects::CreateService.new(user, attrs).execute if project.saved? @@ -276,7 +282,7 @@ module API authorize! :rename_project, user_project if attrs[:name].present? authorize! :change_visibility_level, user_project if attrs[:visibility].present? - attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled) + attrs = translate_params_for_compatibility(attrs) result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute diff --git a/lib/api/users.rb b/lib/api/users.rb index 3920171205f..14b8a796c8e 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -77,7 +77,7 @@ module API authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?) unless current_user&.admin? - params.except!(:created_after, :created_before, :order_by, :sort) + params.except!(:created_after, :created_before, :order_by, :sort, :two_factor) end users = UsersFinder.new(current_user, params).execute diff --git a/lib/backup/files.rb b/lib/backup/files.rb index 88cb7e7b5a4..9895db9e451 100644 --- a/lib/backup/files.rb +++ b/lib/backup/files.rb @@ -53,6 +53,8 @@ module Backup FileUtils.mv(files, timestamped_files_path) rescue Errno::EACCES access_denied_error(app_files_dir) + rescue Errno::EBUSY + resource_busy_error(app_files_dir) end end end diff --git a/lib/backup/helper.rb b/lib/backup/helper.rb index a1ee0faefe9..54b9ce10b4d 100644 --- a/lib/backup/helper.rb +++ b/lib/backup/helper.rb @@ -13,5 +13,19 @@ module Backup EOS raise message end + + def resource_busy_error(path) + message = <<~EOS + + ### NOTICE ### + As part of restore, the task tried to rename `#{path}` before restoring. + This could not be completed, perhaps `#{path}` is a mountpoint? + + To complete the restore, please move the contents of `#{path}` to a + different location and run the restore task again. + + EOS + raise message + end end end diff --git a/lib/backup/repository.rb b/lib/backup/repository.rb index 89e3f1d9076..65e06fd78c0 100644 --- a/lib/backup/repository.rb +++ b/lib/backup/repository.rb @@ -81,6 +81,8 @@ module Backup FileUtils.mv(files, bk_repos_path) rescue Errno::EACCES access_denied_error(path) + rescue Errno::EBUSY + resource_busy_error(path) end end end diff --git a/lib/gitlab.rb b/lib/gitlab.rb index f6629982512..c5498d0da1a 100644 --- a/lib/gitlab.rb +++ b/lib/gitlab.rb @@ -1,9 +1,19 @@ -require_dependency 'gitlab/git' +require_dependency 'gitlab/popen' module Gitlab + def self.root + Pathname.new(File.expand_path('..', __dir__)) + end + + def self.config + Settings + end + COM_URL = 'https://gitlab.com'.freeze APP_DIRS_PATTERN = %r{^/?(app|config|ee|lib|spec|\(\w*\))} SUBDOMAIN_REGEX = %r{\Ahttps://[a-z0-9]+\.gitlab\.com\z} + VERSION = File.read(root.join("VERSION")).strip.freeze + REVISION = Gitlab::Popen.popen(%W(#{config.git.bin_path} log --pretty=format:%h -n 1)).first.chomp.freeze def self.com? # Check `gl_subdomain?` as well to keep parity with gitlab.com @@ -19,6 +29,6 @@ module Gitlab end def self.dev_env_or_com? - Rails.env.test? || Rails.env.development? || org? || com? + Rails.env.development? || org? || com? end end diff --git a/lib/gitlab/auth/ldap/user.rb b/lib/gitlab/auth/ldap/user.rb index 068212d9a21..922d0567d99 100644 --- a/lib/gitlab/auth/ldap/user.rb +++ b/lib/gitlab/auth/ldap/user.rb @@ -8,6 +8,8 @@ module Gitlab module Auth module LDAP class User < Gitlab::Auth::OAuth::User + extend ::Gitlab::Utils::Override + class << self def find_by_uid_and_provider(uid, provider) identity = ::Identity.with_extern_uid(provider, uid).take @@ -29,7 +31,8 @@ module Gitlab self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider) end - def changed? + override :should_save? + def should_save? gl_user.changed? || gl_user.identities.any?(&:changed?) end @@ -41,6 +44,10 @@ module Gitlab Gitlab::Auth::LDAP::Access.allowed?(gl_user) end + def valid_sign_in? + allowed? && super + end + def ldap_config Gitlab::Auth::LDAP::Config.new(auth_hash.provider) end diff --git a/lib/gitlab/auth/o_auth/identity_linker.rb b/lib/gitlab/auth/o_auth/identity_linker.rb new file mode 100644 index 00000000000..de92d7a214d --- /dev/null +++ b/lib/gitlab/auth/o_auth/identity_linker.rb @@ -0,0 +1,8 @@ +module Gitlab + module Auth + module OAuth + class IdentityLinker < OmniauthIdentityLinkerBase + end + end + end +end diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index d0c6b0386ba..6c5d0788a0a 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -30,6 +30,10 @@ module Gitlab gl_user.try(:valid?) end + def valid_sign_in? + valid? && persisted? + end + def save(provider = 'OAuth') raise SigninDisabledForProviderError if oauth_provider_disabled? raise SignupDisabledError unless gl_user @@ -64,8 +68,18 @@ module Gitlab user end + def find_and_update! + save if should_save? + + gl_user + end + protected + def should_save? + true + end + def add_or_update_user_identities return unless gl_user diff --git a/lib/gitlab/auth/omniauth_identity_linker_base.rb b/lib/gitlab/auth/omniauth_identity_linker_base.rb new file mode 100644 index 00000000000..ae365fcdfaa --- /dev/null +++ b/lib/gitlab/auth/omniauth_identity_linker_base.rb @@ -0,0 +1,47 @@ +module Gitlab + module Auth + class OmniauthIdentityLinkerBase + attr_reader :current_user, :oauth + + def initialize(current_user, oauth) + @current_user = current_user + @oauth = oauth + @changed = false + end + + def link + save if identity.new_record? + end + + def changed? + @changed + end + + def error_message + identity.validate + + identity.errors.full_messages.join(', ') + end + + private + + def save + @changed = identity.save + end + + def identity + @identity ||= current_user.identities + .with_extern_uid(provider, uid) + .first_or_initialize(extern_uid: uid) + end + + def provider + oauth['provider'] + end + + def uid + oauth['uid'] + end + end + end +end diff --git a/lib/gitlab/auth/saml/identity_linker.rb b/lib/gitlab/auth/saml/identity_linker.rb new file mode 100644 index 00000000000..7e4b191d512 --- /dev/null +++ b/lib/gitlab/auth/saml/identity_linker.rb @@ -0,0 +1,8 @@ +module Gitlab + module Auth + module Saml + class IdentityLinker < OmniauthIdentityLinkerBase + end + end + end +end diff --git a/lib/gitlab/auth/saml/user.rb b/lib/gitlab/auth/saml/user.rb index d4024e9ec39..cb01cd8004c 100644 --- a/lib/gitlab/auth/saml/user.rb +++ b/lib/gitlab/auth/saml/user.rb @@ -7,6 +7,8 @@ module Gitlab module Auth module Saml class User < Gitlab::Auth::OAuth::User + extend ::Gitlab::Utils::Override + def save super('SAML') end @@ -21,13 +23,14 @@ module Gitlab if external_users_enabled? && user # Check if there is overlap between the user's groups and the external groups # setting then set user as external or internal. - user.external = !(auth_hash.groups & Gitlab::Auth::Saml::Config.external_groups).empty? + user.external = !(auth_hash.groups & saml_config.external_groups).empty? end user end - def changed? + override :should_save? + def should_save? return true unless gl_user gl_user.changed? || gl_user.identities.any?(&:changed?) @@ -35,12 +38,16 @@ module Gitlab protected + def saml_config + Gitlab::Auth::Saml::Config + end + def auto_link_saml_user? Gitlab.config.omniauth.auto_link_saml_user end def external_users_enabled? - !Gitlab::Auth::Saml::Config.external_groups.nil? + !saml_config.external_groups.nil? end def auth_hash=(auth_hash) diff --git a/lib/gitlab/git.rb b/lib/gitlab/git.rb index c9abea90d21..e85e87a54af 100644 --- a/lib/gitlab/git.rb +++ b/lib/gitlab/git.rb @@ -1,3 +1,5 @@ +require_dependency 'gitlab/encoding_helper' + module Gitlab module Git # The ID of empty tree. diff --git a/lib/gitlab/wiki/committer_with_hooks.rb b/lib/gitlab/git/committer_with_hooks.rb index 19f0b3814fd..a8a59f998cd 100644 --- a/lib/gitlab/wiki/committer_with_hooks.rb +++ b/lib/gitlab/git/committer_with_hooks.rb @@ -1,5 +1,5 @@ module Gitlab - module Wiki + module Git class CommitterWithHooks < Gollum::Committer attr_reader :gl_wiki @@ -9,6 +9,9 @@ module Gitlab end def commit + # TODO: Remove after 10.8 + return super unless allowed_to_run_hooks? + result = Gitlab::Git::OperationService.new(git_user, gl_wiki.repository).with_branch( @wiki.ref, start_branch_name: @wiki.ref @@ -24,6 +27,11 @@ module Gitlab private + # TODO: Remove after 10.8 + def allowed_to_run_hooks? + @options[:user_id] != 0 && @options[:username].present? + end + def git_user @git_user ||= Gitlab::Git::User.new(@options[:username], @options[:name], diff --git a/lib/gitlab/git/wiki.rb b/lib/gitlab/git/wiki.rb index 821436911ab..84a26fe4a6f 100644 --- a/lib/gitlab/git/wiki.rb +++ b/lib/gitlab/git/wiki.rb @@ -290,7 +290,7 @@ module Gitlab end def committer_with_hooks(commit_details) - Gitlab::Wiki::CommitterWithHooks.new(self, commit_details.to_h) + Gitlab::Git::CommitterWithHooks.new(self, commit_details.to_h) end def with_committer_with_hooks(commit_details, &block) diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index ec91c02dbe7..0d1c4f73c6e 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -64,6 +64,7 @@ project_tree: - :project_feature - :custom_attributes - :project_badges + - :ci_cd_settings # Only include the following attributes for the models specified. included_attributes: @@ -73,6 +74,8 @@ included_attributes: - :username author: - :name + ci_cd_settings: + - :group_runners_enabled # Do not include the following attributes for the models specified. excluded_attributes: diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb index 598832fb2df..e3e9f156fb4 100644 --- a/lib/gitlab/import_export/relation_factory.rb +++ b/lib/gitlab/import_export/relation_factory.rb @@ -17,7 +17,8 @@ module Gitlab auto_devops: :project_auto_devops, label: :project_label, custom_attributes: 'ProjectCustomAttribute', - project_badges: 'Badge' }.freeze + project_badges: 'Badge', + ci_cd_settings: 'ProjectCiCdSetting' }.freeze USER_REFERENCES = %w[author_id assignee_id updated_by_id user_id created_by_id last_edited_by_id merge_user_id resolved_by_id closed_by_id].freeze diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 69952cbb47c..8cf5d636743 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -63,10 +63,12 @@ module Gitlab request_cache def can_push_to_branch?(ref) return false unless can_access_git? - return false unless user.can?(:push_code, project) || project.branch_allows_maintainer_push?(user, ref) + return false unless project + + return false if !user.can?(:push_code, project) && !project.branch_allows_maintainer_push?(user, ref) if protected?(ProtectedBranch, project, ref) - project.user_can_push_to_empty_repo?(user) || protected_branch_accessible_to?(ref, action: :push) + protected_branch_accessible_to?(ref, action: :push) else true end @@ -101,6 +103,7 @@ module Gitlab def protected_branch_accessible_to?(ref, action:) ProtectedBranch.protected_ref_accessible_to?( ref, user, + project: project, action: action, protected_refs: project.protected_branches) end @@ -108,6 +111,7 @@ module Gitlab def protected_tag_accessible_to?(ref, action:) ProtectedTag.protected_ref_accessible_to?( ref, user, + project: project, action: action, protected_refs: project.protected_tags) end |