diff options
| author | Tomasz Maczukin <tomasz@maczukin.pl> | 2016-01-14 13:30:18 +0100 |
|---|---|---|
| committer | Tomasz Maczukin <tomasz@maczukin.pl> | 2016-01-14 13:30:18 +0100 |
| commit | 405b82af230921db7b1510183063b126ef908e46 (patch) | |
| tree | 74fcf1452c271f5ee97c7ad139d4ae91b2c37766 /lib | |
| parent | 6a98fb03e708070641f9fce0eaad761e859a5099 (diff) | |
| parent | f981da44ab88012db984e1457170067b345660c1 (diff) | |
| download | gitlab-ce-405b82af230921db7b1510183063b126ef908e46.tar.gz | |
Merge branch 'master' into ci/api-builds
* master: (51 commits)
Fix version
Fix specs and rubocop warnings
Improve the consistency of commit titles, branch names, tag names, issue/MR titles, on their respective project pages
fixed LDAP activation on login to use new ldap_blocked state
Fix Admin/Users view to position buttons without spacing magic
Update to Go 1.5.3
Fix the undefinded variable error in Project's safe_import_url method
Update CHANGELOG [ci skip]
Add some cosmetic changes to variables API documentation [ci skip]
Fix misaligned edit button in milestone collection partial
Update button styles for Milestones#show
Modify builds API documentation style [ci skip]
Modify :ci_variable factory
Ensure the API doesn't return notes that the current user shouldn't see
Add 'Build' prefix to Variables entry name in API docs index
Fix some typos
Add spec for Note#cross_reference_not_visible_for?
Remove (invalid) timestamp formatting
Move `BroadcastMessage#status` to a helper since it's presentational
Update CHANGELOG
...
Conflicts:
doc/api/README.md
lib/api/api.rb
lib/api/entities.rb
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/api.rb | 1 | ||||
| -rw-r--r-- | lib/api/entities.rb | 4 | ||||
| -rw-r--r-- | lib/api/notes.rb | 21 | ||||
| -rw-r--r-- | lib/api/users.rb | 14 | ||||
| -rw-r--r-- | lib/api/variables.rb | 95 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 6 |
6 files changed, 131 insertions, 10 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 1a1340c428c..7efe0a0262f 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -55,5 +55,6 @@ module API mount Tags mount Triggers mount Builds + mount Variables end end diff --git a/lib/api/entities.rb b/lib/api/entities.rb index b403d3c5032..cce46886672 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -393,5 +393,9 @@ module API end expose :runner, with: Runner end + + class Variable < Grape::Entity + expose :key, :value + end end end diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 3efdfe2d46e..174473f5371 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -20,7 +20,19 @@ module API # GET /projects/:id/snippets/:noteable_id/notes get ":id/#{noteables_str}/:#{noteable_id_str}/notes" do @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"]) - present paginate(@noteable.notes), with: Entities::Note + + # We exclude notes that are cross-references and that cannot be viewed + # by the current user. By doing this exclusion at this level and not + # at the DB query level (which we cannot in that case), the current + # page can have less elements than :per_page even if + # there's more than one page. + notes = + # paginate() only works with a relation. This could lead to a + # mismatch between the pagination headers info and the actual notes + # array returned, but this is really a edge-case. + paginate(@noteable.notes). + reject { |n| n.cross_reference_not_visible_for?(current_user) } + present notes, with: Entities::Note end # Get a single +noteable+ note @@ -35,7 +47,12 @@ module API get ":id/#{noteables_str}/:#{noteable_id_str}/notes/:note_id" do @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"]) @note = @noteable.notes.find(params[:note_id]) - present @note, with: Entities::Note + + if @note.cross_reference_not_visible_for?(current_user) + not_found!("Note") + else + present @note, with: Entities::Note + end end # Create a new +noteable+ note diff --git a/lib/api/users.rb b/lib/api/users.rb index 0d7813428e2..fd2128bd179 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -284,10 +284,12 @@ module API authenticated_as_admin! user = User.find_by(id: params[:id]) - if user + if !user + not_found!('User') + elsif !user.ldap_blocked? user.block else - not_found!('User') + forbidden!('LDAP blocked users cannot be modified by the API') end end @@ -299,10 +301,12 @@ module API authenticated_as_admin! user = User.find_by(id: params[:id]) - if user - user.activate - else + if !user not_found!('User') + elsif user.ldap_blocked? + forbidden!('LDAP blocked users cannot be unblocked by the API') + else + user.activate end end end diff --git a/lib/api/variables.rb b/lib/api/variables.rb new file mode 100644 index 00000000000..d9a055f6c92 --- /dev/null +++ b/lib/api/variables.rb @@ -0,0 +1,95 @@ +module API + # Projects variables API + class Variables < Grape::API + before { authenticate! } + before { authorize_admin_project } + + resource :projects do + # Get project variables + # + # Parameters: + # id (required) - The ID of a project + # page (optional) - The page number for pagination + # per_page (optional) - The value of items per page to show + # Example Request: + # GET /projects/:id/variables + get ':id/variables' do + variables = user_project.variables + present paginate(variables), with: Entities::Variable + end + + # Get specific variable of a project + # + # Parameters: + # id (required) - The ID of a project + # key (required) - The `key` of variable + # Example Request: + # GET /projects/:id/variables/:key + get ':id/variables/:key' do + key = params[:key] + variable = user_project.variables.find_by(key: key.to_s) + + return not_found!('Variable') unless variable + + present variable, with: Entities::Variable + end + + # Create a new variable in project + # + # Parameters: + # id (required) - The ID of a project + # key (required) - The key of variable + # value (required) - The value of variable + # Example Request: + # POST /projects/:id/variables + post ':id/variables' do + required_attributes! [:key, :value] + + variable = user_project.variables.create(key: params[:key], value: params[:value]) + + if variable.valid? + present variable, with: Entities::Variable + else + render_validation_error!(variable) + end + end + + # Update existing variable of a project + # + # Parameters: + # id (required) - The ID of a project + # key (optional) - The `key` of variable + # value (optional) - New value for `value` field of variable + # Example Request: + # PUT /projects/:id/variables/:key + put ':id/variables/:key' do + variable = user_project.variables.find_by(key: params[:key].to_s) + + return not_found!('Variable') unless variable + + attrs = attributes_for_keys [:value] + if variable.update(attrs) + present variable, with: Entities::Variable + else + render_validation_error!(variable) + end + end + + # Delete existing variable of a project + # + # Parameters: + # id (required) - The ID of a project + # key (required) - The ID of a variable + # Example Request: + # DELETE /projects/:id/variables/:key + delete ':id/variables/:key' do + variable = user_project.variables.find_by(key: params[:key].to_s) + + return not_found!('Variable') unless variable + variable.destroy + + present variable, with: Entities::Variable + end + end + end +end diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index b2bdbc10d7f..da4435c7308 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -37,15 +37,15 @@ module Gitlab # Block user in GitLab if he/she was blocked in AD if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) - user.block + user.ldap_block false else - user.activate if user.blocked? && !ldap_config.block_auto_created_users + user.activate if user.ldap_blocked? true end else # Block the user if they no longer exist in LDAP/AD - user.block + user.ldap_block false end rescue |