diff options
45 files changed, 479 insertions, 30 deletions
diff --git a/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js b/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js index 57ec6603d80..4d05f46ed17 100644 --- a/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js +++ b/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js @@ -96,6 +96,11 @@ export default class FilteredSearchDropdownManager { gl: DropdownNonUser, element: this.container.querySelector('#js-dropdown-wip'), }, + confidential: { + reference: null, + gl: DropdownNonUser, + element: this.container.querySelector('#js-dropdown-confidential'), + }, status: { reference: null, gl: NullDropdown, diff --git a/app/assets/javascripts/filtered_search/filtered_search_token_keys.js b/app/assets/javascripts/filtered_search/filtered_search_token_keys.js index b70da240833..48534bdf815 100644 --- a/app/assets/javascripts/filtered_search/filtered_search_token_keys.js +++ b/app/assets/javascripts/filtered_search/filtered_search_token_keys.js @@ -72,6 +72,23 @@ export default class FilteredSearchTokenKeys { ); } + addExtraTokensForIssues() { + const confidentialToken = { + key: 'confidential', + type: 'string', + param: '', + symbol: '', + icon: 'eye-slash', + tag: 'Yes or No', + lowercaseValueOnSubmit: true, + uppercaseTokenName: false, + capitalizeTokenValue: true, + }; + + this.tokenKeys.push(confidentialToken); + this.tokenKeysWithAlternative.push(confidentialToken); + } + addExtraTokensForMergeRequests() { const wipToken = { key: 'wip', diff --git a/app/assets/javascripts/pages/groups/issues/index.js b/app/assets/javascripts/pages/groups/issues/index.js index 736c6a62610..21ec3f9f9ba 100644 --- a/app/assets/javascripts/pages/groups/issues/index.js +++ b/app/assets/javascripts/pages/groups/issues/index.js @@ -4,6 +4,8 @@ import { FILTERED_SEARCH } from '~/pages/constants'; import IssuableFilteredSearchTokenKeys from '~/filtered_search/issuable_filtered_search_token_keys'; document.addEventListener('DOMContentLoaded', () => { + IssuableFilteredSearchTokenKeys.addExtraTokensForIssues(); + initFilteredSearch({ page: FILTERED_SEARCH.ISSUES, isGroupDecendent: true, diff --git a/app/assets/javascripts/pages/projects/issues/index/index.js b/app/assets/javascripts/pages/projects/issues/index/index.js index a56c0bb6be8..bb91e38cb64 100644 --- a/app/assets/javascripts/pages/projects/issues/index/index.js +++ b/app/assets/javascripts/pages/projects/issues/index/index.js @@ -9,6 +9,8 @@ import { FILTERED_SEARCH } from '~/pages/constants'; import { ISSUABLE_INDEX } from '~/pages/projects/constants'; document.addEventListener('DOMContentLoaded', () => { + IssuableFilteredSearchTokenKeys.addExtraTokensForIssues(); + initFilteredSearch({ page: FILTERED_SEARCH.ISSUES, filteredSearchTokenKeys: IssuableFilteredSearchTokenKeys, diff --git a/app/assets/javascripts/releases/store/actions.js b/app/assets/javascripts/releases/store/actions.js index baa2251403e..b5c4d54ac33 100644 --- a/app/assets/javascripts/releases/store/actions.js +++ b/app/assets/javascripts/releases/store/actions.js @@ -11,7 +11,7 @@ export const requestReleases = ({ commit }) => commit(types.REQUEST_RELEASES); /** * Fetches the main endpoint. * Will dispatch requestNamespace action before starting the request. - * Will dispatch receiveNamespaceSuccess if the request is successfull + * Will dispatch receiveNamespaceSuccess if the request is successful * Will dispatch receiveNamesapceError if the request returns an error * * @param {String} projectId diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb index 3bd91b71d92..68a2a83f0de 100644 --- a/app/controllers/clusters/clusters_controller.rb +++ b/app/controllers/clusters/clusters_controller.rb @@ -24,7 +24,7 @@ class Clusters::ClustersController < Clusters::BaseController # Note: We are paginating through an array here but this should OK as: # # In CE, we can have a maximum group nesting depth of 21, so including - # project cluster, we can have max 22 clusters for a group hierachy. + # project cluster, we can have max 22 clusters for a group hierarchy. # In EE (Premium) we can have any number, as multiple clusters are # supported, but the number of clusters are fairly low currently. # diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 07d0bf16d93..c529aabf797 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -91,6 +91,7 @@ module IssuableCollections options = { scope: params[:scope], state: params[:state], + confidential: Gitlab::Utils.to_boolean(params[:confidential]), sort: set_sort_order } diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb index 5572c3cee2d..57e444319e0 100644 --- a/app/controllers/concerns/lfs_request.rb +++ b/app/controllers/concerns/lfs_request.rb @@ -123,7 +123,7 @@ module LfsRequest (authentication_abilities || []).include?(capability) end - # Overriden in EE + # Overridden in EE def limit_exceeded? false end diff --git a/app/finders/group_descendants_finder.rb b/app/finders/group_descendants_finder.rb index 96a36db7ec8..ec340f38450 100644 --- a/app/finders/group_descendants_finder.rb +++ b/app/finders/group_descendants_finder.rb @@ -134,7 +134,7 @@ class GroupDescendantsFinder def subgroups return Group.none unless Group.supports_nested_objects? - # When filtering subgroups, we want to find all matches withing the tree of + # When filtering subgroups, we want to find all matches within the tree of # descendants to show to the user groups = if params[:filter] subgroups_matching_filter diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb index a0504ca0879..cb44575d6f1 100644 --- a/app/finders/issues_finder.rb +++ b/app/finders/issues_finder.rb @@ -69,7 +69,16 @@ class IssuesFinder < IssuableFinder end def filter_items(items) - by_due_date(super) + issues = super + issues = by_due_date(issues) + issues = by_confidential(issues) + issues + end + + def by_confidential(items) + return items if params[:confidential].nil? + + params[:confidential] ? items.confidential_only : items.public_only end def by_due_date(items) diff --git a/app/helpers/count_helper.rb b/app/helpers/count_helper.rb index 13839474e1f..62bb2e4da23 100644 --- a/app/helpers/count_helper.rb +++ b/app/helpers/count_helper.rb @@ -13,7 +13,7 @@ module CountHelper # memberships, and deducting 1 for each root of the fork network. # This might be inacurate as the root of the fork network might have been deleted. # - # This makes querying this information a lot more effecient and it should be + # This makes querying this information a lot more efficient and it should be # accurate enough for the instance wide statistics def approximate_fork_count_with_delimiters(count_data) fork_network_count = count_data[ForkNetwork] diff --git a/app/models/ci/build_trace_chunk.rb b/app/models/ci/build_trace_chunk.rb index da08214963f..33e61cd2111 100644 --- a/app/models/ci/build_trace_chunk.rb +++ b/app/models/ci/build_trace_chunk.rb @@ -18,7 +18,7 @@ module Ci FailedToPersistDataError = Class.new(StandardError) # Note: The ordering of this enum is related to the precedence of persist store. - # The bottom item takes the higest precedence, and the top item takes the lowest precedence. + # The bottom item takes the highest precedence, and the top item takes the lowest precedence. enum data_store: { redis: 1, database: 2, diff --git a/app/models/concerns/fast_destroy_all.rb b/app/models/concerns/fast_destroy_all.rb index 1e3afd641ed..f862031bce0 100644 --- a/app/models/concerns/fast_destroy_all.rb +++ b/app/models/concerns/fast_destroy_all.rb @@ -11,7 +11,7 @@ # it is difficult to accomplish it. # # This module defines a format to use `delete_all` and delete associated external data. -# Here is an exmaple +# Here is an example # # Situation # - `Project` has many `Ci::BuildTraceChunk` through `Ci::Build` diff --git a/app/models/concerns/iid_routes.rb b/app/models/concerns/iid_routes.rb index b7f99e845ca..3eeb29b6595 100644 --- a/app/models/concerns/iid_routes.rb +++ b/app/models/concerns/iid_routes.rb @@ -4,7 +4,7 @@ module IidRoutes ## # This automagically enforces all related routes to use `iid` instead of `id` # If you want to use `iid` for some routes and `id` for other routes, this module should not to be included, - # instead you should define `iid` or `id` explictly at each route generators. e.g. pipeline_path(project.id, pipeline.iid) + # instead you should define `iid` or `id` explicitly at each route generators. e.g. pipeline_path(project.id, pipeline.iid) def to_param iid.to_s end diff --git a/app/models/issue.rb b/app/models/issue.rb index 182c5d3d4b0..0b46e949052 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -66,6 +66,7 @@ class Issue < ActiveRecord::Base scope :preload_associations, -> { preload(:labels, project: :namespace) } scope :public_only, -> { where(confidential: false) } + scope :confidential_only, -> { where(confidential: true) } after_save :expire_etag_cache after_save :ensure_metrics, unless: :imported? diff --git a/app/models/notification_recipient.rb b/app/models/notification_recipient.rb index 9f16eefe074..481c1d963c6 100644 --- a/app/models/notification_recipient.rb +++ b/app/models/notification_recipient.rb @@ -153,7 +153,7 @@ class NotificationRecipient user.global_notification_setting end - # Returns the notificaton_setting of the lowest group in hierarchy with non global level + # Returns the notification_setting of the lowest group in hierarchy with non global level def closest_non_global_group_notification_settting return unless @group return if indexed_group_notification_settings.empty? diff --git a/app/models/project.rb b/app/models/project.rb index 58254eb1bc9..83f8d004a46 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -248,10 +248,10 @@ class Project < ActiveRecord::Base has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent has_many :commit_statuses - # The relation :all_pipelines is intented to be used when we want to get the + # The relation :all_pipelines is intended to be used when we want to get the # whole list of pipelines associated to the project has_many :all_pipelines, class_name: 'Ci::Pipeline', inverse_of: :project - # The relation :ci_pipelines is intented to be used when we want to get only + # The relation :ci_pipelines is intended to be used when we want to get only # those pipeline which are directly related to CI. There are # other pipelines, like webide ones, that we won't retrieve # if we use this relation. @@ -1215,7 +1215,7 @@ class Project < ActiveRecord::Base "#{web_url}.git" end - # Is overriden in EE + # Is overridden in EE def lfs_http_url_to_repo(_) http_url_to_repo end diff --git a/app/services/ci/create_pipeline_service.rb b/app/services/ci/create_pipeline_service.rb index c4f69175de3..35a0efcd0a1 100644 --- a/app/services/ci/create_pipeline_service.rb +++ b/app/services/ci/create_pipeline_service.rb @@ -112,10 +112,10 @@ module Ci def extra_options(options = {}) # In Ruby 2.4, even when options is empty, f(**options) doesn't work when f # doesn't have any parameters. We reproduce the Ruby 2.5 behavior by - # checking explicitely that no arguments are given. + # checking explicitly that no arguments are given. raise ArgumentError if options.any? - {} # overriden in EE + {} # overridden in EE end end end diff --git a/app/services/ci/pipeline_trigger_service.rb b/app/services/ci/pipeline_trigger_service.rb index 4ba3f5fb8ba..2dbb7c3917d 100644 --- a/app/services/ci/pipeline_trigger_service.rb +++ b/app/services/ci/pipeline_trigger_service.rb @@ -38,11 +38,11 @@ module Ci end def create_pipeline_from_job(job) - # overriden in EE + # overridden in EE end def job_from_token - # overriden in EE + # overridden in EE end def variables diff --git a/app/services/git_push_service.rb b/app/services/git_push_service.rb index 092fd64574d..f387c749a21 100644 --- a/app/services/git_push_service.rb +++ b/app/services/git_push_service.rb @@ -235,6 +235,6 @@ class GitPushService < BaseService private def pipeline_options - {} # to be overriden in EE + {} # to be overridden in EE end end diff --git a/app/services/git_tag_push_service.rb b/app/services/git_tag_push_service.rb index 6fef5b3ed1d..e39b3603c6c 100644 --- a/app/services/git_tag_push_service.rb +++ b/app/services/git_tag_push_service.rb @@ -61,6 +61,6 @@ class GitTagPushService < BaseService end def pipeline_options - {} # to be overriden in EE + {} # to be overridden in EE end end diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb index 55a3b9fa7b1..99ead467f74 100644 --- a/app/services/groups/create_service.rb +++ b/app/services/groups/create_service.rb @@ -33,7 +33,7 @@ module Groups private def after_build_hook(group, params) - # overriden in EE + # overridden in EE end def create_chat_team? diff --git a/app/services/groups/update_service.rb b/app/services/groups/update_service.rb index 9ff1da270e2..787445180f0 100644 --- a/app/services/groups/update_service.rb +++ b/app/services/groups/update_service.rb @@ -31,7 +31,7 @@ module Groups private def before_assignment_hook(group, params) - # overriden in EE + # overridden in EE end def after_update diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb index ec6c306227b..ea8ac7e4656 100644 --- a/app/services/system_note_service.rb +++ b/app/services/system_note_service.rb @@ -360,7 +360,7 @@ module SystemNoteService # author - User performing the change # branch_type - 'source' or 'target' # old_branch - old branch name - # new_branch - new branch nmae + # new_branch - new branch name # # Example Note text: # diff --git a/app/views/shared/issuable/_search_bar.html.haml b/app/views/shared/issuable/_search_bar.html.haml index 588659c7e9c..bdba47ed14d 100644 --- a/app/views/shared/issuable/_search_bar.html.haml +++ b/app/views/shared/issuable/_search_bar.html.haml @@ -128,6 +128,14 @@ %li.filter-dropdown-item{ data: { value: 'no', capitalize: true } } %button.btn.btn-link{ type: 'button' } = _('No') + #js-dropdown-confidential.filtered-search-input-dropdown-menu.dropdown-menu + %ul.filter-dropdown{ data: { dropdown: true } } + %li.filter-dropdown-item{ data: { value: 'yes', capitalize: true } } + %button.btn.btn-link{ type: 'button' } + = _('Yes') + %li.filter-dropdown-item{ data: { value: 'no', capitalize: true } } + %button.btn.btn-link{ type: 'button' } + = _('No') = render_if_exists 'shared/issuable/filter_weight', type: type diff --git a/changelogs/unreleased/api-issuable-bulk-update.yml b/changelogs/unreleased/api-issuable-bulk-update.yml new file mode 100644 index 00000000000..3d4e96f9d1b --- /dev/null +++ b/changelogs/unreleased/api-issuable-bulk-update.yml @@ -0,0 +1,5 @@ +--- +title: 'API: Bulk update for issues and MRs' +merge_request: 25201 +author: Robert Schilling +type: added diff --git a/changelogs/unreleased/filter-confidential-issues.yml b/changelogs/unreleased/filter-confidential-issues.yml new file mode 100644 index 00000000000..83f19a57aab --- /dev/null +++ b/changelogs/unreleased/filter-confidential-issues.yml @@ -0,0 +1,5 @@ +--- +title: Ability to filter confidential issues +merge_request: 24960 +author: Robert Schilling +type: added diff --git a/changelogs/unreleased/sh-fix-cpp-templates-404.yml b/changelogs/unreleased/sh-fix-cpp-templates-404.yml new file mode 100644 index 00000000000..ac958d84099 --- /dev/null +++ b/changelogs/unreleased/sh-fix-cpp-templates-404.yml @@ -0,0 +1,5 @@ +--- +title: Fix 404s when C++ .gitignore template selected +merge_request: 25416 +author: +type: fixed diff --git a/doc/api/issues.md b/doc/api/issues.md index 0571f280d2a..d8b2ff07e30 100644 --- a/doc/api/issues.md +++ b/doc/api/issues.md @@ -32,6 +32,7 @@ GET /issues?author_id=5 GET /issues?assignee_id=5 GET /issues?my_reaction_emoji=star GET /issues?search=foo&in=title +GET /issues?confidential=true ``` | Attribute | Type | Required | Description | @@ -52,6 +53,7 @@ GET /issues?search=foo&in=title | `created_before` | datetime | no | Return issues created on or before the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time | +| `confidential ` | Boolean | no | Filter confidential or public issues. | ```bash curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/issues @@ -148,6 +150,7 @@ GET /groups/:id/issues?search=issue+title+or+description GET /groups/:id/issues?author_id=5 GET /groups/:id/issues?assignee_id=5 GET /groups/:id/issues?my_reaction_emoji=star +GET /groups/:id/issues?confidential=true ``` | Attribute | Type | Required | Description | @@ -168,6 +171,7 @@ GET /groups/:id/issues?my_reaction_emoji=star | `created_before` | datetime | no | Return issues created on or before the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time | +| `confidential ` | Boolean | no | Filter confidential or public issues. | ```bash curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/4/issues @@ -264,6 +268,7 @@ GET /projects/:id/issues?search=issue+title+or+description GET /projects/:id/issues?author_id=5 GET /projects/:id/issues?assignee_id=5 GET /projects/:id/issues?my_reaction_emoji=star +GET /projects/:id/issues?confidential=true ``` | Attribute | Type | Required | Description | @@ -284,6 +289,8 @@ GET /projects/:id/issues?my_reaction_emoji=star | `created_before` | datetime | no | Return issues created on or before the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time | +| `confidential ` | Boolean | no | Filter confidential or public issues. | + ```bash curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues @@ -639,6 +646,37 @@ Example response: **Note**: The `closed_by` attribute was [introduced in GitLab 10.6][ce-17042]. This value will only be present for issues which were closed after GitLab 10.6 and when the user account that closed the issue still exists. +## Bulk update issues + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21368) in GitLab 11.9. + +Update multiple issues using a single API call. Returns the number of successfully updated issues. + +``` +PUT /projects/:id/issues/bulk_update +``` + +| Attribute | Type | Required | Description **** | +|----------------|---------|----------|------------------------------------------------------------------------------------------------------------| +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. | +| `issuable_ids` | Array[integer] | yes | The IDs of issues to be updated. | +| `assignee_ids` | Array[integer] | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. | +| `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.| +| `add_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. | +| `remove_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. | +| `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it. | +| `subscription_event` | string | no | The subscription_event event of an issue. Set `subscribe` to subscribe to the issue and `unsubscribe` to unsubscribe from it. | + +```bash +curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues/bulk_update?issuable_ids[]=1&issuable_ids[]=2&state_event=close +``` + +Example response: + +```json +{ "message": "2 issues updated" } +``` + ## Delete an issue Only for admins and project owners. Soft deletes the issue in question. diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md index e176cdffc5f..ba47e507b79 100644 --- a/doc/api/merge_requests.md +++ b/doc/api/merge_requests.md @@ -956,6 +956,37 @@ Must include at least one non-required attribute from above. } ``` +## Bulk update merge requests + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21368) in GitLab 11.9. + +Update multiple merge requests using a single API call. Returns the number of successfully updated merge requests. + +``` +PUT /projects/:id/merge_requests/bulk_update +``` + +| Attribute | Type | Required | Description **** | +|----------------|---------|----------|------------------------------------------------------------------------------------------------------------| +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. | +| `issuable_ids` | Array[integer] | yes | The IDs of merge requests to be updated. | +| `assignee_ids` | Array[integer] | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. | +| `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.| +| `add_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. | +| `remove_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. | +| `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it. | +| `subscription_event` | string | no | The subscription_event event of an issue. Set `subscribe` to subscribe to the issue and `unsubscribe` to unsubscribe from it. | + +```bash +curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/merge_requests/bulk_update?issuable_ids[]=1&issuable_ids[]=2&state_event=close +``` + +Example response: + +```json +{ "message": "2 merge_requests updated" } +``` + ## Delete a merge request Only for admins and project owners. Soft deletes the merge request in question. diff --git a/lib/api/api.rb b/lib/api/api.rb index 4dd1b459554..3bcf5150b43 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -115,6 +115,7 @@ module API mount ::API::GroupVariables mount ::API::ImportGithub mount ::API::Internal + mount ::API::IssuableBulkUpdate mount ::API::Issues mount ::API::JobArtifacts mount ::API::Jobs diff --git a/lib/api/issuable_bulk_update.rb b/lib/api/issuable_bulk_update.rb new file mode 100644 index 00000000000..5ac6c252d96 --- /dev/null +++ b/lib/api/issuable_bulk_update.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +module API + class IssuableBulkUpdate < Grape::API + params do + requires :id, type: String, desc: 'The ID of a project' + end + resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do + %w(issue merge_request).each do |issuable| + desc "Updates a list of #{issuable.pluralize}" do + detail 'This feature was introduced in 11.9' + end + params do + requires :issuable_ids, type: Array[Integer], desc: "Array of #{issuable.pluralize} IDs to be updated" + optional :state_event, type: String, values: %w(reopen close), desc: 'Reopens or closes a resource' + optional :milestone_id, type: Integer, desc: 'The milestone ID number' + optional :add_label_ids, type: Array[Integer], desc: 'IDs of labels to be added' + optional :remove_label_ids, type: Array[Integer], desc: 'IDs of labels to be removed' + optional :subscription_event, type: String, values: %w(subscribe unsubscribe), + desc: 'Subscribes or unsubscribes from a resource' + + if issuable == 'issue' + optional :assignee_ids, type: Array[Integer], desc: 'List of assignee IDs' + at_least_one_of :state_event, :milestone_id, :add_label_ids, :remove_label_ids, + :subscription_event, :assignee_ids + else + optional :assignee_id, type: Integer, desc: 'ID of the assignee' + at_least_one_of :state_event, :milestone_id, :add_label_ids, :remove_label_ids, + :subscription_event, :assignee_id + end + end + put ":id/#{issuable.pluralize}/bulk_update" do + authorize! :"admin_#{issuable}", user_project + + update_params = declared_params(include_missing: false) + + result = Issuable::BulkUpdateService.new(user_project, current_user, update_params) + .execute(issuable) + + if result[:success] + status 200 + quantity = result[:count] + { message: "#{quantity} #{issuable.pluralize(quantity)} updated" } + else + render_api_error!('Bulk update failed', 400) + end + end + end + end + end +end diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 94ed9ac6fb1..f43f4d961d6 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -54,6 +54,7 @@ module API optional :scope, type: String, values: %w[created-by-me assigned-to-me created_by_me assigned_to_me all], desc: 'Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`' optional :my_reaction_emoji, type: String, desc: 'Return issues reacted by the authenticated user by the given emoji' + optional :confidential, type: Boolean, desc: 'Filter confidential or public issues' use :pagination use :issues_params_ee diff --git a/lib/api/project_templates.rb b/lib/api/project_templates.rb index d05ddad7466..119902a189c 100644 --- a/lib/api/project_templates.rb +++ b/lib/api/project_templates.rb @@ -36,7 +36,10 @@ module API optional :project, type: String, desc: 'The project name to use when expanding placeholders in the template. Only affects licenses' optional :fullname, type: String, desc: 'The full name of the copyright holder to use when expanding placeholders in the template. Only affects licenses' end - get ':id/templates/:type/:name', requirements: { name: /[\w\.-]+/ } do + # The regex is needed to ensure a period (e.g. agpl-3.0) + # isn't confused with a format type. We also need to allow encoded + # values (e.g. C%2B%2B for C++), so allow % and + as well. + get ':id/templates/:type/:name', requirements: { name: /[\w%.+-]+/ } do template = TemplateFinder .build(params[:type], user_project, name: params[:name]) .execute diff --git a/spec/controllers/concerns/issuable_collections_spec.rb b/spec/controllers/concerns/issuable_collections_spec.rb index 307c5d60c57..8580900215c 100644 --- a/spec/controllers/concerns/issuable_collections_spec.rb +++ b/spec/controllers/concerns/issuable_collections_spec.rb @@ -112,7 +112,8 @@ describe IssuableCollections do assignee_username: 'user1', author_id: '2', author_username: 'user2', - authorized_only: 'true', + authorized_only: 'yes', + confidential: true, due_date: '2017-01-01', group_id: '3', iids: '4', @@ -140,6 +141,7 @@ describe IssuableCollections do 'assignee_username' => 'user1', 'author_id' => '2', 'author_username' => 'user2', + 'confidential' => true, 'label_name' => 'foo', 'milestone_title' => 'bar', 'my_reaction_emoji' => 'thumbsup', diff --git a/spec/features/issues/filtered_search/dropdown_hint_spec.rb b/spec/features/issues/filtered_search/dropdown_hint_spec.rb index 0e296ab2109..096756f19cc 100644 --- a/spec/features/issues/filtered_search/dropdown_hint_spec.rb +++ b/spec/features/issues/filtered_search/dropdown_hint_spec.rb @@ -66,7 +66,7 @@ describe 'Dropdown hint', :js do it 'filters with text' do filtered_search.set('a') - expect(find(js_dropdown_hint)).to have_selector('.filter-dropdown .filter-dropdown-item', count: 4) + expect(find(js_dropdown_hint)).to have_selector('.filter-dropdown .filter-dropdown-item', count: 5) end end @@ -119,6 +119,15 @@ describe 'Dropdown hint', :js do expect_tokens([{ name: 'my-reaction' }]) expect_filtered_search_input_empty end + + it 'opens the yes-no dropdown when you click on confidential' do + click_hint('confidential') + + expect(page).to have_css(js_dropdown_hint, visible: false) + expect(page).to have_css('#js-dropdown-confidential', visible: true) + expect_tokens([{ name: 'confidential' }]) + expect_filtered_search_input_empty + end end describe 'selecting from dropdown with some input' do diff --git a/spec/features/issues/filtered_search/search_bar_spec.rb b/spec/features/issues/filtered_search/search_bar_spec.rb index 8abab3f35d6..c4468922883 100644 --- a/spec/features/issues/filtered_search/search_bar_spec.rb +++ b/spec/features/issues/filtered_search/search_bar_spec.rb @@ -100,7 +100,7 @@ describe 'Search bar', :js do find('.filtered-search-box .clear-search').click filtered_search.click - expect(find('#js-dropdown-hint')).to have_selector('.filter-dropdown .filter-dropdown-item', count: 5) + expect(find('#js-dropdown-hint')).to have_selector('.filter-dropdown .filter-dropdown-item', count: 6) expect(get_left_style(find('#js-dropdown-hint')['style'])).to eq(hint_offset) end end diff --git a/spec/features/issues/gfm_autocomplete_spec.rb b/spec/features/issues/gfm_autocomplete_spec.rb index c22ad0d20ef..986f3823275 100644 --- a/spec/features/issues/gfm_autocomplete_spec.rb +++ b/spec/features/issues/gfm_autocomplete_spec.rb @@ -278,7 +278,7 @@ describe 'GFM autocomplete', :js do end end - # This context has jsut one example in each contexts in order to improve spec performance. + # This context has just one example in each contexts in order to improve spec performance. context 'labels', :quarantine do let!(:backend) { create(:label, project: project, title: 'backend') } let!(:bug) { create(:label, project: project, title: 'bug') } diff --git a/spec/features/projects/blobs/edit_spec.rb b/spec/features/projects/blobs/edit_spec.rb index 6e6c299ee2e..1522a3361a1 100644 --- a/spec/features/projects/blobs/edit_spec.rb +++ b/spec/features/projects/blobs/edit_spec.rb @@ -77,7 +77,7 @@ describe 'Editing file blob', :js do click_link 'Preview' wait_for_requests - # the above generates two seperate lists (not embedded) in CommonMark + # the above generates two separate lists (not embedded) in CommonMark expect(page).to have_content("sublist") expect(page).not_to have_xpath("//ol//li//ul") end diff --git a/spec/features/projects/wiki/markdown_preview_spec.rb b/spec/features/projects/wiki/markdown_preview_spec.rb index 49244c53a91..49058d1372a 100644 --- a/spec/features/projects/wiki/markdown_preview_spec.rb +++ b/spec/features/projects/wiki/markdown_preview_spec.rb @@ -170,7 +170,7 @@ describe 'Projects > Wiki > User previews markdown changes', :js do fill_in :wiki_content, with: "1. one\n - sublist\n" click_on "Preview" - # the above generates two seperate lists (not embedded) in CommonMark + # the above generates two separate lists (not embedded) in CommonMark expect(page).to have_content("sublist") expect(page).not_to have_xpath("//ol//li//ul") end diff --git a/spec/finders/issues_finder_spec.rb b/spec/finders/issues_finder_spec.rb index fe8000e419b..47e2548c3d6 100644 --- a/spec/finders/issues_finder_spec.rb +++ b/spec/finders/issues_finder_spec.rb @@ -490,6 +490,32 @@ describe IssuesFinder do end end + context 'filtering by confidential' do + set(:confidential_issue) { create(:issue, project: project1, confidential: true) } + + context 'no filtering' do + it 'returns all issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, confidential_issue) + end + end + + context 'user filters confidential issues' do + let(:params) { { confidential: true } } + + it 'returns only confdential issues' do + expect(issues).to contain_exactly(confidential_issue) + end + end + + context 'user filters only public issues' do + let(:params) { { confidential: false } } + + it 'returns only confdential issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4) + end + end + end + context 'when the user is unauthorized' do let(:search_user) { nil } @@ -556,7 +582,7 @@ describe IssuesFinder do it 'returns the number of rows for the default state' do finder = described_class.new(user) - expect(finder.row_count).to eq(4) + expect(finder.row_count).to eq(5) end it 'returns the number of rows for a given state' do diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index 5d18e085a6f..6101df2e099 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -765,6 +765,15 @@ describe Issue do end end + describe '.confidential_only' do + it 'only returns confidential_only issues' do + create(:issue) + confidential_issue = create(:issue, confidential: true) + + expect(described_class.confidential_only).to eq([confidential_issue]) + end + end + it_behaves_like 'throttled touch' do subject { create(:issue, updated_at: 1.hour.ago) } end diff --git a/spec/requests/api/issuable_bulk_update_spec.rb b/spec/requests/api/issuable_bulk_update_spec.rb new file mode 100644 index 00000000000..6463f3f5d35 --- /dev/null +++ b/spec/requests/api/issuable_bulk_update_spec.rb @@ -0,0 +1,154 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe API::IssuableBulkUpdate do + set(:project) { create(:project) } + set(:user) { project.creator } + + shared_examples "PUT /projects/:id/:issuable/bulk_update" do |issuable| + def bulk_update(issuable, issuables, params, update_user = user) + put api("/projects/#{project.id}/#{issuable.pluralize}/bulk_update", update_user), + params: { issuable_ids: Array(issuables).map(&:id) }.merge(params) + end + + context 'with not enough permissions' do + it 'returns 403 for guest users' do + guest = create(:user) + project.add_guest(guest) + + bulk_update(issuable, issuables, { state_event: 'close' }, guest) + + expect(response).to have_gitlab_http_status(403) + end + end + + context 'when modifying the state' do + it "closes #{issuable}" do + bulk_update(issuable, issuables, { state_event: 'close' }) + + expect(response).to have_gitlab_http_status(200) + expect(json_response['message']).to eq("#{issuables.count} #{issuable.pluralize(issuables.count)} updated") + expect(project.public_send(issuable.pluralize).opened).to be_empty + expect(project.public_send(issuable.pluralize).closed).not_to be_empty + end + + it "opens #{issuable}" do + closed_issuables = create_list("closed_#{issuable}".to_sym, 2) + + bulk_update(issuable, closed_issuables, { state_event: 'reopen' }) + + expect(response).to have_gitlab_http_status(200) + expect(project.public_send(issuable.pluralize).closed).to be_empty + end + end + + context 'when modifying the milestone' do + let(:milestone) { create(:milestone, project: project) } + + it "adds a milestone #{issuable}" do + bulk_update(issuable, issuables, { milestone_id: milestone.id }) + + expect(response).to have_gitlab_http_status(200) + issuables.each do |issuable| + expect(issuable.reload.milestone).to eq(milestone) + end + end + + it 'removes a milestone' do + issuables.first.milestone = milestone + milestone_issuable = issuables.first + + bulk_update(issuable, [milestone_issuable], { milestone_id: 0 }) + + expect(response).to have_gitlab_http_status(200) + expect(milestone_issuable.reload.milestone).to eq(nil) + end + end + + context 'when modifying the subscription state' do + it "subscribes to #{issuable}" do + bulk_update(issuable, issuables, { subscription_event: 'subscribe' }) + + expect(response).to have_gitlab_http_status(200) + expect(issuables).to all(be_subscribed(user, project)) + end + + it 'unsubscribes from issues' do + issuables.each do |issuable| + issuable.subscriptions.create(user: user, project: project, subscribed: true) + end + + bulk_update(issuable, issuables, { subscription_event: 'unsubscribe' }) + + expect(response).to have_gitlab_http_status(200) + issuables.each do |issuable| + expect(issuable).not_to be_subscribed(user, project) + end + end + end + + context 'when modifying the assignee' do + it 'adds assignee to issues' do + params = issuable == 'issue' ? { assignee_ids: [user.id] } : { assignee_id: user.id } + + bulk_update(issuable, issuables, params) + + expect(response).to have_gitlab_http_status(200) + issuables.each do |issuable| + expect(issuable.reload.assignees).to eq([user]) + end + end + + it 'removes assignee' do + assigned_issuable = issuables.first + + if issuable == 'issue' + params = { assignee_ids: 0 } + assigned_issuable.assignees << user + else + params = { assignee_id: 0 } + assigned_issuable.update_attribute(:assignee, user) + end + + bulk_update(issuable, [assigned_issuable], params) + expect(assigned_issuable.reload.assignees).to eq([]) + end + end + + context 'when modifying labels' do + let(:bug) { create(:label, project: project) } + let(:regression) { create(:label, project: project) } + let(:feature) { create(:label, project: project) } + + it 'adds new labels' do + bulk_update(issuable, issuables, { add_label_ids: [bug.id, regression.id, feature.id] }) + + issuables.each do |issusable| + expect(issusable.reload.label_ids).to contain_exactly(bug.id, regression.id, feature.id) + end + end + + it 'removes labels' do + labled_issuable = issuables.first + labled_issuable.labels << bug + labled_issuable.labels << regression + labled_issuable.labels << feature + + bulk_update(issuable, [labled_issuable], { remove_label_ids: [bug.id, regression.id] }) + + expect(labled_issuable.reload.label_ids).to contain_exactly(feature.id) + end + end + end + + it_behaves_like 'PUT /projects/:id/:issuable/bulk_update', 'issue' do + let(:issuables) { create_list(:issue, 2, project: project) } + end + + it_behaves_like 'PUT /projects/:id/:issuable/bulk_update', 'merge_request' do + let(:merge_request_1) { create(:merge_request, source_project: project) } + let(:merge_request_2) { create(:merge_request, :simple, source_project: project) } + let(:issuables) { [merge_request_1, merge_request_2] } + end +end diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb index d10ee6cc320..1a4be2bd30f 100644 --- a/spec/requests/api/issues_spec.rb +++ b/spec/requests/api/issues_spec.rb @@ -183,6 +183,18 @@ describe API::Issues do expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id]) end + it 'returns only confidential issues' do + get api('/issues', user), params: { confidential: true, scope: 'all' } + + expect_paginated_array_response(confidential_issue.id) + end + + it 'returns only public issues' do + get api('/issues', user), params: { confidential: false } + + expect_paginated_array_response([issue.id, closed_issue.id]) + end + it 'returns issues reacted by the authenticated user' do issue2 = create(:issue, project: project, author: user, assignees: [user]) create(:award_emoji, awardable: issue2, user: user2, name: 'star') @@ -557,6 +569,18 @@ describe API::Issues do expect_paginated_array_response([group_confidential_issue.id, group_issue.id]) end + it 'returns only confidential issues' do + get api(base_url, user), params: { confidential: true } + + expect_paginated_array_response(group_confidential_issue.id) + end + + it 'returns only public issues' do + get api(base_url, user), params: { confidential: false } + + expect_paginated_array_response([group_closed_issue.id, group_issue.id]) + end + it 'returns an array of labeled group issues' do get api(base_url, user), params: { labels: group_label.title } @@ -782,6 +806,18 @@ describe API::Issues do expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id]) end + it 'returns only confidential issues' do + get api("#{base_url}/issues", author), params: { confidential: true } + + expect_paginated_array_response(confidential_issue.id) + end + + it 'returns only public issues' do + get api("#{base_url}/issues", author), params: { confidential: false } + + expect_paginated_array_response([issue.id, closed_issue.id]) + end + it 'returns project confidential issues for assignee' do get api("#{base_url}/issues", assignee) diff --git a/spec/requests/api/project_templates_spec.rb b/spec/requests/api/project_templates_spec.rb index ab5d4de7ff7..80e5033dab4 100644 --- a/spec/requests/api/project_templates_spec.rb +++ b/spec/requests/api/project_templates_spec.rb @@ -92,6 +92,22 @@ describe API::ProjectTemplates do expect(json_response['name']).to eq('Actionscript') end + it 'returns C++ gitignore' do + get api("/projects/#{public_project.id}/templates/gitignores/C++") + + expect(response).to have_gitlab_http_status(200) + expect(response).to match_response_schema('public_api/v4/template') + expect(json_response['name']).to eq('C++') + end + + it 'returns C++ gitignore for URL-encoded names' do + get api("/projects/#{public_project.id}/templates/gitignores/C%2B%2B") + + expect(response).to have_gitlab_http_status(200) + expect(response).to match_response_schema('public_api/v4/template') + expect(json_response['name']).to eq('C++') + end + it 'returns a specific gitlab_ci_yml' do get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls/Android") @@ -125,6 +141,18 @@ describe API::ProjectTemplates do expect(response).to have_gitlab_http_status(200) expect(response).to match_response_schema('public_api/v4/license') end + + shared_examples 'path traversal attempt' do |template_type| + it 'rejects invalid filenames' do + get api("/projects/#{public_project.id}/templates/#{template_type}/%2e%2e%2fPython%2ea") + + expect(response).to have_gitlab_http_status(500) + end + end + + TemplateFinder::VENDORED_TEMPLATES.each do |template_type, _| + it_behaves_like 'path traversal attempt', template_type + end end describe 'GET /projects/:id/templates/licenses/:key' do |