diff options
Diffstat (limited to 'app/controllers')
25 files changed, 68 insertions, 95 deletions
diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb index 68e14f0c2e5..7d8016f763d 100644 --- a/app/controllers/abuse_reports_controller.rb +++ b/app/controllers/abuse_reports_controller.rb @@ -16,7 +16,7 @@ class AbuseReportsController < ApplicationController if @abuse_report.save @abuse_report.notify - message = "Thank you for your report. A GitLab administrator will look into it shortly." + message = _("Thank you for your report. A GitLab administrator will look into it shortly.") redirect_to @abuse_report.user, notice: message else render :new @@ -37,9 +37,9 @@ class AbuseReportsController < ApplicationController @user = User.find_by(id: params[:user_id]) if @user.nil? - redirect_to root_path, alert: "Cannot create the abuse report. The user has been deleted." + redirect_to root_path, alert: _("Cannot create the abuse report. The user has been deleted.") elsif @user.blocked? - redirect_to @user, alert: "Cannot create the abuse report. This user has been blocked." + redirect_to @user, alert: _("Cannot create the abuse report. This user has been blocked.") end end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index ab792cf7403..b681949ab36 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -124,7 +124,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController end def visible_application_setting_attributes - ApplicationSettingsHelper.visible_attributes + [ + [ + *::ApplicationSettingsHelper.visible_attributes, + *::ApplicationSettingsHelper.external_authorization_service_attributes, :domain_blacklist_file, disabled_oauth_sign_in_sources: [], import_sources: [], diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b7eb6af6d67..d5f1e35a79b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -293,7 +293,7 @@ class ApplicationController < ActionController::Base unless Gitlab::Auth::LDAP::Access.allowed?(current_user) sign_out current_user - flash[:alert] = "Access denied for your LDAP account." + flash[:alert] = _("Access denied for your LDAP account.") redirect_to new_user_session_path end end @@ -340,7 +340,7 @@ class ApplicationController < ActionController::Base def require_email if current_user && current_user.temp_oauth_email? && session[:impersonator_id].nil? - return redirect_to profile_path, notice: 'Please complete your profile with email address' + return redirect_to profile_path, notice: _('Please complete your profile with email address') end end diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 85aeecbf90b..065d2d3a4ec 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -192,12 +192,7 @@ module IssuableActions def bulk_update_params permitted_keys_array = permitted_keys.dup - - if resource_name == 'issue' - permitted_keys_array << { assignee_ids: [] } - else - permitted_keys_array.unshift(:assignee_id) - end + permitted_keys_array << { assignee_ids: [] } params.require(:update).permit(permitted_keys_array) end diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 6d6e0cc6c7f..91e875dca54 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -190,15 +190,15 @@ module IssuableCollections end end + # rubocop:disable Gitlab/ModuleWithInstanceVariables def preload_for_collection + common_attributes = [:author, :assignees, :labels, :milestone] @preload_for_collection ||= case collection_type when 'Issue' - [:project, :author, :assignees, :labels, :milestone, project: :namespace] + common_attributes + [:project, project: :namespace] when 'MergeRequest' - [ - :target_project, :author, :assignee, :labels, :milestone, - source_project: :route, head_pipeline: :project, target_project: :namespace, latest_merge_request_diff: :merge_request_diff_commits - ] + common_attributes + [:target_project, source_project: :route, head_pipeline: :project, target_project: :namespace, latest_merge_request_diff: :merge_request_diff_commits] end end + # rubocop:enable Gitlab/ModuleWithInstanceVariables end diff --git a/app/controllers/concerns/project_unauthorized.rb b/app/controllers/concerns/project_unauthorized.rb index f59440dbc59..d42363b8b17 100644 --- a/app/controllers/concerns/project_unauthorized.rb +++ b/app/controllers/concerns/project_unauthorized.rb @@ -1,10 +1,21 @@ # frozen_string_literal: true module ProjectUnauthorized - extend ActiveSupport::Concern - - # EE would override this def project_unauthorized_proc - # no-op + lambda do |project| + if project + label = project.external_authorization_classification_label + rejection_reason = nil + + unless ::Gitlab::ExternalAuthorization.access_allowed?(current_user, label) + rejection_reason = ::Gitlab::ExternalAuthorization.rejection_reason(current_user, label) + rejection_reason ||= _('External authorization denied access to this project') + end + + if rejection_reason + access_denied!(rejection_reason) + end + end + end end end diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index 2c4aab67448..2ae500a2fdf 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -22,7 +22,7 @@ class ConfirmationsController < Devise::ConfirmationsController after_sign_in(resource) else Gitlab::AppLogger.info("Email Confirmed: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip}") - flash[:notice] = flash[:notice] + " Please sign in." + flash[:notice] = flash[:notice] + _(" Please sign in.") new_session_path(:user, anchor: 'login-pane') end end diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb index 0a47736cad8..70811f5ea59 100644 --- a/app/controllers/dashboard/projects_controller.rb +++ b/app/controllers/dashboard/projects_controller.rb @@ -14,8 +14,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController respond_to do |format| format.html do - # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/37434 - # Also https://gitlab.com/gitlab-org/gitlab-ce/issues/40260 + # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/40260 Gitlab::GitalyClient.allow_n_plus_1_calls do render end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index a9d6addd4a4..10cdce98437 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -22,7 +22,7 @@ class HelpController < ApplicationController end def show - @path = clean_path_info(path_params[:path]) + @path = Rack::Utils.clean_path_info(path_params[:path]) respond_to do |format| format.any(:markdown, :md, :html) do @@ -75,35 +75,4 @@ class HelpController < ApplicationController params end - - PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact) - - # Taken from ActionDispatch::FileHandler - # Cleans up the path, to prevent directory traversal outside the doc folder. - def clean_path_info(path_info) - parts = path_info.split(PATH_SEPS) - - clean = [] - - # Walk over each part of the path - parts.each do |part| - # Turn `one//two` or `one/./two` into `one/two`. - next if part.empty? || part == '.' - - if part == '..' - # Turn `one/two/../` into `one` - clean.pop - else - # Add simple folder names to the clean path. - clean << part - end - end - - # If the path was an absolute path (i.e. `/` or `/one/two`), - # add `/` to the front of the clean path. - clean.unshift '/' if parts.empty? || parts.first.empty? - - # Join all the clean path parts by the path separator. - ::File.join(*clean) - end end diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 315d1375e02..a78d87eceea 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -13,9 +13,9 @@ class InvitesController < ApplicationController if member.accept_invite!(current_user) label, path = source_info(member.source) - redirect_to path, notice: "You have been granted #{member.human_access} access to #{label}." + redirect_to path, notice: _("You have been granted %{member_human_access} access to %{label}.") % { member_human_access: member.human_access, label: label } else - redirect_back_or_default(options: { alert: "The invitation could not be accepted." }) + redirect_back_or_default(options: { alert: _("The invitation could not be accepted.") }) end end @@ -30,9 +30,9 @@ class InvitesController < ApplicationController new_user_session_path end - redirect_to path, notice: "You have declined the invitation to join #{label}." + redirect_to path, notice: _("You have declined the invitation to join %{label}.") % { label: label } else - redirect_back_or_default(options: { alert: "The invitation could not be declined." }) + redirect_back_or_default(options: { alert: _("The invitation could not be declined.") }) end end diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index e90e8278c13..d9b3b4bbbd9 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -105,11 +105,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def redirect_identity_link_failed(error_message) - redirect_to profile_account_path, notice: "Authentication failed: #{error_message}" + redirect_to profile_account_path, notice: _("Authentication failed: %{error_message}") % { error_message: error_message } end def redirect_identity_linked - redirect_to profile_account_path, notice: 'Authentication method updated' + redirect_to profile_account_path, notice: _('Authentication method updated') end def handle_service_ticket(provider, ticket) @@ -147,10 +147,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def handle_signup_error label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider']) - message = ["Signing in using your #{label} account without a pre-existing GitLab account is not allowed."] + message = [_("Signing in using your %{label} account without a pre-existing GitLab account is not allowed.") % { label: label }] if Gitlab::CurrentSettings.allow_signup? - message << "Create a GitLab account first, and then connect it to your #{label} account." + message << _("Create a GitLab account first, and then connect it to your %{label} account.") % { label: label } end flash[:notice] = message.join(' ') @@ -168,14 +168,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def fail_auth0_login - flash[:alert] = 'Wrong extern UID provided. Make sure Auth0 is configured correctly.' + flash[:alert] = _('Wrong extern UID provided. Make sure Auth0 is configured correctly.') redirect_to new_user_session_path end def handle_disabled_provider label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider']) - flash[:alert] = "Signing in using #{label} has been disabled" + flash[:alert] = _("Signing in using %{label} has been disabled") % { label: label } redirect_to new_user_session_path end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 28f113b5cbe..77de5cb45c9 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -22,7 +22,7 @@ class PasswordsController < Devise::PasswordsController ).first_or_initialize unless user.reset_password_period_valid? - flash[:alert] = 'Your password reset token has expired.' + flash[:alert] = _('Your password reset token has expired.') redirect_to(new_user_password_url(user_email: user['email'])) end end @@ -52,7 +52,7 @@ class PasswordsController < Devise::PasswordsController end redirect_to after_sending_reset_password_instructions_path_for(resource_name), - alert: "Password authentication is unavailable." + alert: _("Password authentication is unavailable.") end def throttle_reset diff --git a/app/controllers/profiles/chat_names_controller.rb b/app/controllers/profiles/chat_names_controller.rb index 2e78b9e6dc7..80b8279e91e 100644 --- a/app/controllers/profiles/chat_names_controller.rb +++ b/app/controllers/profiles/chat_names_controller.rb @@ -15,9 +15,9 @@ class Profiles::ChatNamesController < Profiles::ApplicationController new_chat_name = current_user.chat_names.new(chat_name_params) if new_chat_name.save - flash[:notice] = "Authorized #{new_chat_name.chat_name}" + flash[:notice] = _("Authorized %{new_chat_name}") % { new_chat_name: new_chat_name.chat_name } else - flash[:alert] = "Could not authorize chat nickname. Try again!" + flash[:alert] = _("Could not authorize chat nickname. Try again!") end delete_chat_name_token @@ -27,7 +27,7 @@ class Profiles::ChatNamesController < Profiles::ApplicationController def deny delete_chat_name_token - flash[:notice] = "Denied authorization of chat nickname #{chat_name_params[:user_name]}." + flash[:notice] = _("Denied authorization of chat nickname %{user_name}.") % { user_name: chat_name_params[:user_name] } redirect_to profile_chat_names_path end @@ -36,9 +36,9 @@ class Profiles::ChatNamesController < Profiles::ApplicationController @chat_name = chat_names.find(params[:id]) if @chat_name.destroy - flash[:notice] = "Deleted chat nickname: #{@chat_name.chat_name}!" + flash[:notice] = _("Deleted chat nickname: %{chat_name}!") % { chat_name: @chat_name.chat_name } else - flash[:alert] = "Could not delete chat nickname #{@chat_name.chat_name}." + flash[:alert] = _("Could not delete chat nickname %{chat_name}.") % { chat_name: @chat_name.chat_name } end redirect_to profile_chat_names_path, status: :found diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 4b6ec2697b7..213d900a563 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -11,7 +11,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController if @personal_access_token.save PersonalAccessToken.redis_store!(current_user.id, @personal_access_token.token) - redirect_to profile_personal_access_tokens_path, notice: "Your new personal access token has been created." + redirect_to profile_personal_access_tokens_path, notice: _("Your new personal access token has been created.") else set_index_vars render :index @@ -22,9 +22,9 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController @personal_access_token = finder.find(params[:id]) if @personal_access_token.revoke! - flash[:notice] = "Revoked personal access token #{@personal_access_token.name}!" + flash[:notice] = _("Revoked personal access token %{personal_access_token_name}!") % { personal_access_token_name: @personal_access_token.name } else - flash[:alert] = "Could not revoke personal access token #{@personal_access_token.name}." + flash[:alert] = _("Could not revoke personal access token %{personal_access_token_name}.") % { personal_access_token_name: @personal_access_token.name } end redirect_to profile_personal_access_tokens_path diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb index 0227af2c266..0e30df1b15b 100644 --- a/app/controllers/profiles/preferences_controller.rb +++ b/app/controllers/profiles/preferences_controller.rb @@ -11,13 +11,13 @@ class Profiles::PreferencesController < Profiles::ApplicationController result = Users::UpdateService.new(current_user, preferences_params.merge(user: user)).execute if result[:status] == :success - flash[:notice] = 'Preferences saved.' + flash[:notice] = _('Preferences saved.') else - flash[:alert] = 'Failed to save preferences.' + flash[:alert] = _('Failed to save preferences.') end rescue ArgumentError => e # Raised when `dashboard` is given an invalid value. - flash[:alert] = "Failed to save preferences (#{e.message})." + flash[:alert] = _("Failed to save preferences (%{error_message}).") % { error_message: e.message } end respond_to do |format| diff --git a/app/controllers/profiles/u2f_registrations_controller.rb b/app/controllers/profiles/u2f_registrations_controller.rb index e6a154fb6aa..866c4dee6e2 100644 --- a/app/controllers/profiles/u2f_registrations_controller.rb +++ b/app/controllers/profiles/u2f_registrations_controller.rb @@ -4,6 +4,6 @@ class Profiles::U2fRegistrationsController < Profiles::ApplicationController def destroy u2f_registration = current_user.u2f_registrations.find(params[:id]) u2f_registration.destroy - redirect_to profile_two_factor_auth_path, status: 302, notice: "Successfully deleted U2F device." + redirect_to profile_two_factor_auth_path, status: 302, notice: _("Successfully deleted U2F device.") end end diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 6ff2e222489..9c31ae6376a 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -25,7 +25,7 @@ class Projects::BranchesController < Projects::ApplicationController @refs_pipelines = @project.ci_pipelines.latest_successful_for_refs(@branches.map(&:name)) @merged_branch_names = repository.merged_branch_names(@branches.map(&:name)) - # n+1: https://gitlab.com/gitlab-org/gitaly/issues/992 + # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/48097 Gitlab::GitalyClient.allow_n_plus_1_calls do @max_commits = @branches.reduce(0) do |memo, branch| diverging_commit_counts = repository.diverging_commit_counts(branch) diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index 301449cfa90..e35f34be23c 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -193,7 +193,7 @@ class Projects::EnvironmentsController < Projects::ApplicationController return unless Feature.enabled?(:metrics_time_window, project) return unless params[:start].present? || params[:end].present? - params.require([:start, :end]).values_at(:start, :end) + params.require([:start, :end]) end def search_environment_names diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index 6045ee4e171..eb469d2d714 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -20,7 +20,6 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont def merge_request_params_attributes [ :allow_collaboration, - :assignee_id, :description, :force_remove_source_branch, :lock_version, @@ -35,6 +34,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont :title, :discussion_locked, label_ids: [], + assignee_ids: [], update_task: [:index, :checked, :line_number, :line_source] ] end diff --git a/app/controllers/projects/tags/releases_controller.rb b/app/controllers/projects/tags/releases_controller.rb index 334e1847cc8..5e4c601a693 100644 --- a/app/controllers/projects/tags/releases_controller.rb +++ b/app/controllers/projects/tags/releases_controller.rb @@ -12,16 +12,13 @@ class Projects::Tags::ReleasesController < Projects::ApplicationController end def update - # Release belongs to Tag which is not active record object, - # it exists only to save a description to each Tag. - # If description is empty we should destroy the existing record. if release_params[:description].present? release.update(release_params) else release.destroy end - redirect_to project_tag_path(@project, @tag.name) + redirect_to project_tag_path(@project, tag.name) end private @@ -30,11 +27,10 @@ class Projects::Tags::ReleasesController < Projects::ApplicationController @tag ||= @repository.find_tag(params[:tag_id]) end - # rubocop: disable CodeReuse/ActiveRecord def release - @release ||= @project.releases.find_or_initialize_by(tag: @tag.name) + @release ||= Releases::CreateService.new(project, current_user, tag: @tag.name) + .find_or_build_release end - # rubocop: enable CodeReuse/ActiveRecord def release_params params.require(:release).permit(:description) diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 89dc43a48a1..62b97fc2590 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -345,6 +345,7 @@ class ProjectsController < Projects::ApplicationController :container_registry_enabled, :default_branch, :description, + :external_authorization_classification_label, :import_url, :issues_tracker, :issues_tracker_id, diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 8b8d87524a8..0fa4677ced1 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -27,7 +27,7 @@ class RegistrationsController < Devise::RegistrationsController persist_accepted_terms_if_required(new_user) end else - flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' + flash[:alert] = s_('Profiles|There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.') flash.delete :recaptcha_error render action: 'new' end diff --git a/app/controllers/root_controller.rb b/app/controllers/root_controller.rb index 7b6657e1196..f1b39125a48 100644 --- a/app/controllers/root_controller.rb +++ b/app/controllers/root_controller.rb @@ -15,7 +15,7 @@ class RootController < Dashboard::ProjectsController before_action :redirect_logged_user, if: -> { current_user.present? } def index - # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/37434 + # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/40260 Gitlab::GitalyClient.allow_n_plus_1_calls do super end diff --git a/app/controllers/sent_notifications_controller.rb b/app/controllers/sent_notifications_controller.rb index 2b76921ebd8..77757c4a3ef 100644 --- a/app/controllers/sent_notifications_controller.rb +++ b/app/controllers/sent_notifications_controller.rb @@ -16,7 +16,7 @@ class SentNotificationsController < ApplicationController noteable = @sent_notification.noteable noteable.unsubscribe(@sent_notification.recipient, @sent_notification.project) - flash[:notice] = "You have been unsubscribed from this thread." + flash[:notice] = _("You have been unsubscribed from this thread.") if current_user redirect_to noteable_path(noteable) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 4bd7d71e264..6943795e8ac 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -70,7 +70,7 @@ class SessionsController < Devise::SessionsController increment_failed_login_captcha_counter self.resource = resource_class.new - flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' + flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.') flash.delete :recaptcha_error respond_with_navigational(resource) { render :new } @@ -122,7 +122,7 @@ class SessionsController < Devise::SessionsController end redirect_to edit_user_password_path(reset_password_token: @token), - notice: "Please create a password for your new account." + notice: _("Please create a password for your new account.") end # rubocop: enable CodeReuse/ActiveRecord |