diff options
Diffstat (limited to 'lib/api')
35 files changed, 389 insertions, 189 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 62ffebeacb0..5139e869c71 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -78,6 +78,14 @@ module API rack_response({ 'message' => '404 Not found' }.to_json, 404) end + rescue_from UploadedFile::InvalidPathError do |e| + rack_response({ 'message' => e.message }.to_json, 400) + end + + rescue_from ObjectStorage::RemoteStoreError do |e| + rack_response({ 'message' => e.message }.to_json, 500) + end + # Retain 405 error rather than a 500 error for Grape 0.15.0+. # https://github.com/ruby-grape/grape/blob/a3a28f5b5dfbb2797442e006dbffd750b27f2a76/UPGRADING.md#changes-to-method-not-allowed-routes rescue_from Grape::Exceptions::MethodNotAllowed do |e| @@ -146,6 +154,7 @@ module API mount ::API::ProjectHooks mount ::API::Projects mount ::API::ProjectMilestones + mount ::API::ProjectSnapshots mount ::API::ProjectSnippets mount ::API::ProtectedBranches mount ::API::Repositories diff --git a/lib/api/badges.rb b/lib/api/badges.rb index 334948b2995..8ceffe9c5ef 100644 --- a/lib/api/badges.rb +++ b/lib/api/badges.rb @@ -127,6 +127,7 @@ module API end destroy_conditionally!(badge) + body false end end end diff --git a/lib/api/discussions.rb b/lib/api/discussions.rb index 6abd575b6ad..13c34e3473a 100644 --- a/lib/api/discussions.rb +++ b/lib/api/discussions.rb @@ -5,11 +5,12 @@ module API before { authenticate! } - NOTEABLE_TYPES = [Issue, Snippet].freeze + NOTEABLE_TYPES = [Issue, Snippet, MergeRequest, Commit].freeze NOTEABLE_TYPES.each do |noteable_type| parent_type = noteable_type.parent_class.to_s.underscore noteables_str = noteable_type.to_s.underscore.pluralize + noteables_path = noteable_type == Commit ? "repository/#{noteables_str}" : noteables_str params do requires :id, type: String, desc: "The ID of a #{parent_type}" @@ -19,14 +20,12 @@ module API success Entities::Discussion end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' use :pagination end - get ":id/#{noteables_str}/:noteable_id/discussions" do + get ":id/#{noteables_path}/:noteable_id/discussions" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) - return not_found!("Discussions") unless can?(current_user, noteable_read_ability_name(noteable), noteable) - notes = noteable.notes .inc_relations_for_view .includes(:noteable) @@ -43,14 +42,14 @@ module API end params do requires :discussion_id, type: String, desc: 'The ID of a discussion' - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' end - get ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id" do + get ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) notes = readable_discussion_notes(noteable, params[:discussion_id]) - if notes.empty? || !can?(current_user, noteable_read_ability_name(noteable), noteable) - return not_found!("Discussion") + if notes.empty? + break not_found!("Discussion") end discussion = Discussion.build(notes, noteable) @@ -62,19 +61,36 @@ module API success Entities::Discussion end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' requires :body, type: String, desc: 'The content of a note' optional :created_at, type: String, desc: 'The creation date of the note' + optional :position, type: Hash do + requires :base_sha, type: String, desc: 'Base commit SHA in the source branch' + requires :start_sha, type: String, desc: 'SHA referencing commit in target branch' + requires :head_sha, type: String, desc: 'SHA referencing HEAD of this merge request' + requires :position_type, type: String, desc: 'Type of the position reference', values: %w(text image) + optional :new_path, type: String, desc: 'File path after change' + optional :new_line, type: Integer, desc: 'Line number after change' + optional :old_path, type: String, desc: 'File path before change' + optional :old_line, type: Integer, desc: 'Line number before change' + optional :width, type: Integer, desc: 'Width of the image' + optional :height, type: Integer, desc: 'Height of the image' + optional :x, type: Integer, desc: 'X coordinate in the image' + optional :y, type: Integer, desc: 'Y coordinate in the image' + end end - post ":id/#{noteables_str}/:noteable_id/discussions" do + post ":id/#{noteables_path}/:noteable_id/discussions" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) + type = params[:position] ? 'DiffNote' : 'DiscussionNote' + id_key = noteable.is_a?(Commit) ? :commit_id : :noteable_id opts = { note: params[:body], created_at: params[:created_at], - type: 'DiscussionNote', + type: type, noteable_type: noteables_str.classify, - noteable_id: noteable.id + position: params[:position], + id_key => noteable.id } note = create_note(noteable, opts) @@ -91,14 +107,14 @@ module API end params do requires :discussion_id, type: String, desc: 'The ID of a discussion' - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' end - get ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id/notes" do + get ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id/notes" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) notes = readable_discussion_notes(noteable, params[:discussion_id]) - if notes.empty? || !can?(current_user, noteable_read_ability_name(noteable), noteable) - return not_found!("Notes") + if notes.empty? + break not_found!("Notes") end present notes, with: Entities::Note @@ -108,17 +124,17 @@ module API success Entities::Note end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' requires :discussion_id, type: String, desc: 'The ID of a discussion' requires :body, type: String, desc: 'The content of a note' optional :created_at, type: String, desc: 'The creation date of the note' end - post ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id/notes" do + post ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id/notes" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) notes = readable_discussion_notes(noteable, params[:discussion_id]) - return not_found!("Discussion") if notes.empty? - return bad_request!("Discussion is an individual note.") unless notes.first.part_of_discussion? + break not_found!("Discussion") if notes.empty? + break bad_request!("Discussion is an individual note.") unless notes.first.part_of_discussion? opts = { note: params[:body], @@ -139,11 +155,11 @@ module API success Entities::Note end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' requires :discussion_id, type: String, desc: 'The ID of a discussion' requires :note_id, type: Integer, desc: 'The ID of a note' end - get ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id/notes/:note_id" do + get ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id/notes/:note_id" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) get_note(noteable, params[:note_id]) @@ -153,30 +169,52 @@ module API success Entities::Note end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' requires :discussion_id, type: String, desc: 'The ID of a discussion' requires :note_id, type: Integer, desc: 'The ID of a note' - requires :body, type: String, desc: 'The content of a note' + optional :body, type: String, desc: 'The content of a note' + optional :resolved, type: Boolean, desc: 'Mark note resolved/unresolved' + exactly_one_of :body, :resolved end - put ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id/notes/:note_id" do + put ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id/notes/:note_id" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) - update_note(noteable, params[:note_id]) + if params[:resolved].nil? + update_note(noteable, params[:note_id]) + else + resolve_note(noteable, params[:note_id], params[:resolved]) + end end desc "Delete a comment in a #{noteable_type.to_s.downcase} discussion" do success Entities::Note end params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' requires :discussion_id, type: String, desc: 'The ID of a discussion' requires :note_id, type: Integer, desc: 'The ID of a note' end - delete ":id/#{noteables_str}/:noteable_id/discussions/:discussion_id/notes/:note_id" do + delete ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id/notes/:note_id" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) delete_note(noteable, params[:note_id]) end + + if Noteable::RESOLVABLE_TYPES.include?(noteable_type.to_s) + desc "Resolve/unresolve an existing #{noteable_type.to_s.downcase} discussion" do + success Entities::Discussion + end + params do + requires :noteable_id, types: [Integer, String], desc: 'The ID of the noteable' + requires :discussion_id, type: String, desc: 'The ID of a discussion' + requires :resolved, type: Boolean, desc: 'Mark discussion resolved/unresolved' + end + put ":id/#{noteables_path}/:noteable_id/discussions/:discussion_id" do + noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) + + resolve_discussion(noteable, params[:discussion_id], params[:resolved]) + end + end end end diff --git a/lib/api/entities.rb b/lib/api/entities.rb index e5ecd37e473..086071161b7 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -72,7 +72,7 @@ module API class ProjectHook < Hook expose :project_id, :issues_events, :confidential_issues_events - expose :note_events, :pipeline_events, :wiki_page_events + expose :note_events, :confidential_note_events, :pipeline_events, :wiki_page_events expose :job_events end @@ -149,11 +149,11 @@ module API expose_url(api_v4_projects_path(id: project.id)) end - expose :issues, if: -> (*args) { issues_available?(*args) } do |project| + expose :issues, if: -> (project, options) { issues_available?(project, options) } do |project| expose_url(api_v4_projects_issues_path(id: project.id)) end - expose :merge_requests, if: -> (*args) { mrs_available?(*args) } do |project| + expose :merge_requests, if: -> (project, options) { mrs_available?(project, options) } do |project| expose_url(api_v4_projects_merge_requests_path(id: project.id)) end @@ -242,13 +242,18 @@ module API expose :requested_at end - class Group < Grape::Entity - expose :id, :name, :path, :description, :visibility + class BasicGroupDetails < Grape::Entity + expose :id + expose :web_url + expose :name + end + + class Group < BasicGroupDetails + expose :path, :description, :visibility expose :lfs_enabled?, as: :lfs_enabled expose :avatar_url do |group, options| group.avatar_url(only_path: false) end - expose :web_url expose :request_access_enabled expose :full_name, :full_path @@ -286,6 +291,10 @@ module API end end + class DiffRefs < Grape::Entity + expose :base_sha, :head_sha, :start_sha + end + class Commit < Grape::Entity expose :id, :short_id, :title, :created_at expose :parent_ids @@ -601,6 +610,8 @@ module API merge_request.metrics&.pipeline end + expose :diff_refs, using: Entities::DiffRefs + def build_available?(options) options[:project]&.feature_available?(:builds, options[:current_user]) end @@ -642,6 +653,11 @@ module API expose :id, :key, :created_at end + class DiffPosition < Grape::Entity + expose :base_sha, :start_sha, :head_sha, :old_path, :new_path, + :position_type + end + class Note < Grape::Entity # Only Issue and MergeRequest have iid NOTEABLE_TYPES_WITH_IID = %w(Issue MergeRequest).freeze @@ -655,6 +671,14 @@ module API expose :system?, as: :system expose :noteable_id, :noteable_type + expose :position, if: ->(note, options) { note.diff_note? } do |note| + note.position.to_h + end + + expose :resolvable?, as: :resolvable + expose :resolved?, as: :resolved, if: ->(note, options) { note.resolvable? } + expose :resolved_by, using: Entities::UserBasic, if: ->(note, options) { note.resolvable? } + # Avoid N+1 queries as much as possible expose(:noteable_iid) { |note| note.noteable.iid if NOTEABLE_TYPES_WITH_IID.include?(note.noteable_type) } end @@ -794,7 +818,7 @@ module API expose :id, :title, :created_at, :updated_at, :active expose :push_events, :issues_events, :confidential_issues_events expose :merge_requests_events, :tag_push_events, :note_events - expose :pipeline_events, :wiki_page_events + expose :confidential_note_events, :pipeline_events, :wiki_page_events expose :job_events # Expose serialized properties expose :properties do |service, options| @@ -928,7 +952,7 @@ module API end class Tag < Grape::Entity - expose :name, :message + expose :name, :message, :target expose :commit, using: Entities::Commit do |repo_tag, options| options[:project].repository.commit(repo_tag.dereferenced_target) @@ -965,6 +989,13 @@ module API options[:current_user].authorized_projects.where(id: runner.projects) end end + expose :groups, with: Entities::BasicGroupDetails do |runner, options| + if options[:current_user].admin? + runner.groups + else + options[:current_user].authorized_groups.where(id: runner.groups) + end + end end class RunnerRegistrationDetails < Grape::Entity diff --git a/lib/api/group_variables.rb b/lib/api/group_variables.rb index 92800ce6450..55d5c7f1606 100644 --- a/lib/api/group_variables.rb +++ b/lib/api/group_variables.rb @@ -31,7 +31,7 @@ module API key = params[:key] variable = user_group.variables.find_by(key: key) - return not_found!('GroupVariable') unless variable + break not_found!('GroupVariable') unless variable present variable, with: Entities::Variable end @@ -67,7 +67,7 @@ module API put ':id/variables/:key' do variable = user_group.variables.find_by(key: params[:key]) - return not_found!('GroupVariable') unless variable + break not_found!('GroupVariable') unless variable variable_params = declared_params(include_missing: false).except(:key) diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 4a4df1b8b9e..92e3d5cc10a 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -37,13 +37,11 @@ module API use :pagination end - def find_groups(params) - find_params = { - all_available: params[:all_available], - custom_attributes: params[:custom_attributes], - owned: params[:owned] - } - find_params[:parent] = find_group!(params[:id]) if params[:id] + def find_groups(params, parent_id = nil) + find_params = params.slice(:all_available, :custom_attributes, :owned) + find_params[:parent] = find_group!(parent_id) if parent_id + find_params[:all_available] = + find_params.fetch(:all_available, current_user&.full_private_access?) groups = GroupsFinder.new(current_user, find_params).execute groups = groups.search(params[:search]) if params[:search].present? @@ -85,7 +83,7 @@ module API use :with_custom_attributes end get do - groups = find_groups(params) + groups = find_groups(declared_params(include_missing: false), params[:id]) present_groups params, groups end @@ -213,7 +211,7 @@ module API use :with_custom_attributes end get ":id/subgroups" do - groups = find_groups(params) + groups = find_groups(declared_params(include_missing: false), params[:id]) present_groups params, groups end diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 61c138a7dec..2ed331d4fd2 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -103,9 +103,9 @@ module API end def find_project(id) - if id =~ /^\d+$/ + if id.is_a?(Integer) || id =~ /^\d+$/ Project.find_by(id: id) - else + elsif id.include?("/") Project.find_by_full_path(id) end end @@ -171,6 +171,10 @@ module API MergeRequestsFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid) end + def find_project_commit(id) + user_project.commit_by(oid: id) + end + def find_project_snippet(id) finder_params = { project: user_project } SnippetsFinder.new(current_user, finder_params).find(id) @@ -389,28 +393,6 @@ module API # file helpers - def uploaded_file(field, uploads_path) - if params[field] - bad_request!("#{field} is not a file") unless params[field][:filename] - return params[field] - end - - return nil unless params["#{field}.path"] && params["#{field}.name"] - - # sanitize file paths - # this requires all paths to exist - required_attributes! %W(#{field}.path) - uploads_path = File.realpath(uploads_path) - file_path = File.realpath(params["#{field}.path"]) - bad_request!('Bad file path') unless file_path.start_with?(uploads_path) - - UploadedFile.new( - file_path, - params["#{field}.name"], - params["#{field}.type"] || 'application/octet-stream' - ) - end - def present_disk_file!(path, filename, content_type = 'application/octet-stream') filename ||= File.basename(path) header['Content-Disposition'] = "attachment; filename=#{filename}" @@ -490,8 +472,8 @@ module API header(*Gitlab::Workhorse.send_git_blob(repository, blob)) end - def send_git_archive(repository, ref:, format:) - header(*Gitlab::Workhorse.send_git_archive(repository, ref: ref, format: format)) + def send_git_archive(repository, **kwargs) + header(*Gitlab::Workhorse.send_git_archive(repository, **kwargs)) end def send_artifacts_entry(build, entry) diff --git a/lib/api/helpers/custom_attributes.rb b/lib/api/helpers/custom_attributes.rb index 70e4eda95f8..10d652e33f5 100644 --- a/lib/api/helpers/custom_attributes.rb +++ b/lib/api/helpers/custom_attributes.rb @@ -7,6 +7,9 @@ module API helpers do params :with_custom_attributes do optional :with_custom_attributes, type: Boolean, default: false, desc: 'Include custom attributes in the response' + + optional :custom_attributes, type: Hash, + desc: 'Filter with custom attributes' end def with_custom_attributes(collection_or_resource, options = {}) diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb index cd91df1ecd8..b4bfb677d72 100644 --- a/lib/api/helpers/notes_helpers.rb +++ b/lib/api/helpers/notes_helpers.rb @@ -21,6 +21,23 @@ module API end end + def resolve_note(noteable, note_id, resolved) + note = noteable.notes.find(note_id) + + authorize! :resolve_note, note + + bad_request!("Note is not resolvable") unless note.resolvable? + + if resolved + parent = noteable_parent(noteable) + ::Notes::ResolveService.new(parent, current_user).execute(note) + else + note.unresolve! + end + + present note, with: Entities::Note + end + def delete_note(noteable, note_id) note = noteable.notes.find(note_id) @@ -35,7 +52,7 @@ module API def get_note(noteable, note_id) note = noteable.notes.with_metadata.find(params[:note_id]) - can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user) + can_read_note = !note.cross_reference_not_visible_for?(current_user) if can_read_note present note, with: Entities::Note @@ -49,7 +66,20 @@ module API end def find_noteable(parent, noteables_str, noteable_id) - public_send("find_#{parent}_#{noteables_str.singularize}", noteable_id) # rubocop:disable GitlabSecurity/PublicSend + noteable = public_send("find_#{parent}_#{noteables_str.singularize}", noteable_id) # rubocop:disable GitlabSecurity/PublicSend + + readable = + if noteable.is_a?(Commit) + # for commits there is not :read_commit policy, check if user + # has :read_note permission on the commit's project + can?(current_user, :read_note, user_project) + else + can?(current_user, noteable_read_ability_name(noteable), noteable) + end + + return not_found!(noteables_str) unless readable + + noteable end def noteable_parent(noteable) @@ -57,20 +87,34 @@ module API end def create_note(noteable, opts) - noteables_str = noteable.model_name.to_s.underscore.pluralize - - return not_found!(noteables_str) unless can?(current_user, noteable_read_ability_name(noteable), noteable) - - authorize! :create_note, noteable + policy_object = noteable.is_a?(Commit) ? user_project : noteable + authorize!(:create_note, policy_object) parent = noteable_parent(noteable) + if opts[:created_at] - opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user + opts.delete(:created_at) unless + current_user.admin? || parent.owned_by?(current_user) end project = parent if parent.is_a?(Project) ::Notes::CreateService.new(project, current_user, opts).execute end + + def resolve_discussion(noteable, discussion_id, resolved) + discussion = noteable.find_discussion(discussion_id) + + forbidden! unless discussion.can_resolve?(current_user) + + if resolved + parent = noteable_parent(noteable) + ::Discussions::ResolveService.new(parent, current_user, merge_request: noteable).execute(discussion) + else + discussion.unresolve! + end + + present discussion, with: Entities::Discussion + end end end end diff --git a/lib/api/helpers/project_snapshots_helpers.rb b/lib/api/helpers/project_snapshots_helpers.rb new file mode 100644 index 00000000000..94798a8cb51 --- /dev/null +++ b/lib/api/helpers/project_snapshots_helpers.rb @@ -0,0 +1,25 @@ +module API + module Helpers + module ProjectSnapshotsHelpers + def authorize_read_git_snapshot! + authenticated_with_full_private_access! + end + + def send_git_snapshot(repository) + header(*Gitlab::Workhorse.send_git_snapshot(repository)) + end + + def snapshot_project + user_project + end + + def snapshot_repository + if to_boolean(params[:wiki]) + snapshot_project.wiki.repository + else + snapshot_project.repository + end + end + end + end +end diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb new file mode 100644 index 00000000000..381d5e8968c --- /dev/null +++ b/lib/api/helpers/projects_helpers.rb @@ -0,0 +1,38 @@ +module API + module Helpers + module ProjectsHelpers + extend ActiveSupport::Concern + + included do + helpers do + params :optional_project_params_ce do + optional :description, type: String, desc: 'The description of the project' + optional :ci_config_path, type: String, desc: 'The path to CI config file. Defaults to `.gitlab-ci.yml`' + optional :issues_enabled, type: Boolean, desc: 'Flag indication if the issue tracker is enabled' + optional :merge_requests_enabled, type: Boolean, desc: 'Flag indication if merge requests are enabled' + optional :wiki_enabled, type: Boolean, desc: 'Flag indication if the wiki is enabled' + optional :jobs_enabled, type: Boolean, desc: 'Flag indication if jobs are enabled' + optional :snippets_enabled, type: Boolean, desc: 'Flag indication if snippets are enabled' + optional :shared_runners_enabled, type: Boolean, desc: 'Flag indication if shared runners are enabled for that project' + optional :resolve_outdated_diff_discussions, type: Boolean, desc: 'Automatically resolve merge request diffs discussions on lines changed with a push' + optional :container_registry_enabled, type: Boolean, desc: 'Flag indication if the container registry is enabled for that project' + optional :lfs_enabled, type: Boolean, desc: 'Flag indication if Git LFS is enabled for that project' + optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values, desc: 'The visibility of the project.' + optional :public_builds, type: Boolean, desc: 'Perform public builds' + optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access' + optional :only_allow_merge_if_pipeline_succeeds, type: Boolean, desc: 'Only allow to merge if builds succeed' + optional :only_allow_merge_if_all_discussions_are_resolved, type: Boolean, desc: 'Only allow to merge if all discussions are resolved' + optional :tag_list, type: Array[String], desc: 'The list of tags for a project' + optional :avatar, type: File, desc: 'Avatar image for project' + optional :printing_merge_request_link_enabled, type: Boolean, desc: 'Show link to create/view merge request when pushing from the command line' + optional :merge_method, type: String, values: %w(ff rebase_merge merge), desc: 'The merge method used when merging merge requests' + end + + params :optional_project_params do + use :optional_project_params_ce + end + end + end + end + end +end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index fcbc248fc3b..6b72caea8fd 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -50,7 +50,7 @@ module API access_checker.check(params[:action], params[:changes]) @project ||= access_checker.project rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e - return { status: false, message: e.message } + break { status: false, message: e.message } end log_user_activity(actor) @@ -142,21 +142,21 @@ module API if key key.update_last_used_at else - return { 'success' => false, 'message' => 'Could not find the given key' } + break { 'success' => false, 'message' => 'Could not find the given key' } end if key.is_a?(DeployKey) - return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' } + break { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' } end user = key.user unless user - return { success: false, message: 'Could not find a user for the given key' } + break { success: false, message: 'Could not find a user for the given key' } end unless user.two_factor_enabled? - return { success: false, message: 'Two-factor authentication is not enabled for this user' } + break { success: false, message: 'Two-factor authentication is not enabled for this user' } end codes = nil diff --git a/lib/api/issues.rb b/lib/api/issues.rb index f74b3b26802..12ff2a1398b 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -97,7 +97,7 @@ module API get ":id/issues" do group = find_group!(params[:id]) - issues = paginate(find_issues(group_id: group.id)) + issues = paginate(find_issues(group_id: group.id, include_subgroups: true)) options = { with: Entities::IssueBasic, @@ -310,7 +310,7 @@ module API issue = find_project_issue(params[:issue_iid]) - return not_found!('UserAgentDetail') unless issue.user_agent_detail + break not_found!('UserAgentDetail') unless issue.user_agent_detail present issue.user_agent_detail, with: Entities::UserAgentDetail end diff --git a/lib/api/job_artifacts.rb b/lib/api/job_artifacts.rb index b1adef49d46..32379d7c8ab 100644 --- a/lib/api/job_artifacts.rb +++ b/lib/api/job_artifacts.rb @@ -77,7 +77,7 @@ module API build = find_build!(params[:job_id]) authorize!(:update_build, build) - return not_found!(build) unless build.artifacts? + break not_found!(build) unless build.artifacts? build.keep_artifacts! diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index 60911c8d733..54d1acbd412 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -120,7 +120,7 @@ module API build = find_build!(params[:job_id]) authorize!(:update_build, build) - return forbidden!('Job is not retryable') unless build.retryable? + break forbidden!('Job is not retryable') unless build.retryable? build = Ci::Build.retry(build, current_user) @@ -138,7 +138,7 @@ module API build = find_build!(params[:job_id]) authorize!(:erase_build, build) - return forbidden!('Job is not erasable!') unless build.erasable? + break forbidden!('Job is not erasable!') unless build.erasable? build.erase(erased_by: current_user) present build, with: Entities::Job diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 3264a26f7d2..d4cc18f622b 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -189,7 +189,7 @@ module API post ":id/merge_requests" do Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42316') - authorize! :create_merge_request, user_project + authorize! :create_merge_request_from, user_project mr_params = declared_params(include_missing: false) mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 69f1df6b341..39923e6d5b5 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -31,23 +31,19 @@ module API get ":id/#{noteables_str}/:noteable_id/notes" do noteable = find_noteable(parent_type, noteables_str, params[:noteable_id]) - if can?(current_user, noteable_read_ability_name(noteable), noteable) - # We exclude notes that are cross-references and that cannot be viewed - # by the current user. By doing this exclusion at this level and not - # at the DB query level (which we cannot in that case), the current - # page can have less elements than :per_page even if - # there's more than one page. - raw_notes = noteable.notes.with_metadata.reorder(params[:order_by] => params[:sort]) - notes = - # paginate() only works with a relation. This could lead to a - # mismatch between the pagination headers info and the actual notes - # array returned, but this is really a edge-case. - paginate(raw_notes) - .reject { |n| n.cross_reference_not_visible_for?(current_user) } - present notes, with: Entities::Note - else - not_found!("Notes") - end + # We exclude notes that are cross-references and that cannot be viewed + # by the current user. By doing this exclusion at this level and not + # at the DB query level (which we cannot in that case), the current + # page can have less elements than :per_page even if + # there's more than one page. + raw_notes = noteable.notes.with_metadata.reorder(params[:order_by] => params[:sort]) + notes = + # paginate() only works with a relation. This could lead to a + # mismatch between the pagination headers info and the actual notes + # array returned, but this is really a edge-case. + paginate(raw_notes) + .reject { |n| n.cross_reference_not_visible_for?(current_user) } + present notes, with: Entities::Note end desc "Get a single #{noteable_type.to_s.downcase} note" do diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index d2b8b832e4e..735591fedd5 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -19,6 +19,7 @@ module API optional :status, type: String, values: HasStatus::AVAILABLE_STATUSES, desc: 'The status of pipelines' optional :ref, type: String, desc: 'The ref of pipelines' + optional :sha, type: String, desc: 'The sha of pipelines' optional :yaml_errors, type: Boolean, desc: 'Returns pipelines with invalid configurations' optional :name, type: String, desc: 'The name of the user who triggered pipelines' optional :username, type: String, desc: 'The username of the user who triggered pipelines' diff --git a/lib/api/project_hooks.rb b/lib/api/project_hooks.rb index f82241058e5..68921ae439b 100644 --- a/lib/api/project_hooks.rb +++ b/lib/api/project_hooks.rb @@ -14,6 +14,7 @@ module API optional :merge_requests_events, type: Boolean, desc: "Trigger hook on merge request events" optional :tag_push_events, type: Boolean, desc: "Trigger hook on tag push events" optional :note_events, type: Boolean, desc: "Trigger hook on note(comment) events" + optional :confidential_note_events, type: Boolean, desc: "Trigger hook on confidential note(comment) events" optional :job_events, type: Boolean, desc: "Trigger hook on job events" optional :pipeline_events, type: Boolean, desc: "Trigger hook on pipeline events" optional :wiki_page_events, type: Boolean, desc: "Trigger hook on wiki events" diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index a509c1f32c1..bc5152e539f 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -1,6 +1,7 @@ module API class ProjectImport < Grape::API include PaginationParams + include Helpers::ProjectsHelpers helpers do def import_params @@ -25,6 +26,12 @@ module API requires :path, type: String, desc: 'The new project path and name' requires :file, type: File, desc: 'The project export file to be imported' optional :namespace, type: String, desc: "The ID or name of the namespace that the project will be imported into. Defaults to the current user's namespace." + optional :overwrite, type: Boolean, default: false, desc: 'If there is a project in the same namespace and with the same name overwrite it' + optional :override_params, + type: Hash, + desc: 'New project params to override values in the export' do + use :optional_project_params + end end desc 'Create a new project import' do detail 'This feature was introduced in GitLab 10.6.' @@ -44,10 +51,15 @@ module API project_params = { path: import_params[:path], namespace_id: namespace.id, - file: import_params[:file]['tempfile'] + file: import_params[:file]['tempfile'], + overwrite: import_params[:overwrite] } - project = ::Projects::GitlabProjectsImportService.new(current_user, project_params).execute + override_params = import_params.delete(:override_params) + + project = ::Projects::GitlabProjectsImportService.new( + current_user, project_params, override_params + ).execute render_api_error!(project.errors.full_messages&.first, 400) unless project.saved? diff --git a/lib/api/project_snapshots.rb b/lib/api/project_snapshots.rb new file mode 100644 index 00000000000..71005acc587 --- /dev/null +++ b/lib/api/project_snapshots.rb @@ -0,0 +1,19 @@ +module API + class ProjectSnapshots < Grape::API + helpers ::API::Helpers::ProjectSnapshotsHelpers + + before { authorize_read_git_snapshot! } + + resource :projects do + desc 'Download a (possibly inconsistent) snapshot of a repository' do + detail 'This feature was introduced in GitLab 10.7' + end + params do + optional :wiki, type: Boolean, desc: 'Set to true to receive the wiki repository' + end + get ':id/snapshot' do + send_git_snapshot(snapshot_repository) + end + end + end +end diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 39c03c40bab..1de5551fee9 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -145,7 +145,7 @@ module API snippet = Snippet.find_by!(id: params[:snippet_id], project_id: params[:id]) - return not_found!('UserAgentDetail') unless snippet.user_agent_detail + break not_found!('UserAgentDetail') unless snippet.user_agent_detail present snippet.user_agent_detail, with: Entities::UserAgentDetail end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 3d5b3c5a535..8871792060b 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -4,37 +4,11 @@ module API class Projects < Grape::API include PaginationParams include Helpers::CustomAttributes + include Helpers::ProjectsHelpers before { authenticate_non_get! } helpers do - params :optional_params_ce do - optional :description, type: String, desc: 'The description of the project' - optional :ci_config_path, type: String, desc: 'The path to CI config file. Defaults to `.gitlab-ci.yml`' - optional :issues_enabled, type: Boolean, desc: 'Flag indication if the issue tracker is enabled' - optional :merge_requests_enabled, type: Boolean, desc: 'Flag indication if merge requests are enabled' - optional :wiki_enabled, type: Boolean, desc: 'Flag indication if the wiki is enabled' - optional :jobs_enabled, type: Boolean, desc: 'Flag indication if jobs are enabled' - optional :snippets_enabled, type: Boolean, desc: 'Flag indication if snippets are enabled' - optional :shared_runners_enabled, type: Boolean, desc: 'Flag indication if shared runners are enabled for that project' - optional :resolve_outdated_diff_discussions, type: Boolean, desc: 'Automatically resolve merge request diffs discussions on lines changed with a push' - optional :container_registry_enabled, type: Boolean, desc: 'Flag indication if the container registry is enabled for that project' - optional :lfs_enabled, type: Boolean, desc: 'Flag indication if Git LFS is enabled for that project' - optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values, desc: 'The visibility of the project.' - optional :public_builds, type: Boolean, desc: 'Perform public builds' - optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access' - optional :only_allow_merge_if_pipeline_succeeds, type: Boolean, desc: 'Only allow to merge if builds succeed' - optional :only_allow_merge_if_all_discussions_are_resolved, type: Boolean, desc: 'Only allow to merge if all discussions are resolved' - optional :tag_list, type: Array[String], desc: 'The list of tags for a project' - optional :avatar, type: File, desc: 'Avatar image for project' - optional :printing_merge_request_link_enabled, type: Boolean, desc: 'Show link to create/view merge request when pushing from the command line' - optional :merge_method, type: String, values: %w(ff rebase_merge merge), desc: 'The merge method used when merging merge requests' - end - - params :optional_params do - use :optional_params_ce - end - params :statistics_params do optional :statistics, type: Boolean, default: false, desc: 'Include project statistics' end @@ -100,6 +74,11 @@ module API present options[:with].prepare_relation(projects, options), options end + + def translate_params_for_compatibility(params) + params[:builds_enabled] = params.delete(:jobs_enabled) if params.key?(:jobs_enabled) + params + end end resource :users, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do @@ -144,12 +123,12 @@ module API optional :name, type: String, desc: 'The name of the project' optional :path, type: String, desc: 'The path of the repository' at_least_one_of :name, :path - use :optional_params + use :optional_project_params use :create_params end post do attrs = declared_params(include_missing: false) - attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled) + attrs = translate_params_for_compatibility(attrs) project = ::Projects::CreateService.new(current_user, attrs).execute if project.saved? @@ -172,7 +151,7 @@ module API requires :user_id, type: Integer, desc: 'The ID of a user' optional :path, type: String, desc: 'The path of the repository' optional :default_branch, type: String, desc: 'The default branch of the project' - use :optional_params + use :optional_project_params use :create_params end post "user/:user_id" do @@ -181,6 +160,7 @@ module API not_found!('User') unless user attrs = declared_params(include_missing: false) + attrs = translate_params_for_compatibility(attrs) project = ::Projects::CreateService.new(user, attrs).execute if project.saved? @@ -293,7 +273,7 @@ module API optional :default_branch, type: String, desc: 'The default branch of the project' optional :path, type: String, desc: 'The path of the repository' - use :optional_params + use :optional_project_params at_least_one_of(*at_least_one_of_ce) end put ':id' do @@ -302,7 +282,7 @@ module API authorize! :rename_project, user_project if attrs[:name].present? authorize! :change_visibility_level, user_project if attrs[:visibility].present? - attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled) + attrs = translate_params_for_compatibility(attrs) result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute @@ -364,6 +344,11 @@ module API end end + desc 'Get languages in project repository' + get ':id/languages' do + user_project.repository.languages.map { |language| language.values_at(:label, :value) }.to_h + end + desc 'Remove a project' delete ":id" do authorize! :remove_project, user_project @@ -423,7 +408,7 @@ module API end unless user_project.allowed_to_share_with_group? - return render_api_error!("The project sharing with group is disabled", 400) + break render_api_error!("The project sharing with group is disabled", 400) end link = user_project.project_group_links.new(declared_params(include_missing: false)) diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 9638c53a1df..bb3fa99af38 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -88,7 +88,7 @@ module API end get ':id/repository/archive', requirements: { format: Gitlab::PathRegex.archive_formats_regex } do begin - send_git_archive user_project.repository, ref: params[:sha], format: params[:format] + send_git_archive user_project.repository, ref: params[:sha], format: params[:format], append_sha: true rescue not_found!('File') end @@ -111,8 +111,8 @@ module API end params do use :pagination - optional :order_by, type: String, values: %w[email name commits], default: nil, desc: 'Return contributors ordered by `name` or `email` or `commits`' - optional :sort, type: String, values: %w[asc desc], default: nil, desc: 'Sort by asc (ascending) or desc (descending)' + optional :order_by, type: String, values: %w[email name commits], default: 'commits', desc: 'Return contributors ordered by `name` or `email` or `commits`' + optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)' end get ':id/repository/contributors' do begin diff --git a/lib/api/runner.rb b/lib/api/runner.rb index 834253d8e94..67896ae1fc5 100644 --- a/lib/api/runner.rb +++ b/lib/api/runner.rb @@ -23,13 +23,16 @@ module API runner = if runner_registration_token_valid? # Create shared runner. Requires admin access - Ci::Runner.create(attributes.merge(is_shared: true)) + Ci::Runner.create(attributes.merge(is_shared: true, runner_type: :instance_type)) elsif project = Project.find_by(runners_token: params[:token]) - # Create a specific runner for project. - project.runners.create(attributes) + # Create a specific runner for the project + project.runners.create(attributes.merge(runner_type: :project_type)) + elsif group = Group.find_by(runners_token: params[:token]) + # Create a specific runner for the group + group.runners.create(attributes.merge(runner_type: :group_type)) end - return forbidden! unless runner + break forbidden! unless runner if runner.id present runner, with: Entities::RunnerRegistrationDetails @@ -83,7 +86,7 @@ module API if current_runner.runner_queue_value_latest?(params[:last_update]) header 'X-GitLab-Last-Update', params[:last_update] Gitlab::Metrics.add_event(:build_not_found_cached) - return no_content! + break no_content! end new_update = current_runner.ensure_runner_queue_value @@ -152,7 +155,7 @@ module API stream_size = job.trace.append(request.body.read, content_range[0].to_i) if stream_size < 0 - return error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{-stream_size}" }) + break error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{-stream_size}" }) end status 202 @@ -186,7 +189,7 @@ module API status 200 content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE - Gitlab::Workhorse.artifact_upload_ok + JobArtifactUploader.workhorse_authorize end desc 'Upload artifacts for job' do @@ -201,14 +204,15 @@ module API requires :id, type: Integer, desc: %q(Job's ID) optional :token, type: String, desc: %q(Job's authentication token) optional :expire_in, type: String, desc: %q(Specify when artifacts should expire) - optional :file, type: File, desc: %q(Artifact's file) optional 'file.path', type: String, desc: %q(path to locally stored body (generated by Workhorse)) optional 'file.name', type: String, desc: %q(real filename as send in Content-Disposition (generated by Workhorse)) optional 'file.type', type: String, desc: %q(real content type as send in Content-Type (generated by Workhorse)) - optional 'file.sha256', type: String, desc: %q(sha256 checksum of the file) + optional 'file.size', type: Integer, desc: %q(real size of file (generated by Workhorse)) + optional 'file.sha256', type: String, desc: %q(sha256 checksum of the file (generated by Workhorse)) optional 'metadata.path', type: String, desc: %q(path to locally stored body (generated by Workhorse)) optional 'metadata.name', type: String, desc: %q(filename (generated by Workhorse)) - optional 'metadata.sha256', type: String, desc: %q(sha256 checksum of the file) + optional 'metadata.size', type: Integer, desc: %q(real size of metadata (generated by Workhorse)) + optional 'metadata.sha256', type: String, desc: %q(sha256 checksum of metadata (generated by Workhorse)) end post '/:id/artifacts' do not_allowed! unless Gitlab.config.artifacts.enabled @@ -217,21 +221,34 @@ module API job = authenticate_job! forbidden!('Job is not running!') unless job.running? - workhorse_upload_path = JobArtifactUploader.workhorse_upload_path - artifacts = uploaded_file(:file, workhorse_upload_path) - metadata = uploaded_file(:metadata, workhorse_upload_path) + artifacts = UploadedFile.from_params(params, :file, JobArtifactUploader.workhorse_local_upload_path) + metadata = UploadedFile.from_params(params, :metadata, JobArtifactUploader.workhorse_local_upload_path) bad_request!('Missing artifacts file!') unless artifacts file_to_large! unless artifacts.size < max_artifacts_size + bad_request!("Already uploaded") if job.job_artifacts_archive + expire_in = params['expire_in'] || Gitlab::CurrentSettings.current_application_settings.default_artifacts_expire_in - job.build_job_artifacts_archive(project: job.project, file_type: :archive, file: artifacts, file_sha256: params['file.sha256'], expire_in: expire_in) - job.build_job_artifacts_metadata(project: job.project, file_type: :metadata, file: metadata, file_sha256: params['metadata.sha256'], expire_in: expire_in) if metadata - job.artifacts_expire_in = expire_in + job.build_job_artifacts_archive( + project: job.project, + file: artifacts, + file_type: :archive, + file_sha256: artifacts.sha256, + expire_in: expire_in) + + if metadata + job.build_job_artifacts_metadata( + project: job.project, + file: metadata, + file_type: :metadata, + file_sha256: metadata.sha256, + expire_in: expire_in) + end - if job.save + if job.update(artifacts_expire_in: expire_in) present job, with: Entities::JobRequest::Response else render_validation_error!(job) diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index c736cc32021..b30305b4bc9 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -94,7 +94,7 @@ module API end put ':id' do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet authorize! :update_personal_snippet, snippet @@ -120,7 +120,7 @@ module API end delete ':id' do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet authorize! :destroy_personal_snippet, snippet @@ -135,7 +135,7 @@ module API end get ":id/raw" do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet env['api.format'] = :txt content_type 'text/plain' @@ -153,7 +153,7 @@ module API snippet = Snippet.find_by!(id: params[:id]) - return not_found!('UserAgentDetail') unless snippet.user_agent_detail + break not_found!('UserAgentDetail') unless snippet.user_agent_detail present snippet.user_agent_detail, with: Entities::UserAgentDetail end diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb index b3709455bc3..b29e660c6e0 100644 --- a/lib/api/triggers.rb +++ b/lib/api/triggers.rb @@ -62,7 +62,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find(params.delete(:trigger_id)) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger present trigger, with: Entities::Trigger end @@ -99,7 +99,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find(params.delete(:trigger_id)) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger if trigger.update(declared_params(include_missing: false)) present trigger, with: Entities::Trigger @@ -119,7 +119,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find(params.delete(:trigger_id)) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger if trigger.update(owner: current_user) status :ok @@ -140,7 +140,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find(params.delete(:trigger_id)) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger destroy_conditionally!(trigger) end diff --git a/lib/api/users.rb b/lib/api/users.rb index 3920171205f..14b8a796c8e 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -77,7 +77,7 @@ module API authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?) unless current_user&.admin? - params.except!(:created_after, :created_before, :order_by, :sort) + params.except!(:created_after, :created_before, :order_by, :sort, :two_factor) end users = UsersFinder.new(current_user, params).execute diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb index 683b9c993cb..b49448e1e67 100644 --- a/lib/api/v3/builds.rb +++ b/lib/api/v3/builds.rb @@ -51,7 +51,7 @@ module API get ':id/repository/commits/:sha/builds' do authorize_read_builds! - return not_found! unless user_project.commit(params[:sha]) + break not_found! unless user_project.commit(params[:sha]) pipelines = user_project.pipelines.where(sha: params[:sha]) builds = user_project.builds.where(pipeline: pipelines).order('id DESC') @@ -153,7 +153,7 @@ module API build = get_build!(params[:build_id]) authorize!(:update_build, build) - return forbidden!('Build is not retryable') unless build.retryable? + break forbidden!('Build is not retryable') unless build.retryable? build = Ci::Build.retry(build, current_user) @@ -171,7 +171,7 @@ module API build = get_build!(params[:build_id]) authorize!(:erase_build, build) - return forbidden!('Build is not erasable!') unless build.erasable? + break forbidden!('Build is not erasable!') unless build.erasable? build.erase(erased_by: current_user) present build, with: ::API::V3::Entities::Build @@ -188,7 +188,7 @@ module API build = get_build!(params[:build_id]) authorize!(:update_build, build) - return not_found!(build) unless build.artifacts? + break not_found!(build) unless build.artifacts? build.keep_artifacts! diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb index ce216497996..9b0f70e2bfe 100644 --- a/lib/api/v3/merge_requests.rb +++ b/lib/api/v3/merge_requests.rb @@ -93,7 +93,7 @@ module API post ":id/merge_requests" do Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126') - authorize! :create_merge_request, user_project + authorize! :create_merge_request_from, user_project mr_params = declared_params(include_missing: false) mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) if mr_params[:remove_source_branch].present? diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index a2df969d819..eb3dd113524 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -423,7 +423,7 @@ module API end unless user_project.allowed_to_share_with_group? - return render_api_error!("The project sharing with group is disabled", 400) + break render_api_error!("The project sharing with group is disabled", 400) end link = user_project.project_group_links.new(declared_params(include_missing: false)) diff --git a/lib/api/v3/repositories.rb b/lib/api/v3/repositories.rb index 5b54734bb45..f701d64e886 100644 --- a/lib/api/v3/repositories.rb +++ b/lib/api/v3/repositories.rb @@ -75,7 +75,7 @@ module API end get ':id/repository/archive', requirements: { format: Gitlab::PathRegex.archive_formats_regex } do begin - send_git_archive user_project.repository, ref: params[:sha], format: params[:format] + send_git_archive user_project.repository, ref: params[:sha], format: params[:format], append_sha: true rescue not_found!('File') end diff --git a/lib/api/v3/snippets.rb b/lib/api/v3/snippets.rb index 85613c8ed84..1df8a20e74a 100644 --- a/lib/api/v3/snippets.rb +++ b/lib/api/v3/snippets.rb @@ -90,7 +90,7 @@ module API end put ':id' do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet authorize! :update_personal_snippet, snippet @@ -114,7 +114,7 @@ module API end delete ':id' do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet authorize! :destroy_personal_snippet, snippet snippet.destroy @@ -129,7 +129,7 @@ module API end get ":id/raw" do snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - return not_found!('Snippet') unless snippet + break not_found!('Snippet') unless snippet env['api.format'] = :txt content_type 'text/plain' diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb index 34f07dfb486..969bb2a05de 100644 --- a/lib/api/v3/triggers.rb +++ b/lib/api/v3/triggers.rb @@ -72,7 +72,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find_by(token: params[:token].to_s) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger present trigger, with: ::API::V3::Entities::Trigger end @@ -100,7 +100,7 @@ module API authorize! :admin_build, user_project trigger = user_project.triggers.find_by(token: params[:token].to_s) - return not_found!('Trigger') unless trigger + break not_found!('Trigger') unless trigger trigger.destroy diff --git a/lib/api/variables.rb b/lib/api/variables.rb index d08876ae1b9..a34de9410e8 100644 --- a/lib/api/variables.rb +++ b/lib/api/variables.rb @@ -31,7 +31,7 @@ module API key = params[:key] variable = user_project.variables.find_by(key: key) - return not_found!('Variable') unless variable + break not_found!('Variable') unless variable present variable, with: Entities::Variable end @@ -67,7 +67,7 @@ module API put ':id/variables/:key' do variable = user_project.variables.find_by(key: params[:key]) - return not_found!('Variable') unless variable + break not_found!('Variable') unless variable variable_params = declared_params(include_missing: false).except(:key) |