diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api.rb | 1 | ||||
| -rw-r--r-- | lib/api/builds.rb | 73 | ||||
| -rw-r--r-- | lib/api/commit_statuses.rb | 2 | ||||
| -rw-r--r-- | lib/api/entities.rb | 27 | ||||
| -rw-r--r-- | lib/api/merge_requests.rb | 19 | ||||
| -rw-r--r-- | lib/api/projects.rb | 12 | ||||
| -rw-r--r-- | lib/api/repositories.rb | 7 | ||||
| -rw-r--r-- | lib/api/runners.rb | 175 | ||||
| -rw-r--r-- | lib/api/triggers.rb | 8 | ||||
| -rw-r--r-- | lib/api/variables.rb | 2 |
10 files changed, 298 insertions, 28 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 7efe0a0262f..7d65145176b 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -56,5 +56,6 @@ module API mount Triggers mount Builds mount Variables + mount Runners end end diff --git a/lib/api/builds.rb b/lib/api/builds.rb index d293f988165..2b104f90aa7 100644 --- a/lib/api/builds.rb +++ b/lib/api/builds.rb @@ -13,11 +13,12 @@ module API # Example Request: # GET /projects/:id/builds get ':id/builds' do + builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) present paginate(builds), with: Entities::Build, - user_can_download_artifacts: can?(current_user, :download_build_artifacts, user_project) + user_can_download_artifacts: can?(current_user, :read_build, user_project) end # Get builds for a specific commit of a project @@ -30,6 +31,8 @@ module API # Example Request: # GET /projects/:id/repository/commits/:sha/builds get ':id/repository/commits/:sha/builds' do + authorize_read_builds! + commit = user_project.ci_commits.find_by_sha(params[:sha]) return not_found! unless commit @@ -37,7 +40,7 @@ module API builds = filter_builds(builds, params[:scope]) present paginate(builds), with: Entities::Build, - user_can_download_artifacts: can?(current_user, :download_build_artifacts, user_project) + user_can_download_artifacts: can?(current_user, :read_build, user_project) end # Get a specific build of a project @@ -48,11 +51,37 @@ module API # Example Request: # GET /projects/:id/builds/:build_id get ':id/builds/:build_id' do + authorize_read_builds! + build = get_build(params[:build_id]) return not_found!(build) unless build present build, with: Entities::Build, - user_can_download_artifacts: can?(current_user, :download_build_artifacts, user_project) + user_can_download_artifacts: can?(current_user, :read_build, user_project) + end + + # Download the artifacts file from build + # + # Parameters: + # id (required) - The ID of a build + # token (required) - The build authorization token + # Example Request: + # GET /projects/:id/builds/:build_id/artifacts + get ':id/builds/:build_id/artifacts' do + authorize_read_builds! + + build = get_build(params[:build_id]) + return not_found!(build) unless build + + artifacts_file = build.artifacts_file + + unless artifacts_file.file_storage? + return redirect_to build.artifacts_file.url + end + + return not_found! unless artifacts_file.exists? + + present_file!(artifacts_file.path, artifacts_file.filename) end # Get a trace of a specific build of a project @@ -67,6 +96,8 @@ module API # is saved in the DB instead of file). But before that, we need to consider how to replace the value of # `runners_token` with some mask (like `xxxxxx`) when sending trace file directly by workhorse. get ':id/builds/:build_id/trace' do + authorize_read_builds! + build = get_build(params[:build_id]) return not_found!(build) unless build @@ -86,7 +117,7 @@ module API # example request: # post /projects/:id/build/:build_id/cancel post ':id/builds/:build_id/cancel' do - authorize_manage_builds! + authorize_update_builds! build = get_build(params[:build_id]) return not_found!(build) unless build @@ -94,7 +125,7 @@ module API build.cancel present build, with: Entities::Build, - user_can_download_artifacts: can?(current_user, :download_build_artifacts, user_project) + user_can_download_artifacts: can?(current_user, :read_build, user_project) end # Retry a specific build of a project @@ -105,14 +136,34 @@ module API # example request: # post /projects/:id/build/:build_id/retry post ':id/builds/:build_id/retry' do - authorize_manage_builds! + authorize_update_builds! build = get_build(params[:build_id]) - return forbidden!('Build is not retryable') unless build && build.retryable? + return not_found!(build) unless build + return forbidden!('Build is not retryable') unless build.retryable? build = Ci::Build.retry(build) present build, with: Entities::Build, + user_can_download_artifacts: can?(current_user, :read_build, user_project) + end + + # Erase build (remove artifacts and build trace) + # + # Parameters: + # id (required) - the id of a project + # build_id (required) - the id of a build + # example Request: + # post /projects/:id/build/:build_id/erase + post ':id/builds/:build_id/erase' do + authorize_update_builds! + + build = get_build(params[:build_id]) + return not_found!(build) unless build + return forbidden!('Build is not erasable!') unless build.erasable? + + build.erase(erased_by: current_user) + present build, with: Entities::Build, user_can_download_artifacts: can?(current_user, :download_build_artifacts, user_project) end end @@ -141,8 +192,12 @@ module API builds.where(status: available_statuses && scope) end - def authorize_manage_builds! - authorize! :manage_builds, user_project + def authorize_read_builds! + authorize! :read_build, user_project + end + + def authorize_update_builds! + authorize! :update_build, user_project end end end diff --git a/lib/api/commit_statuses.rb b/lib/api/commit_statuses.rb index 1162271f5fc..9422d438d21 100644 --- a/lib/api/commit_statuses.rb +++ b/lib/api/commit_statuses.rb @@ -18,7 +18,7 @@ module API # Examples: # GET /projects/:id/repository/commits/:sha/statuses get ':id/repository/commits/:sha/statuses' do - authorize! :read_commit_statuses, user_project + authorize! :read_commit_status, user_project sha = params[:sha] ci_commit = user_project.ci_commit(sha) not_found! 'Commit' unless ci_commit diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 82a75734de0..a3b5f1eb8d3 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -49,7 +49,7 @@ module API expose :enable_ssl_verification end - class ForkedFromProject < Grape::Entity + class BasicProjectDetails < Grape::Entity expose :id expose :name, :name_with_namespace expose :path, :path_with_namespace @@ -67,11 +67,12 @@ module API expose :shared_runners_enabled expose :creator_id expose :namespace - expose :forked_from_project, using: Entities::ForkedFromProject, if: lambda{ |project, options| project.forked? } + expose :forked_from_project, using: Entities::BasicProjectDetails, if: lambda{ |project, options| project.forked? } expose :avatar_url expose :star_count, :forks_count expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? } expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] } + expose :public_builds end class ProjectMember < UserBasic @@ -175,6 +176,7 @@ module API expose :work_in_progress?, as: :work_in_progress expose :milestone, using: Entities::Milestone expose :merge_when_build_succeeds + expose :merge_status end class MergeRequestChanges < MergeRequest @@ -375,6 +377,24 @@ module API expose :name end + class RunnerDetails < Runner + expose :tag_list + expose :version, :revision, :platform, :architecture + expose :contacted_at + expose :token, if: lambda { |runner, options| options[:current_user].is_admin? || !runner.is_shared? } + expose :projects, with: Entities::BasicProjectDetails do |runner, options| + if options[:current_user].is_admin? + runner.projects + else + options[:current_user].authorized_projects.where(id: runner.projects) + end + end + end + + class BuildArtifactFile < Grape::Entity + expose :filename, :size + end + class Build < Grape::Entity expose :id, :status, :stage, :name, :ref, :tag, :coverage expose :created_at, :started_at, :finished_at @@ -383,9 +403,10 @@ module API # for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255) expose :download_url do |repo_obj, options| if options[:user_can_download_artifacts] - repo_obj.download_url + repo_obj.artifacts_download_url end end + expose :artifacts_file, using: BuildArtifactFile, if: -> (build, opts) { build.artifacts? } expose :commit, with: RepoCommit do |repo_obj, _options| if repo_obj.respond_to?(:commit) repo_obj.commit.commit_data diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index dd7f24f3279..c5e5d57ed4d 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -71,6 +71,7 @@ module API # title (required) - Title of MR # description - Description of MR # labels (optional) - Labels for MR as a comma-separated list + # milestone_id (optional) - Milestone ID # # Example: # POST /projects/:id/merge_requests @@ -78,7 +79,7 @@ module API post ":id/merge_requests" do authorize! :create_merge_request, user_project required_attributes! [:source_branch, :target_branch, :title] - attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description] + attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description, :milestone_id] # Validate label names in advance if (errors = validate_label_params(params)).any? @@ -163,11 +164,12 @@ module API # state_event - Status of MR. (close|reopen|merge) # description - Description of MR # labels (optional) - Labels for a MR as a comma-separated list + # milestone_id (optional) - Milestone ID # Example: # PUT /projects/:id/merge_requests/:merge_request_id # put path do - attrs = attributes_for_keys [:target_branch, :assignee_id, :title, :state_event, :description] + attrs = attributes_for_keys [:target_branch, :assignee_id, :title, :state_event, :description, :milestone_id] merge_request = user_project.merge_requests.find(params[:merge_request_id]) authorize! :update_merge_request, merge_request @@ -300,6 +302,19 @@ module API render_api_error!("Failed to save note #{note.errors.messages}", 400) end end + + # List issues that will close on merge + # + # Parameters: + # id (required) - The ID of a project + # merge_request_id (required) - ID of MR + # Examples: + # GET /projects/:id/merge_requests/:merge_request_id/closes_issues + get "#{path}/closes_issues" do + merge_request = user_project.merge_requests.find(params[:merge_request_id]) + issues = ::Kaminari.paginate_array(merge_request.closes_issues(current_user)) + present paginate(issues), with: Entities::Issue + end end end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 1f991e600e3..6067c8b4a5e 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -99,6 +99,7 @@ module API # public (optional) - if true same as setting visibility_level = 20 # visibility_level (optional) - 0 by default # import_url (optional) + # public_builds (optional) # Example Request # POST /projects post do @@ -115,7 +116,8 @@ module API :namespace_id, :public, :visibility_level, - :import_url] + :import_url, + :public_builds] attrs = map_public_to_visibility_level(attrs) @project = ::Projects::CreateService.new(current_user, attrs).execute if @project.saved? @@ -145,6 +147,7 @@ module API # public (optional) - if true same as setting visibility_level = 20 # visibility_level (optional) # import_url (optional) + # public_builds (optional) # Example Request # POST /projects/user/:user_id post "user/:user_id" do @@ -161,7 +164,8 @@ module API :shared_runners_enabled, :public, :visibility_level, - :import_url] + :import_url, + :public_builds] attrs = map_public_to_visibility_level(attrs) @project = ::Projects::CreateService.new(user, attrs).execute if @project.saved? @@ -205,6 +209,7 @@ module API # shared_runners_enabled (optional) # public (optional) - if true same as setting visibility_level = 20 # visibility_level (optional) - visibility level of a project + # public_builds (optional) # Example Request # PUT /projects/:id put ':id' do @@ -219,7 +224,8 @@ module API :snippets_enabled, :shared_runners_enabled, :public, - :visibility_level] + :visibility_level, + :public_builds] attrs = map_public_to_visibility_level(attrs) authorize_admin_project authorize! :rename_project, user_project if attrs[:name].present? diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index c95d2d2001d..0d0f0d4616d 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -98,11 +98,8 @@ module API authorize! :download_code, user_project begin - ArchiveRepositoryService.new( - user_project, - params[:sha], - params[:format] - ).execute + RepositoryArchiveCacheWorker.perform_async + header *Gitlab::Workhorse.send_git_archive(user_project, params[:sha], params[:format]) rescue not_found!('File') end diff --git a/lib/api/runners.rb b/lib/api/runners.rb new file mode 100644 index 00000000000..8ec91485b26 --- /dev/null +++ b/lib/api/runners.rb @@ -0,0 +1,175 @@ +module API + # Runners API + class Runners < Grape::API + before { authenticate! } + + resource :runners do + # Get runners available for user + # + # Example Request: + # GET /runners + get do + runners = filter_runners(current_user.ci_authorized_runners, params[:scope], without: ['specific', 'shared']) + present paginate(runners), with: Entities::Runner + end + + # Get all runners - shared and specific + # + # Example Request: + # GET /runners/all + get 'all' do + authenticated_as_admin! + runners = filter_runners(Ci::Runner.all, params[:scope]) + present paginate(runners), with: Entities::Runner + end + + # Get runner's details + # + # Parameters: + # id (required) - The ID of ther runner + # Example Request: + # GET /runners/:id + get ':id' do + runner = get_runner(params[:id]) + authenticate_show_runner!(runner) + + present runner, with: Entities::RunnerDetails, current_user: current_user + end + + # Update runner's details + # + # Parameters: + # id (required) - The ID of ther runner + # description (optional) - Runner's description + # active (optional) - Runner's status + # tag_list (optional) - Array of tags for runner + # Example Request: + # PUT /runners/:id + put ':id' do + runner = get_runner(params[:id]) + authenticate_update_runner!(runner) + + attrs = attributes_for_keys [:description, :active, :tag_list] + if runner.update(attrs) + present runner, with: Entities::RunnerDetails, current_user: current_user + else + render_validation_error!(runner) + end + end + + # Remove runner + # + # Parameters: + # id (required) - The ID of ther runner + # Example Request: + # DELETE /runners/:id + delete ':id' do + runner = get_runner(params[:id]) + authenticate_delete_runner!(runner) + runner.destroy! + + present runner, with: Entities::Runner + end + end + + resource :projects do + before { authorize_admin_project } + + # Get runners available for project + # + # Example Request: + # GET /projects/:id/runners + get ':id/runners' do + runners = filter_runners(Ci::Runner.owned_or_shared(user_project.id), params[:scope]) + present paginate(runners), with: Entities::Runner + end + + # Enable runner for project + # + # Parameters: + # id (required) - The ID of the project + # runner_id (required) - The ID of the runner + # Example Request: + # POST /projects/:id/runners/:runner_id + post ':id/runners' do + required_attributes! [:runner_id] + + runner = get_runner(params[:runner_id]) + authenticate_enable_runner!(runner) + Ci::RunnerProject.create(runner: runner, project: user_project) + + present runner, with: Entities::Runner + end + + # Disable project's runner + # + # Parameters: + # id (required) - The ID of the project + # runner_id (required) - The ID of the runner + # Example Request: + # DELETE /projects/:id/runners/:runner_id + delete ':id/runners/:runner_id' do + runner_project = user_project.runner_projects.find_by(runner_id: params[:runner_id]) + not_found!('Runner') unless runner_project + + runner = runner_project.runner + forbidden!("Only one project associated with the runner. Please remove the runner instead") if runner.projects.count == 1 + + runner_project.destroy + + present runner, with: Entities::Runner + end + end + + helpers do + def filter_runners(runners, scope, options = {}) + return runners unless scope.present? + + available_scopes = ::Ci::Runner::AVAILABLE_SCOPES + if options[:without] + available_scopes = available_scopes - options[:without] + end + + if (available_scopes & [scope]).empty? + render_api_error!('Scope contains invalid value', 400) + end + + runners.send(scope) + end + + def get_runner(id) + runner = Ci::Runner.find(id) + not_found!('Runner') unless runner + runner + end + + def authenticate_show_runner!(runner) + return if runner.is_shared || current_user.is_admin? + forbidden!("No access granted") unless user_can_access_runner?(runner) + end + + def authenticate_update_runner!(runner) + return if current_user.is_admin? + forbidden!("Runner is shared") if runner.is_shared? + forbidden!("No access granted") unless user_can_access_runner?(runner) + end + + def authenticate_delete_runner!(runner) + return if current_user.is_admin? + forbidden!("Runner is shared") if runner.is_shared? + forbidden!("Runner associated with more than one project") if runner.projects.count > 1 + forbidden!("No access granted") unless user_can_access_runner?(runner) + end + + def authenticate_enable_runner!(runner) + forbidden!("Runner is shared") if runner.is_shared? + return if current_user.is_admin? + forbidden!("No access granted") unless user_can_access_runner?(runner) + end + + def user_can_access_runner?(runner) + current_user.ci_authorized_runners.exists?(runner.id) + end + end + end +end diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb index 5e4964f446c..d1d07394e92 100644 --- a/lib/api/triggers.rb +++ b/lib/api/triggers.rb @@ -54,7 +54,7 @@ module API # GET /projects/:id/triggers get ':id/triggers' do authenticate! - authorize_admin_project + authorize! :admin_build, user_project triggers = user_project.triggers.includes(:trigger_requests) triggers = paginate(triggers) @@ -71,7 +71,7 @@ module API # GET /projects/:id/triggers/:token get ':id/triggers/:token' do authenticate! - authorize_admin_project + authorize! :admin_build, user_project trigger = user_project.triggers.find_by(token: params[:token].to_s) return not_found!('Trigger') unless trigger @@ -87,7 +87,7 @@ module API # POST /projects/:id/triggers post ':id/triggers' do authenticate! - authorize_admin_project + authorize! :admin_build, user_project trigger = user_project.triggers.create @@ -103,7 +103,7 @@ module API # DELETE /projects/:id/triggers/:token delete ':id/triggers/:token' do authenticate! - authorize_admin_project + authorize! :admin_build, user_project trigger = user_project.triggers.find_by(token: params[:token].to_s) return not_found!('Trigger') unless trigger diff --git a/lib/api/variables.rb b/lib/api/variables.rb index d9a055f6c92..f6495071a11 100644 --- a/lib/api/variables.rb +++ b/lib/api/variables.rb @@ -2,7 +2,7 @@ module API # Projects variables API class Variables < Grape::API before { authenticate! } - before { authorize_admin_project } + before { authorize! :admin_build, user_project } resource :projects do # Get project variables |