From 4de11c2009bd20f7811106d6cb8bda294561ff0a Mon Sep 17 00:00:00 2001 From: Robert Schilling Date: Sun, 7 Jul 2013 12:35:37 +0200 Subject: Fix broken API links, fixes #4463 --- doc/api/README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/api/README.md b/doc/api/README.md index 4bcd89949df..9d6e229e4cb 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -69,18 +69,18 @@ When listing resources you can pass the following parameters: ## Contents -+ [Users](users.md) -+ [Session](session.md) -+ [Projects](projects.md) -+ [Project Snippets](project_snippets.md) -+ [Repositories](repositories.md) -+ [Issues](issues.md) -+ [Milestones](milestones.md) -+ [Notes](notes.md) -+ [Deploy Keys](deploy_keys.md) -+ [System Hooks](system_hooks.md) -+ [Groups](groups.md) -+ [User Teams](user_teams.md) ++ [Users](api/users.md) ++ [Session](api/session.md) ++ [Projects](api/projects.md) ++ [Project Snippets](api/project_snippets.md) ++ [Repositories](api/repositories.md) ++ [Issues](api/issues.md) ++ [Milestones](api/milestones.md) ++ [Notes](api/notes.md) ++ [Deploy Keys](api/deploy_keys.md) ++ [System Hooks](api/system_hooks.md) ++ [Groups](api/groups.md) ++ [User Teams](api/user_teams.md) ## Clients -- cgit v1.2.1 From db325ef940e7c084d3a9daf0a5efec2b2580004b Mon Sep 17 00:00:00 2001 From: Robert Schilling Date: Sun, 7 Jul 2013 19:00:07 +0200 Subject: Fix Pygments 500 error if lexer not found by name. Use first alias instead. fixes #4473, #4451 --- lib/redcarpet/render/gitlab_html.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/redcarpet/render/gitlab_html.rb b/lib/redcarpet/render/gitlab_html.rb index 318adbf1894..d9c2d3b626d 100644 --- a/lib/redcarpet/render/gitlab_html.rb +++ b/lib/redcarpet/render/gitlab_html.rb @@ -12,7 +12,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML def block_code(code, language) options = { options: {encoding: 'utf-8'} } lexer = Pygments::Lexer.find(language) # language can be an alias - options.merge!(lexer: lexer.name.downcase) if lexer # downcase is required + options.merge!(lexer: lexer.aliases[0].downcase) if lexer # downcase is required # New lines are placed to fix an rendering issue # with code wrapped inside

tag for next case: -- cgit v1.2.1 From 9f2e1b33a44aecf5a4cf2d450df313f026e4409b Mon Sep 17 00:00:00 2001 From: Martin Bastien Date: Sun, 7 Jul 2013 13:30:29 -0400 Subject: navbar tooltip position fix when "loading" appears. --- app/assets/stylesheets/gitlab_bootstrap/nav.scss | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/assets/stylesheets/gitlab_bootstrap/nav.scss b/app/assets/stylesheets/gitlab_bootstrap/nav.scss index db0023cff92..847c7180ce2 100644 --- a/app/assets/stylesheets/gitlab_bootstrap/nav.scss +++ b/app/assets/stylesheets/gitlab_bootstrap/nav.scss @@ -64,3 +64,14 @@ &.nav-small-tabs > li > a { padding: 6px 9px; } } + + + +/** + * fix to keep tooltips position in top navigation bar + * + */ +.navbar .nav > li { + position: relative; + white-space: nowrap; +} -- cgit v1.2.1 From 7ebbb6e33f872651c8f92799570d58353a4a08b3 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 8 Jul 2013 13:59:56 +0300 Subject: Added new entries to changelog. Version up to 5.4.0.pre --- CHANGELOG | 10 ++++++++++ VERSION | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 7d1ada97c57..c20f27ad7db 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,13 @@ +v 5.4.0 + - Ability to edit own comments + - Documentation improvements + - Improve dashboard projects page + - Fixed nav for empty repos + - GitLab Markdown help page + - Misspelling fixes + - Added suppoort of unicorn and fog gems + - Added client list to API doc + v 5.3.0 - Refactored services - Campfire service added diff --git a/VERSION b/VERSION index 03f488b076a..c5e18371adf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.3.0 +5.4.0.pre -- cgit v1.2.1 From de680eb8c05d15c0a5ab3afe7da45cfc70d6e1fb Mon Sep 17 00:00:00 2001 From: Sytse Sijbrandij Date: Mon, 8 Jul 2013 18:52:10 +0200 Subject: Use default system editor. --- doc/install/installation.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/doc/install/installation.md b/doc/install/installation.md index 800e06fdfdf..6cad280acaf 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -42,11 +42,13 @@ up-to-date and install it. apt-get install sudo -y **Note:** -Vim is an editor that is used here whenever there are files that need to be -edited by hand. But, you can use any editor you like instead. +During this installation some files will need to be edited manually. +If you are familiar with vim set it as default editor with the commands below. +If you are not familiar with vim please skip this and keep using the default editor. - # Install vim + # Install vim and set as default editor sudo apt-get install -y vim + sudo update-alternatives --set editor /usr/bin/vim.basic Install the required packages: @@ -123,7 +125,7 @@ GitLab Shell is a ssh access and repository management software developed specia # Edit config and replace gitlab_url # with something like 'http://domain.com/' - sudo -u git -H vim config.yml + sudo -u git -H editor config.yml # Do setup sudo -u git -H ./bin/install @@ -162,7 +164,7 @@ You can change `5-3-stable` to `master` if you want the *bleeding edge* version, # Make sure to change "localhost" to the fully-qualified domain name of your # host serving GitLab where necessary - sudo -u git -H vim config/gitlab.yml + sudo -u git -H editor config/gitlab.yml # Make sure GitLab can write to the log/ and tmp/ directories sudo chown -R git log/ @@ -188,7 +190,7 @@ You can change `5-3-stable` to `master` if you want the *bleeding edge* version, # Enable cluster mode if you expect to have a high load instance # Ex. change amount of workers to 3 for 2GB RAM server - sudo -u git -H vim config/puma.rb + sudo -u git -H editor config/puma.rb # Configure Git global settings for git user, useful when editing via web # Edit user.email according to what is set in gitlab.yml @@ -214,7 +216,7 @@ Make sure to edit both `gitlab.yml` and `puma.rb` to match your setup. # Change 'root' to 'gitlab' # Change 'secure password' with the value you have given to $password # You can keep the double quotes around the password - sudo -u git -H vim config/database.yml + sudo -u git -H editor config/database.yml # Make config/database.yml readable to git only sudo -u git -H chmod o-rwx config/database.yml @@ -295,7 +297,7 @@ Make sure to edit the config file to match your setup: # Change YOUR_SERVER_FQDN to the fully-qualified # domain name of your host serving GitLab. - sudo vim /etc/nginx/sites-available/gitlab + sudo editor /etc/nginx/sites-available/gitlab ## Restart -- cgit v1.2.1 From ea5a006f27cfd3013f94652e0e0f0e63091036ad Mon Sep 17 00:00:00 2001 From: Angus MacArthur Date: Thu, 27 Jun 2013 17:49:26 -0400 Subject: Additon of apis for fork administration. Added ability to add and remove the forked from/to relatioinship between existing repos. --- doc/api/projects.md | 25 ++++++++++++++ lib/api/entities.rb | 7 ++++ lib/api/helpers.rb | 6 ++-- lib/api/projects.rb | 36 ++++++++++++++++++++ spec/requests/api/projects_spec.rb | 67 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 138 insertions(+), 3 deletions(-) diff --git a/doc/api/projects.md b/doc/api/projects.md index 323c0be63a4..41b6b6add39 100644 --- a/doc/api/projects.md +++ b/doc/api/projects.md @@ -453,3 +453,28 @@ Parameters: + `id` (required) - The ID of the project. + `branch` (required) - The name of the branch. + +## Admin fork relation + +Allows modification of the forked relationship between existing projects. . Available only for admins. + +### Create a forked from/to relation between existing projects. + +``` +POST /projects/:id/fork/:forked_from_id +``` + +Parameters: + ++ `id` (required) - The ID of the project ++ `forked_from_id:` (required) - The ID of the project that was forked from + +### Delete an existing forked from relationship + +``` +DELETE /projects/:id/fork +``` + +Parameter: + ++ `id` (required) - The ID of the project \ No newline at end of file diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 0d8cac5c8fd..dea5771d6b6 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -25,6 +25,12 @@ module API expose :id, :url, :created_at end + class ForkedFromProject < Grape::Entity + expose :id + expose :name, :name_with_namespace + expose :path, :path_with_namespace + end + class Project < Grape::Entity expose :id, :description, :default_branch, :public, :ssh_url_to_repo, :http_url_to_repo, :web_url expose :owner, using: Entities::UserBasic @@ -32,6 +38,7 @@ module API expose :path, :path_with_namespace expose :issues_enabled, :merge_requests_enabled, :wall_enabled, :wiki_enabled, :created_at, :last_activity_at expose :namespace + expose :forked_from_project, using: Entities::ForkedFromProject, :if => lambda{ | project, options | project.forked? } end class ProjectMember < UserBasic diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 94cf4f2e69f..f857d4133b2 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -5,12 +5,12 @@ module API end def user_project - @project ||= find_project + @project ||= find_project(params[:id]) @project || not_found! end - def find_project - project = Project.find_by_id(params[:id]) || Project.find_with_namespace(params[:id]) + def find_project(id) + project = Project.find_by_id(id) || Project.find_with_namespace(id) if project && can?(current_user, :read_project, project) project diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 6dc051e4ba2..d5709f5cb59 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -121,6 +121,42 @@ module API end + # Mark this project as forked from another + # + # Parameters: + # id: (required) - The ID of the project being marked as a fork + # forked_from_id: (required) - The ID of the project it was forked from + # Example Request: + # POST /projects/:id/fork/:forked_from_id + post ":id/fork/:forked_from_id" do + authenticated_as_admin! + forked_from_project = find_project(params[:forked_from_id]) + unless forked_from_project.nil? + if user_project.forked_from_project.nil? + user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id) + else + render_api_error!("Project already forked", 409) + end + else + not_found! + end + + end + + # Remove a forked_from relationship + # + # Parameters: + # id: (required) - The ID of the project being marked as a fork + # Example Request: + # DELETE /projects/:id/fork + delete ":id/fork" do + authenticated_as_admin! + unless user_project.forked_project_link.nil? + user_project.forked_project_link.destroy + end + end + + # Get a project team members # # Parameters: diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 31075149647..a6612af83eb 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -595,4 +595,71 @@ describe API::API do end end end + + describe :fork_admin do + let(:project_fork_target) { create(:project) } + let(:project_fork_source) { create(:project, public: true) } + + describe "POST /projects/:id/fork/:forked_from_id" do + let(:new_project_fork_source) { create(:project, public: true) } + + it "shouldn't available for non admin users" do + post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user) + response.status.should == 403 + end + + it "should allow project to be forked from an existing project" do + project_fork_target.forked?.should_not be_true + post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) + response.status.should == 201 + project_fork_target.reload + project_fork_target.forked_from_project.id.should == project_fork_source.id + project_fork_target.forked_project_link.should_not be_nil + project_fork_target.forked?.should be_true + end + + it "should fail if forked_from project which does not exist" do + post api("/projects/#{project_fork_target.id}/fork/9999", admin) + response.status.should == 404 + end + + it "should fail with 409 if already forked" do + post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) + project_fork_target.reload + project_fork_target.forked_from_project.id.should == project_fork_source.id + post api("/projects/#{project_fork_target.id}/fork/#{new_project_fork_source.id}", admin) + response.status.should == 409 + project_fork_target.reload + project_fork_target.forked_from_project.id.should == project_fork_source.id + project_fork_target.forked?.should be_true + end + end + + describe "DELETE /projects/:id/fork" do + + it "shouldn't available for non admin users" do + delete api("/projects/#{project_fork_target.id}/fork", user) + response.status.should == 403 + end + + it "should make forked project unforked" do + post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) + project_fork_target.reload + project_fork_target.forked_from_project.should_not be_nil + project_fork_target.forked?.should be_true + delete api("/projects/#{project_fork_target.id}/fork", admin) + response.status.should == 200 + project_fork_target.reload + project_fork_target.forked_from_project.should be_nil + project_fork_target.forked?.should_not be_true + end + + it "should be idempotent if not forked" do + project_fork_target.forked_from_project.should be_nil + delete api("/projects/#{project_fork_target.id}/fork", admin) + response.status.should == 200 + project_fork_target.reload.forked_from_project.should be_nil + end + end + end end -- cgit v1.2.1 From 1da67c2cec044d5bc681361889e9850d2cb69759 Mon Sep 17 00:00:00 2001 From: Kevin Wong Date: Tue, 9 Jul 2013 10:42:35 -0600 Subject: Fix header text for setting greatest team access to a project --- app/views/admin/teams/projects/new.html.haml | 2 +- app/views/projects/teams/available.html.haml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/admin/teams/projects/new.html.haml b/app/views/admin/teams/projects/new.html.haml index dcb3dbbc433..21bf65f9c3d 100644 --- a/app/views/admin/teams/projects/new.html.haml +++ b/app/views/admin/teams/projects/new.html.haml @@ -8,7 +8,7 @@ .input = select_tag :project_ids, options_from_collection_for_select(@projects , :id, :name_with_namespace), multiple: true, data: {placeholder: 'Select projects'}, class: 'chosen span5' - %h6 Choose greatest user acces for your team in this projects: + %h6 Choose greatest user access for your team in these projects: .clearfix = label_tag :greatest_project_access, "Greatest Access" .input diff --git a/app/views/projects/teams/available.html.haml b/app/views/projects/teams/available.html.haml index 29fe8ed25cd..880a02aeaf5 100644 --- a/app/views/projects/teams/available.html.haml +++ b/app/views/projects/teams/available.html.haml @@ -10,7 +10,7 @@ .padded = label_tag :team_id, "Team" .input= select_tag(:team_id, options_from_collection_for_select(@teams, :id, :name), prompt: "Select team", class: "chosen xxlarge", required: true) - %p.slead Choose greatest user acces in team you want to assign: + %p.slead Choose greatest user access for your team in this project: .padded = label_tag :team_ids, "Permission" .input= select_tag :greatest_project_access, options_for_select(UserTeam.access_roles), {class: "project-access-select chosen span3" } -- cgit v1.2.1 From 8dd6af1466079778fb6a91be9a3d32d7d90275a6 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 10 Jul 2013 13:48:03 +0300 Subject: Sanitize user attrs on model level --- Gemfile | 3 +++ Gemfile.lock | 1 + app/controllers/profiles_controller.rb | 15 +-------------- app/models/user.rb | 10 ++++++++++ 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Gemfile b/Gemfile index 089646e110c..03d3f5c1c23 100644 --- a/Gemfile +++ b/Gemfile @@ -118,6 +118,9 @@ gem "d3_rails", "~> 3.1.4" # underscore-rails gem "underscore-rails", "~> 1.4.4" +# Sanitize user input +gem "sanitize" + group :assets do gem "sass-rails" gem "coffee-rails" diff --git a/Gemfile.lock b/Gemfile.lock index d26f4d8a28f..c26eeede69f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -608,6 +608,7 @@ DEPENDENCIES redcarpet (~> 2.2.2) redis-rails rspec-rails + sanitize sass-rails sdoc seed-fu diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index 686edd8af80..6fa635d0e36 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -17,7 +17,7 @@ class ProfilesController < ApplicationController end def update - if @user.update_attributes(user_attributes) + if @user.update_attributes(params[:user]) flash[:notice] = "Profile was successfully updated" else flash[:alert] = "Failed to update profile" @@ -69,19 +69,6 @@ class ProfilesController < ApplicationController @user = current_user end - def user_attributes - user_attributes = params[:user] - - # Sanitize user input because we dont have strict - # validation for this fields - %w(name skype linkedin twitter bio).each do |attr| - value = user_attributes[attr] - user_attributes[attr] = sanitize(strip_tags(value)) if value.present? - end - - user_attributes - end - def authorize_change_password! return render_404 if @user.ldap_user? end diff --git a/app/models/user.rb b/app/models/user.rb index 6de8d2d4c39..ddbdec8acfc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -116,7 +116,10 @@ class User < ActiveRecord::Base validate :namespace_uniq, if: ->(user) { user.username_changed? } before_validation :generate_password, on: :create + before_validation :sanitize_attrs + before_save :ensure_authentication_token + alias_attribute :private_token, :authentication_token delegate :path, to: :namespace, allow_nil: true, prefix: true @@ -371,4 +374,11 @@ class User < ActiveRecord::Base def created_by User.find_by_id(created_by_id) if created_by_id end + + def sanitize_attrs + %w(name username skype linkedin twitter bio).each do |attr| + value = self.send(attr) + self.send("#{attr}=", Sanitize.clean(value)) if value.present? + end + end end -- cgit v1.2.1