From 53271b486d296fae2e290d6948a05aeb47dbea89 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Mon, 14 Nov 2016 15:10:35 +0100 Subject: Make chat authorization to work [ci skip] --- lib/api/services.rb | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index fc8598daa32..b4b3bb6e41a 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -1,10 +1,10 @@ module API # Projects API class Services < Grape::API - before { authenticate! } - before { authorize_admin_project } - resource :projects do + before { authenticate! } + before { authorize_admin_project } + # Set service for project # # Example Request: @@ -59,5 +59,28 @@ module API present project_service, with: Entities::ProjectService, include_passwords: current_user.is_admin? end end + + resource :projects do + post ':id/services/:service_slug/trigger' do + project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) + + underscored_service = params[:service_slug].underscore + + not_found!('Service') unless Service.available_services_names.include?(underscored_service) + service_method = "#{underscored_service}_service" + + service = project.public_send(service_method) + + result = if service.try(:active?) && service.respond_to?(:trigger) + service.trigger(params) + end + + if result + present result, status: result[:status] || 200 + else + not_found!('Service') + end + end + end end end -- cgit v1.2.1 From d4def9cbcd664b7067e7f9f4ea8be54463bd1d50 Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Thu, 17 Nov 2016 12:06:45 +0100 Subject: Incorporate feedback, improve presenter class [ci skip] --- lib/api/services.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index b4b3bb6e41a..094fca49c28 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -61,6 +61,10 @@ module API end resource :projects do + + desc 'Trigger a slash command' do + detail 'Added in GitLab 8.13' + end post ':id/services/:service_slug/trigger' do project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) @@ -71,9 +75,7 @@ module API service = project.public_send(service_method) - result = if service.try(:active?) && service.respond_to?(:trigger) - service.trigger(params) - end + result = service.try(:active?) && service.try(:trigger, params) if result present result, status: result[:status] || 200 -- cgit v1.2.1 From 166ee0965bacc20e2ad1187321654499a9b0f825 Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Thu, 17 Nov 2016 21:27:12 +0100 Subject: More refactoring, push present to base command --- lib/api/services.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index 094fca49c28..b0a94508d10 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -61,7 +61,6 @@ module API end resource :projects do - desc 'Trigger a slash command' do detail 'Added in GitLab 8.13' end @@ -78,7 +77,8 @@ module API result = service.try(:active?) && service.try(:trigger, params) if result - present result, status: result[:status] || 200 + status result[:status] || 200 + present result else not_found!('Service') end -- cgit v1.2.1 From 0d04724fa1cd670124b8ad9a3860bfa476c50f99 Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Fri, 18 Nov 2016 10:00:40 +0100 Subject: More coverage on service level --- lib/api/services.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index b0a94508d10..163187d450d 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -67,12 +67,7 @@ module API post ':id/services/:service_slug/trigger' do project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) - underscored_service = params[:service_slug].underscore - - not_found!('Service') unless Service.available_services_names.include?(underscored_service) - service_method = "#{underscored_service}_service" - - service = project.public_send(service_method) + service = service_by_slug(project, params[:service_slug]) result = service.try(:active?) && service.try(:trigger, params) -- cgit v1.2.1 From f749fb7fe0574d07eeb38561b9af62754e518281 Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Fri, 18 Nov 2016 11:38:54 +0100 Subject: Improve style, add more tests --- lib/api/services.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index 163187d450d..e3c6a998631 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -67,7 +67,9 @@ module API post ':id/services/:service_slug/trigger' do project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) - service = service_by_slug(project, params[:service_slug]) + not_found! unless project + + service = project_service(project) result = service.try(:active?) && service.try(:trigger, params) @@ -75,7 +77,7 @@ module API status result[:status] || 200 present result else - not_found!('Service') + not_found! end end end -- cgit v1.2.1 From dd826a5f20837f33263c658e41a4def0fc932069 Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Fri, 18 Nov 2016 12:08:30 +0100 Subject: Return a consistent not found message This prevents leakage of project names on an endpoint which is unauthenticated and thus open to the world. --- lib/api/services.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/api/services.rb') diff --git a/lib/api/services.rb b/lib/api/services.rb index e3c6a998631..4d23499aa39 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -67,7 +67,8 @@ module API post ':id/services/:service_slug/trigger' do project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) - not_found! unless project + # This is not accurate, but done to prevent leakage of the project names + not_found!('Service') unless project service = project_service(project) @@ -77,7 +78,7 @@ module API status result[:status] || 200 present result else - not_found! + not_found!('Service') end end end -- cgit v1.2.1