From fd88b0ca56b3a4230902f76a7b049228e53e6bb0 Mon Sep 17 00:00:00 2001 From: Tony Rom Date: Thu, 16 Nov 2017 21:10:15 +0300 Subject: Add `pipelines` endpoint to merge requests API --- lib/api/merge_requests.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/api') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index d34886fca2e..77c563ec0b4 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -24,6 +24,12 @@ module API .preload(:notes, :author, :assignee, :milestone, :latest_merge_request_diff, :labels, :timelogs) end + def merge_request_pipelines_with_access(access_level = :read_pipeline) + authorize! access_level, user_project + mr = find_merge_request_with_access(params[:merge_request_iid]) + mr.all_pipelines + end + params :merge_requests_params do optional :state, type: String, values: %w[opened closed merged all], default: 'all', desc: 'Return opened, closed, merged, or all merge requests' @@ -203,6 +209,15 @@ module API present merge_request, with: Entities::MergeRequestChanges, current_user: current_user end + desc 'Get the merge request pipelines' do + success Entities::PipelineBasic + end + get ':id/merge_requests/:merge_request_iid/pipelines' do + pipelines = merge_request_pipelines_with_access + + present paginate(pipelines), with: Entities::PipelineBasic + end + desc 'Update a merge request' do success Entities::MergeRequest end -- cgit v1.2.1 From 2a0a7b426e63dac685654cafb0904e7668ad1fde Mon Sep 17 00:00:00 2001 From: Alexis Reigel Date: Thu, 23 Nov 2017 16:45:00 +0100 Subject: api support for merge_requests_events system hook --- lib/api/entities.rb | 4 ++-- lib/api/system_hooks.rb | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 4ad4a1f7867..d09402b1c1c 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -65,12 +65,12 @@ module API end class Hook < Grape::Entity - expose :id, :url, :created_at, :push_events, :tag_push_events, :repository_update_events + expose :id, :url, :created_at, :push_events, :tag_push_events, :merge_requests_events, :repository_update_events expose :enable_ssl_verification end class ProjectHook < Hook - expose :project_id, :issues_events, :merge_requests_events + expose :project_id, :issues_events expose :note_events, :pipeline_events, :wiki_page_events expose :job_events end diff --git a/lib/api/system_hooks.rb b/lib/api/system_hooks.rb index 6b6a03e3300..c7a460df46a 100644 --- a/lib/api/system_hooks.rb +++ b/lib/api/system_hooks.rb @@ -26,6 +26,7 @@ module API optional :token, type: String, desc: 'The token used to validate payloads' optional :push_events, type: Boolean, desc: "Trigger hook on push events" optional :tag_push_events, type: Boolean, desc: "Trigger hook on tag push events" + optional :merge_requests_events, type: Boolean, desc: "Trigger hook on tag push events" optional :enable_ssl_verification, type: Boolean, desc: "Do SSL verification when triggering the hook" end post do -- cgit v1.2.1 From d0b8f536a1865af3741fc3255325b7e211ed1d42 Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Tue, 2 Jan 2018 17:21:28 +0100 Subject: Remove soft removals related code This removes all usage of soft removals except for the "pending delete" system implemented for projects. This in turn simplifies all the query plans of the models that used soft removals. Since we don't really use soft removals for anything useful there's no point in keeping it around. This _does_ mean that hard removals of issues (which only admins can do if I'm not mistaken) can influence the "iid" values, but that code is broken to begin with. More on this (and how to fix it) can be found in https://gitlab.com/gitlab-org/gitlab-ce/issues/31114. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/37447 --- lib/api/entities.rb | 2 +- lib/api/v3/entities.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index bd0c54a1b04..4b3c26d7c02 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -918,7 +918,7 @@ module API class Trigger < Grape::Entity expose :id expose :token, :description - expose :created_at, :updated_at, :deleted_at, :last_used + expose :created_at, :updated_at, :last_used expose :owner, using: Entities::UserBasic end diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb index c17b6f45ed8..64758dae7d3 100644 --- a/lib/api/v3/entities.rb +++ b/lib/api/v3/entities.rb @@ -207,7 +207,7 @@ module API end class Trigger < Grape::Entity - expose :token, :created_at, :updated_at, :deleted_at, :last_used + expose :token, :created_at, :updated_at, :last_used expose :owner, using: ::API::Entities::UserBasic end -- cgit v1.2.1 From ac86b2043dea8f15cb0670db98c2bf21e1843d4b Mon Sep 17 00:00:00 2001 From: Pablo Carranza Date: Tue, 1 Mar 2016 17:53:01 +0000 Subject: Backport authorized_keys branch 'find-key-by-fingerprint' Add find key by base64 key or fingerprint to the internal API See merge request !250 Squashed changes: Add unique index to fingerprint Add new index to schema Add internal api to get ssh key by fingerprint Change API endpoint to authorized_keys Add InsecureKeyFingerprint that calculates the fingerprint without shelling out Add require for gitlab key fingerprint Remove uniqueness of fingerprint index Remove unique option from migration Fix spec style in fingerprint test Fix rubocop complain Extract insecure key fingerprint to separate file Change migration to support building index concurrently Remove those hideous tabs --- lib/api/internal.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib/api') diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 79b302aae70..8bf53939751 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -81,6 +81,18 @@ module API merge_request_urls end + # + # Get a ssh key using the fingerprint + # + get "/authorized_keys" do + fingerprint = params.fetch(:fingerprint) do + Gitlab::InsecureKeyFingerprint.new(params.fetch(:key)).fingerprint + end + key = Key.find_by(fingerprint: fingerprint) + not_found!("Key") if key.nil? + present key, with: Entities::SSHKey + end + # # Discover user by ssh key or user id # -- cgit v1.2.1 From eaf9088ba8abe8c847a09860b55a86c7ae0d5987 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 6 Jan 2018 00:41:13 -0800 Subject: Save user ID and username in Grape API log (api_json.log) This will enable admins to identify who actually made the API request. Relates to #36960 --- lib/api/api.rb | 3 ++- lib/api/helpers.rb | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/api.rb b/lib/api/api.rb index e0d14281c96..ae161efb358 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -13,7 +13,8 @@ module API formatter: Gitlab::GrapeLogging::Formatters::LogrageWithTimestamp.new, include: [ GrapeLogging::Loggers::FilterParameters.new, - GrapeLogging::Loggers::ClientEnv.new + GrapeLogging::Loggers::ClientEnv.new, + Gitlab::GrapeLogging::Loggers::UserLogger.new ] allow_access_with_scope :api diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index bf388163ec8..d6ce368efd5 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -5,6 +5,7 @@ module API SUDO_HEADER = "HTTP_SUDO".freeze SUDO_PARAM = :sudo + API_USER_ENV = 'gitlab.api.user'.freeze def declared_params(options = {}) options = { include_parent_namespaces: false }.merge(options) @@ -48,10 +49,16 @@ module API validate_access_token!(scopes: scopes_registered_for_endpoint) unless sudo? + save_current_user_in_env(@current_user) if @current_user + @current_user end # rubocop:enable Gitlab/ModuleWithInstanceVariables + def save_current_user_in_env(user) + env[API_USER_ENV] = { user_id: user.id, username: user.username } + end + def sudo? initial_current_user != current_user end -- cgit v1.2.1 From f6c1d382591fd837e96e99ff115b7beb0e6b3f43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francisco=20Javier=20L=C3=B3pez?= Date: Tue, 9 Jan 2018 11:36:12 +0000 Subject: Add option to disable commit stats to commit API --- lib/api/commits.rb | 3 ++- lib/api/entities.rb | 2 +- lib/api/v3/commits.rb | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/api') diff --git a/lib/api/commits.rb b/lib/api/commits.rb index 38e05074353..d8fd6a6eb06 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -82,13 +82,14 @@ module API end params do requires :sha, type: String, desc: 'A commit sha, or the name of a branch or tag' + optional :stats, type: Boolean, default: true, desc: 'Include commit stats' end get ':id/repository/commits/:sha', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do commit = user_project.commit(params[:sha]) not_found! 'Commit' unless commit - present commit, with: Entities::CommitDetail + present commit, with: Entities::CommitDetail, stats: params[:stats] end desc 'Get the diff for a specific commit of a project' do diff --git a/lib/api/entities.rb b/lib/api/entities.rb index bd0c54a1b04..f574858be02 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -278,7 +278,7 @@ module API end class CommitDetail < Commit - expose :stats, using: Entities::CommitStats + expose :stats, using: Entities::CommitStats, if: :stats expose :status expose :last_pipeline, using: 'API::Entities::PipelineBasic' end diff --git a/lib/api/v3/commits.rb b/lib/api/v3/commits.rb index 0ef26aa696a..4f6ea8f502e 100644 --- a/lib/api/v3/commits.rb +++ b/lib/api/v3/commits.rb @@ -71,13 +71,14 @@ module API end params do requires :sha, type: String, desc: 'A commit sha, or the name of a branch or tag' + optional :stats, type: Boolean, default: true, desc: 'Include commit stats' end get ":id/repository/commits/:sha", requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do commit = user_project.commit(params[:sha]) not_found! "Commit" unless commit - present commit, with: ::API::Entities::CommitDetail + present commit, with: ::API::Entities::CommitDetail, stats: params[:stats] end desc 'Get the diff for a specific commit of a project' do -- cgit v1.2.1 From 7ed08fcd5db058500b3092fd94791e9bd8a29bb7 Mon Sep 17 00:00:00 2001 From: Tony Rom Date: Wed, 10 Jan 2018 20:05:34 +0300 Subject: Fix style --- lib/api/merge_requests.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 77c563ec0b4..6ccdacd1067 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -24,8 +24,9 @@ module API .preload(:notes, :author, :assignee, :milestone, :latest_merge_request_diff, :labels, :timelogs) end - def merge_request_pipelines_with_access(access_level = :read_pipeline) - authorize! access_level, user_project + def merge_request_pipelines_with_access + authorize! :read_pipeline, user_project + mr = find_merge_request_with_access(params[:merge_request_iid]) mr.all_pipelines end -- cgit v1.2.1 From 729f05f0e3c4835c91e20ccd1ddb630eb7ef4379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=99=88=20=20jacopo=20beschi=20=F0=9F=99=89?= Date: Thu, 11 Jan 2018 16:34:01 +0000 Subject: Adds Rubocop rule for line break around conditionals --- lib/api/helpers.rb | 1 + lib/api/internal.rb | 1 + lib/api/issues.rb | 1 + lib/api/pipelines.rb | 1 + lib/api/project_snippets.rb | 1 + lib/api/projects.rb | 1 + lib/api/repositories.rb | 1 + lib/api/v3/members.rb | 1 + lib/api/v3/merge_requests.rb | 1 + lib/api/v3/project_snippets.rb | 1 + lib/api/v3/projects.rb | 2 ++ lib/api/v3/repositories.rb | 1 + lib/api/v3/snippets.rb | 1 + 13 files changed, 14 insertions(+) (limited to 'lib/api') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index d6ce368efd5..6134ad2bfc7 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -26,6 +26,7 @@ module API check_unmodified_since!(last_updated) status 204 + if block_given? yield resource else diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 8bf53939751..063f0d6599c 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -103,6 +103,7 @@ module API elsif params[:user_id] user = User.find_by(id: params[:user_id]) end + present user, with: Entities::UserSafe end diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 7aa10631d53..c99fe3ab5b3 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -175,6 +175,7 @@ module API issue = ::Issues::CreateService.new(user_project, current_user, issue_params.merge(request: request, api: true)).execute + if issue.spam? render_api_error!({ error: 'Spam detected' }, 400) end diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index 74b3376a1f3..675c963bae2 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -48,6 +48,7 @@ module API current_user, declared_params(include_missing: false)) .execute(:api, ignore_skip_ci: true, save_on_errors: false) + if new_pipeline.persisted? present new_pipeline, with: Entities::Pipeline else diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 2ccda1c1aa1..5bed58c2d63 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -13,6 +13,7 @@ module API if errors[:project_access].any? error!(errors[:project_access], 422) end + not_found! end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index fa222bf2b1c..653126e79ea 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -154,6 +154,7 @@ module API if project.errors[:limit_reached].present? error!(project.errors[:limit_reached], 403) end + render_validation_error!(project) end end diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 4f36bbd760f..9638c53a1df 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -15,6 +15,7 @@ module API if errors[:project_access].any? error!(errors[:project_access], 422) end + not_found! end diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb index 684860b553e..de226e4e573 100644 --- a/lib/api/v3/members.rb +++ b/lib/api/v3/members.rb @@ -67,6 +67,7 @@ module API unless member member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at]) end + if member.persisted? && member.valid? present member.user, with: ::API::Entities::Member, member: member else diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb index 1d6d823f32b..0a24fea52a3 100644 --- a/lib/api/v3/merge_requests.rb +++ b/lib/api/v3/merge_requests.rb @@ -126,6 +126,7 @@ module API if status == :deprecated detail DEPRECATION_MESSAGE end + success ::API::V3::Entities::MergeRequest end get path do diff --git a/lib/api/v3/project_snippets.rb b/lib/api/v3/project_snippets.rb index c41fee32610..6ba425ba8c7 100644 --- a/lib/api/v3/project_snippets.rb +++ b/lib/api/v3/project_snippets.rb @@ -14,6 +14,7 @@ module API if errors[:project_access].any? error!(errors[:project_access], 422) end + not_found! end diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index 7c260b8d910..446f804124b 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -41,6 +41,7 @@ module API # private or internal, use the more conservative option, private. attrs[:visibility_level] = (publik == true) ? Gitlab::VisibilityLevel::PUBLIC : Gitlab::VisibilityLevel::PRIVATE end + attrs end @@ -201,6 +202,7 @@ module API if project.errors[:limit_reached].present? error!(project.errors[:limit_reached], 403) end + render_validation_error!(project) end end diff --git a/lib/api/v3/repositories.rb b/lib/api/v3/repositories.rb index f9a47101e27..5b54734bb45 100644 --- a/lib/api/v3/repositories.rb +++ b/lib/api/v3/repositories.rb @@ -14,6 +14,7 @@ module API if errors[:project_access].any? error!(errors[:project_access], 422) end + not_found! end end diff --git a/lib/api/v3/snippets.rb b/lib/api/v3/snippets.rb index 126ec72248e..85613c8ed84 100644 --- a/lib/api/v3/snippets.rb +++ b/lib/api/v3/snippets.rb @@ -97,6 +97,7 @@ module API attrs = declared_params(include_missing: false) UpdateSnippetService.new(nil, current_user, snippet, attrs).execute + if snippet.persisted? present snippet, with: ::API::Entities::PersonalSnippet else -- cgit v1.2.1 From c9a1a1552a11a9ff862bf08df7267c553f2e0e99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= Date: Sat, 13 Jan 2018 22:29:29 +0100 Subject: Fix N+1 in v3 builds API The N+1 issue was caused by loading the job_artifacts_archive for each job (build) individually. Including that in the builds AssociationRelation fixed the issue. --- lib/api/v3/builds.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb index fa0bef39602..a256a5720e1 100644 --- a/lib/api/v3/builds.rb +++ b/lib/api/v3/builds.rb @@ -35,8 +35,7 @@ module API get ':id/builds' do builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) - - present paginate(builds), with: ::API::V3::Entities::Build + present paginate(builds.includes(:job_artifacts_archive)), with: ::API::V3::Entities::Build end desc 'Get builds for a specific commit of a project' do -- cgit v1.2.1 From c9840842f181904e7a94946066bb5ca98c1f657a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= Date: Sun, 14 Jan 2018 23:10:51 +0100 Subject: Eager load user, runner, pipeline and its creator --- lib/api/v3/builds.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb index a256a5720e1..7bf7329625c 100644 --- a/lib/api/v3/builds.rb +++ b/lib/api/v3/builds.rb @@ -35,7 +35,9 @@ module API get ':id/builds' do builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) - present paginate(builds.includes(:job_artifacts_archive)), with: ::API::V3::Entities::Build + + builds = builds.includes(:user, :job_artifacts_archive, :runner, pipeline: :project) + present paginate(builds), with: ::API::V3::Entities::Build end desc 'Get builds for a specific commit of a project' do -- cgit v1.2.1 From 87cc03736ccaa91db51e171883ef2e2a05a74360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= Date: Sun, 14 Jan 2018 23:13:18 +0100 Subject: Fix N+1 builds query in Jobs list API --- lib/api/jobs.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/api') diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index a116ab3c9bd..57bad74c105 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -38,6 +38,7 @@ module API builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) + builds = builds.includes(:user, :job_artifacts_archive, :runner, pipeline: :project) present paginate(builds), with: Entities::Job end -- cgit v1.2.1 From b2dcb553160613220734bfd748cba40fa3c07605 Mon Sep 17 00:00:00 2001 From: Serdar Dogruyol Date: Mon, 15 Jan 2018 14:03:39 +0300 Subject: Fix duplication in API::CircuitBreakers --- lib/api/circuit_breakers.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/circuit_breakers.rb b/lib/api/circuit_breakers.rb index 598c76f6168..c13154dc0ec 100644 --- a/lib/api/circuit_breakers.rb +++ b/lib/api/circuit_breakers.rb @@ -17,11 +17,11 @@ module API end def storage_health - @failing_storage_health ||= Gitlab::Git::Storage::Health.for_all_storages + @storage_health ||= Gitlab::Git::Storage::Health.for_all_storages end end - desc 'Get all failing git storages' do + desc 'Get all git storages' do detail 'This feature was introduced in GitLab 9.5' success Entities::RepositoryStorageHealth end -- cgit v1.2.1 From 1b1cc6fb14be2d8c8d24ddd446030d2470bf9527 Mon Sep 17 00:00:00 2001 From: Valery Sizov Date: Mon, 15 Jan 2018 14:24:16 +0200 Subject: [API] Fix creating issue when assignee_id is empty see https://gitlab.com/gitlab-org/gitlab-ce/issues/42025 --- lib/api/helpers/common_helpers.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/helpers/common_helpers.rb b/lib/api/helpers/common_helpers.rb index 322624c6092..9993caa5249 100644 --- a/lib/api/helpers/common_helpers.rb +++ b/lib/api/helpers/common_helpers.rb @@ -3,8 +3,10 @@ module API module CommonHelpers def convert_parameters_from_legacy_format(params) params.tap do |params| - if params[:assignee_id].present? - params[:assignee_ids] = [params.delete(:assignee_id)] + assignee_id = params.delete(:assignee_id) + + if assignee_id.present? + params[:assignee_ids] = [assignee_id] end end end -- cgit v1.2.1 From feb3449709ce4fce62227f67233bc4d061c66ab5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= Date: Mon, 15 Jan 2018 22:04:08 +0100 Subject: Use preload instead of includes to avoid joins --- lib/api/jobs.rb | 2 +- lib/api/v3/builds.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index 57bad74c105..9c205514b3a 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -38,7 +38,7 @@ module API builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) - builds = builds.includes(:user, :job_artifacts_archive, :runner, pipeline: :project) + builds = builds.preload(:user, :job_artifacts_archive, :runner, pipeline: :project) present paginate(builds), with: Entities::Job end diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb index 7bf7329625c..ac76fece931 100644 --- a/lib/api/v3/builds.rb +++ b/lib/api/v3/builds.rb @@ -36,7 +36,7 @@ module API builds = user_project.builds.order('id DESC') builds = filter_builds(builds, params[:scope]) - builds = builds.includes(:user, :job_artifacts_archive, :runner, pipeline: :project) + builds = builds.preload(:user, :job_artifacts_archive, :runner, pipeline: :project) present paginate(builds), with: ::API::V3::Entities::Build end -- cgit v1.2.1 From fa84b98796bb63eea42a8685e4a129433efd353f Mon Sep 17 00:00:00 2001 From: Jacopo Date: Mon, 15 Jan 2018 23:03:43 +0100 Subject: Enables Project Milestone Deletion via API Enables project milestone deletion via DELETE /projects/:id/milestones/:milestone_id --- lib/api/project_milestones.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lib/api') diff --git a/lib/api/project_milestones.rb b/lib/api/project_milestones.rb index 0cb209a02d0..306dc0e63d7 100644 --- a/lib/api/project_milestones.rb +++ b/lib/api/project_milestones.rb @@ -60,6 +60,15 @@ module API update_milestone_for(user_project) end + desc 'Remove a project milestone' + delete ":id/milestones/:milestone_id" do + authorize! :admin_milestone, user_project + + user_project.milestones.find(params[:milestone_id]).destroy + + status(204) + end + desc 'Get all issues for a single project milestone' do success Entities::IssueBasic end -- cgit v1.2.1 From 0424801ec8854167d17c76b68e6ae8c5b5a6a52a Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 6 Jan 2018 06:18:13 +0000 Subject: Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3' Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2281 (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7) 2bcbbda0 Filter out sensitive fields from the project services API --- lib/api/entities.rb | 5 +---- lib/api/services.rb | 2 +- lib/api/v3/entities.rb | 5 +---- lib/api/v3/services.rb | 2 +- 4 files changed, 4 insertions(+), 10 deletions(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index c4ef2c74658..9618d6625bb 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -714,10 +714,7 @@ module API expose :job_events # Expose serialized properties expose :properties do |service, options| - field_names = service.fields - .select { |field| options[:include_passwords] || field[:type] != 'password' } - .map { |field| field[:name] } - service.properties.slice(*field_names) + service.properties.slice(*service.api_field_names) end end diff --git a/lib/api/services.rb b/lib/api/services.rb index a7f44e2869c..51e33e2c686 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -785,7 +785,7 @@ module API service_params = declared_params(include_missing: false).merge(active: true) if service.update_attributes(service_params) - present service, with: Entities::ProjectService, include_passwords: current_user.admin? + present service, with: Entities::ProjectService else render_api_error!('400 Bad Request', 400) end diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb index 64758dae7d3..2ccbb9da1c5 100644 --- a/lib/api/v3/entities.rb +++ b/lib/api/v3/entities.rb @@ -257,10 +257,7 @@ module API expose :job_events, as: :build_events # Expose serialized properties expose :properties do |service, options| - field_names = service.fields - .select { |field| options[:include_passwords] || field[:type] != 'password' } - .map { |field| field[:name] } - service.properties.slice(*field_names) + service.properties.slice(*service.api_field_names) end end diff --git a/lib/api/v3/services.rb b/lib/api/v3/services.rb index 44ed94d2869..20ca1021c71 100644 --- a/lib/api/v3/services.rb +++ b/lib/api/v3/services.rb @@ -622,7 +622,7 @@ module API end get ":id/services/:service_slug" do service = user_project.find_or_initialize_service(params[:service_slug].underscore) - present service, with: Entities::ProjectService, include_passwords: current_user.admin? + present service, with: Entities::ProjectService end end -- cgit v1.2.1 From 536a47b4b70df0f2a8438ed0ada7654593fa5cd0 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 5 Jan 2018 15:23:44 +0000 Subject: Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-3' into 'security-10-3' [10.3] Migrate `can_push` column from `keys` to `deploy_keys_project` See merge request gitlab/gitlabhq!2276 (cherry picked from commit f6ca52d31bac350a23938e0aebf717c767b4710c) 1f2bd3c0 Backport to 10.3 --- lib/api/deploy_keys.rb | 64 +++++++++++++++++++++++++++++++++-------------- lib/api/entities.rb | 7 +++++- lib/api/v3/deploy_keys.rb | 46 ++++++++++++++++++++++++---------- 3 files changed, 84 insertions(+), 33 deletions(-) (limited to 'lib/api') diff --git a/lib/api/deploy_keys.rb b/lib/api/deploy_keys.rb index 281269b1190..a92f17937b8 100644 --- a/lib/api/deploy_keys.rb +++ b/lib/api/deploy_keys.rb @@ -4,6 +4,16 @@ module API before { authenticate! } + helpers do + def add_deploy_keys_project(project, attrs = {}) + project.deploy_keys_projects.create(attrs) + end + + def find_by_deploy_key(project, key_id) + project.deploy_keys_projects.find_by!(deploy_key: key_id) + end + end + desc 'Return all deploy keys' params do use :pagination @@ -21,28 +31,31 @@ module API before { authorize_admin_project } desc "Get a specific project's deploy keys" do - success Entities::SSHKey + success Entities::DeployKeysProject end params do use :pagination end get ":id/deploy_keys" do - present paginate(user_project.deploy_keys), with: Entities::SSHKey + keys = user_project.deploy_keys_projects.preload(:deploy_key) + + present paginate(keys), with: Entities::DeployKeysProject end desc 'Get single deploy key' do - success Entities::SSHKey + success Entities::DeployKeysProject end params do requires :key_id, type: Integer, desc: 'The ID of the deploy key' end get ":id/deploy_keys/:key_id" do - key = user_project.deploy_keys.find params[:key_id] - present key, with: Entities::SSHKey + key = find_by_deploy_key(user_project, params[:key_id]) + + present key, with: Entities::DeployKeysProject end desc 'Add new deploy key to currently authenticated user' do - success Entities::SSHKey + success Entities::DeployKeysProject end params do requires :key, type: String, desc: 'The new deploy key' @@ -53,24 +66,31 @@ module API params[:key].strip! # Check for an existing key joined to this project - key = user_project.deploy_keys.find_by(key: params[:key]) + key = user_project.deploy_keys_projects + .joins(:deploy_key) + .find_by(keys: { key: params[:key] }) + if key - present key, with: Entities::SSHKey + present key, with: Entities::DeployKeysProject break end # Check for available deploy keys in other projects key = current_user.accessible_deploy_keys.find_by(key: params[:key]) if key - user_project.deploy_keys << key - present key, with: Entities::SSHKey + added_key = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push]) + + present added_key, with: Entities::DeployKeysProject break end # Create a new deploy key - key = DeployKey.new(declared_params(include_missing: false)) - if key.valid? && user_project.deploy_keys << key - present key, with: Entities::SSHKey + key_attributes = { can_push: !!params[:can_push], + deploy_key_attributes: declared_params.except(:can_push) } + key = add_deploy_keys_project(user_project, key_attributes) + + if key.valid? + present key, with: Entities::DeployKeysProject else render_validation_error!(key) end @@ -86,14 +106,20 @@ module API at_least_one_of :title, :can_push end put ":id/deploy_keys/:key_id" do - key = DeployKey.find(params.delete(:key_id)) + deploy_keys_project = find_by_deploy_key(user_project, params[:key_id]) - authorize!(:update_deploy_key, key) + authorize!(:update_deploy_key, deploy_keys_project.deploy_key) - if key.update_attributes(declared_params(include_missing: false)) - present key, with: Entities::SSHKey + can_push = params[:can_push].nil? ? deploy_keys_project.can_push : params[:can_push] + title = params[:title] || deploy_keys_project.deploy_key.title + + result = deploy_keys_project.update_attributes(can_push: can_push, + deploy_key_attributes: { id: params[:key_id], + title: title }) + if result + present deploy_keys_project, with: Entities::DeployKeysProject else - render_validation_error!(key) + render_validation_error!(deploy_keys_project) end end @@ -122,7 +148,7 @@ module API requires :key_id, type: Integer, desc: 'The ID of the deploy key' end delete ":id/deploy_keys/:key_id" do - key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id]) + key = user_project.deploy_keys.find(params[:key_id]) not_found!('Deploy Key') unless key destroy_conditionally!(key) diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 9618d6625bb..971cb83a2d9 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -554,13 +554,18 @@ module API end class SSHKey < Grape::Entity - expose :id, :title, :key, :created_at, :can_push + expose :id, :title, :key, :created_at end class SSHKeyWithUser < SSHKey expose :user, using: Entities::UserPublic end + class DeployKeysProject < Grape::Entity + expose :deploy_key, merge: true, using: Entities::SSHKey + expose :can_push + end + class GPGKey < Grape::Entity expose :id, :key, :created_at end diff --git a/lib/api/v3/deploy_keys.rb b/lib/api/v3/deploy_keys.rb index b90e2061da3..47e54ca85a5 100644 --- a/lib/api/v3/deploy_keys.rb +++ b/lib/api/v3/deploy_keys.rb @@ -3,6 +3,16 @@ module API class DeployKeys < Grape::API before { authenticate! } + helpers do + def add_deploy_keys_project(project, attrs = {}) + project.deploy_keys_projects.create(attrs) + end + + def find_by_deploy_key(project, key_id) + project.deploy_keys_projects.find_by!(deploy_key: key_id) + end + end + get "deploy_keys" do authenticated_as_admin! @@ -18,25 +28,28 @@ module API %w(keys deploy_keys).each do |path| desc "Get a specific project's deploy keys" do - success ::API::Entities::SSHKey + success ::API::Entities::DeployKeysProject end get ":id/#{path}" do - present user_project.deploy_keys, with: ::API::Entities::SSHKey + keys = user_project.deploy_keys_projects.preload(:deploy_key) + + present keys, with: ::API::Entities::DeployKeysProject end desc 'Get single deploy key' do - success ::API::Entities::SSHKey + success ::API::Entities::DeployKeysProject end params do requires :key_id, type: Integer, desc: 'The ID of the deploy key' end get ":id/#{path}/:key_id" do - key = user_project.deploy_keys.find params[:key_id] - present key, with: ::API::Entities::SSHKey + key = find_by_deploy_key(user_project, params[:key_id]) + + present key, with: ::API::Entities::DeployKeysProject end desc 'Add new deploy key to currently authenticated user' do - success ::API::Entities::SSHKey + success ::API::Entities::DeployKeysProject end params do requires :key, type: String, desc: 'The new deploy key' @@ -47,24 +60,31 @@ module API params[:key].strip! # Check for an existing key joined to this project - key = user_project.deploy_keys.find_by(key: params[:key]) + key = user_project.deploy_keys_projects + .joins(:deploy_key) + .find_by(keys: { key: params[:key] }) + if key - present key, with: ::API::Entities::SSHKey + present key, with: ::API::Entities::DeployKeysProject break end # Check for available deploy keys in other projects key = current_user.accessible_deploy_keys.find_by(key: params[:key]) if key - user_project.deploy_keys << key - present key, with: ::API::Entities::SSHKey + added_key = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push]) + + present added_key, with: ::API::Entities::DeployKeysProject break end # Create a new deploy key - key = DeployKey.new(declared_params(include_missing: false)) - if key.valid? && user_project.deploy_keys << key - present key, with: ::API::Entities::SSHKey + key_attributes = { can_push: !!params[:can_push], + deploy_key_attributes: declared_params.except(:can_push) } + key = add_deploy_keys_project(user_project, key_attributes) + + if key.valid? + present key, with: ::API::Entities::DeployKeysProject else render_validation_error!(key) end -- cgit v1.2.1 From 310d209b67938acdb1cde3cf5622440bf42c5bc4 Mon Sep 17 00:00:00 2001 From: Jacopo Date: Thu, 11 Jan 2018 17:45:35 +0100 Subject: Adds sorting to deployments API Adds sorting to deployments API through the `order_by` and sort `fields`. --- lib/api/deployments.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb index 1efee9a1324..184fae0eb76 100644 --- a/lib/api/deployments.rb +++ b/lib/api/deployments.rb @@ -15,11 +15,13 @@ module API end params do use :pagination + optional :order_by, type: String, values: %w[id iid created_at ref], default: 'id', desc: 'Return deployments ordered by `id` or `iid` or `created_at` or `ref`' + optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)' end get ':id/deployments' do authorize! :read_deployment, user_project - present paginate(user_project.deployments), with: Entities::Deployment + present paginate(user_project.deployments.order(params[:order_by] => params[:sort])), with: Entities::Deployment end desc 'Gets a specific deployment' do -- cgit v1.2.1 From d1eb3ff594b42d6e9625724119f52d3356045870 Mon Sep 17 00:00:00 2001 From: Oswaldo Ferreira Date: Wed, 17 Jan 2018 11:42:32 -0200 Subject: Make ruby lint happy --- lib/api/deploy_keys.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/api') diff --git a/lib/api/deploy_keys.rb b/lib/api/deploy_keys.rb index a92f17937b8..b0b7b50998f 100644 --- a/lib/api/deploy_keys.rb +++ b/lib/api/deploy_keys.rb @@ -116,6 +116,7 @@ module API result = deploy_keys_project.update_attributes(can_push: can_push, deploy_key_attributes: { id: params[:key_id], title: title }) + if result present deploy_keys_project, with: Entities::DeployKeysProject else -- cgit v1.2.1 From 1a3bcc76ea14dda52447a517122117942914ecac Mon Sep 17 00:00:00 2001 From: Nick Thomas Date: Wed, 17 Jan 2018 14:30:07 +0000 Subject: Fix the user-agent detail API endpoint for project snippets --- lib/api/project_snippets.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 5bed58c2d63..39c03c40bab 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -143,7 +143,7 @@ module API get ":id/snippets/:snippet_id/user_agent_detail" do authenticated_as_admin! - snippet = Snippet.find_by!(id: params[:id]) + snippet = Snippet.find_by!(id: params[:snippet_id], project_id: params[:id]) return not_found!('UserAgentDetail') unless snippet.user_agent_detail -- cgit v1.2.1 From 795e546b1c3c2433c046ffa517c0569a6c9ccdd0 Mon Sep 17 00:00:00 2001 From: Jan Christophersen Date: Fri, 19 Jan 2018 07:33:58 +0000 Subject: Resolve "Projects API: filter 'with_issues_enabled=true' returns projects with 'issues_enabled=false'" --- lib/api/projects.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 653126e79ea..8b5e4f8edcc 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -76,9 +76,9 @@ module API def present_projects(projects, options = {}) projects = reorder_projects(projects) - projects = projects.with_statistics if params[:statistics] - projects = projects.with_issues_enabled if params[:with_issues_enabled] + projects = projects.with_issues_available_for_user(current_user) if params[:with_issues_enabled] projects = projects.with_merge_requests_enabled if params[:with_merge_requests_enabled] + projects = projects.with_statistics if params[:statistics] projects = paginate(projects) if current_user -- cgit v1.2.1 From 5a160b05eda88728543a0a74a174fa5883877171 Mon Sep 17 00:00:00 2001 From: Mark Fletcher Date: Fri, 19 Jan 2018 20:07:44 +0000 Subject: Fix protected branches API to accept name parameter with dot --- lib/api/protected_branches.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb index 614822509f0..c15c487deb4 100644 --- a/lib/api/protected_branches.rb +++ b/lib/api/protected_branches.rb @@ -2,7 +2,7 @@ module API class ProtectedBranches < Grape::API include PaginationParams - BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX) + BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(name: API::NO_SLASH_URL_PART_REGEX) before { authorize_admin_project } -- cgit v1.2.1 From 062f5b7126978e08522361e879d7c1723b15c9da Mon Sep 17 00:00:00 2001 From: Mark Fletcher Date: Thu, 4 Jan 2018 16:35:44 +0000 Subject: Fix error on empty query for Members API --- lib/api/members.rb | 2 +- lib/api/v3/members.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/api') diff --git a/lib/api/members.rb b/lib/api/members.rb index 5446f6b54b1..130c6d6da71 100644 --- a/lib/api/members.rb +++ b/lib/api/members.rb @@ -22,7 +22,7 @@ module API source = find_source(source_type, params[:id]) users = source.users - users = users.merge(User.search(params[:query])) if params[:query] + users = users.merge(User.search(params[:query])) if params[:query].present? present paginate(users), with: Entities::Member, source: source end diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb index de226e4e573..46145cac7a5 100644 --- a/lib/api/v3/members.rb +++ b/lib/api/v3/members.rb @@ -23,7 +23,7 @@ module API source = find_source(source_type, params[:id]) users = source.users - users = users.merge(User.search(params[:query])) if params[:query] + users = users.merge(User.search(params[:query])) if params[:query].present? present paginate(users), with: ::API::Entities::Member, source: source end -- cgit v1.2.1 From 583cff8d61f297fd12daabbd92adc4c05052519c Mon Sep 17 00:00:00 2001 From: "Jacob Vosmaer (GitLab)" Date: Mon, 22 Jan 2018 16:51:47 +0000 Subject: Default to Gitaly for 'git push' HTTP/SSH, and make Gitaly mandatory for SSH pull --- lib/api/helpers/internal_helpers.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'lib/api') diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb index eff1c5b70ea..eb67de81a0d 100644 --- a/lib/api/helpers/internal_helpers.rb +++ b/lib/api/helpers/internal_helpers.rb @@ -1,11 +1,6 @@ module API module Helpers module InternalHelpers - SSH_GITALY_FEATURES = { - 'git-receive-pack' => [:ssh_receive_pack, Gitlab::GitalyClient::MigrationStatus::OPT_IN], - 'git-upload-pack' => [:ssh_upload_pack, Gitlab::GitalyClient::MigrationStatus::OPT_OUT] - }.freeze - attr_reader :redirected_path def wiki? @@ -102,8 +97,14 @@ module API # Return the Gitaly Address if it is enabled def gitaly_payload(action) - feature, status = SSH_GITALY_FEATURES[action] - return unless feature && Gitlab::GitalyClient.feature_enabled?(feature, status: status) + return unless %w[git-receive-pack git-upload-pack].include?(action) + + if action == 'git-receive-pack' + return unless Gitlab::GitalyClient.feature_enabled?( + :ssh_receive_pack, + status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT + ) + end { repository: repository.gitaly_repository, -- cgit v1.2.1 From dc84313e73da8454cd043dbd235a2b552658d8ae Mon Sep 17 00:00:00 2001 From: Oswaldo Ferreira Date: Tue, 23 Jan 2018 19:08:10 -0200 Subject: Return more consistent values for merge_status on MR API --- lib/api/entities.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 3f4b62dc1b2..6af379451a6 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -507,7 +507,16 @@ module API expose :work_in_progress?, as: :work_in_progress expose :milestone, using: Entities::Milestone expose :merge_when_pipeline_succeeds - expose :merge_status + + # Ideally we should deprecate `MergeRequest#merge_status` exposure and + # use `MergeRequest#mergeable?` instead (boolean). + # See https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 for more + # information. + expose :merge_status do |merge_request| + # In order to avoid having a breaking change for users, we keep returning the + # expected values from MergeRequest#merge_status state machine. + merge_request.mergeable? ? 'can_be_merged' : 'cannot_be_merged' + end expose :diff_head_sha, as: :sha expose :merge_commit_sha expose :user_notes_count -- cgit v1.2.1 From 090ca9c33e4c1939366e66c328af6dd61bf1db1d Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Tue, 23 Jan 2018 12:03:15 +0100 Subject: Use limit for search count queries Search query is especially slow if a user searches a generic string which matches many records, in such case search can take tens of seconds or time out. To speed up the search query, we search only for first 1000 records, if there is >1000 matching records we just display "1000+" instead of precise total count supposing that with such amount the exact count is not so important for the user. Because for issues even limited search was not fast enough, 2-phase approach is used for issues: first we use simpler/faster query to get all public issues, if this exceeds the limit, we just return the limit. If the amount of matching results is lower than limit, we re-run more complex search query (which includes also confidential issues). Re-running the complex query should be fast enough in such case because the amount of matching issues is lower than limit. Because exact total_count is now limited, this patch also switches to to "prev/next" pagination. Related #40540 --- lib/api/v3/projects.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index 446f804124b..a7f0813bf74 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -175,7 +175,7 @@ module API end get "/search/:query", requirements: { query: /[^\/]+/ } do search_service = Search::GlobalService.new(current_user, search: params[:query]).execute - projects = search_service.objects('projects', params[:page]) + projects = search_service.objects('projects', params[:page], false) projects = projects.reorder(params[:order_by] => params[:sort]) present paginate(projects), with: ::API::V3::Entities::Project -- cgit v1.2.1 From 81bbcfacb0adfa32b15b044bfb997aca7bed69fb Mon Sep 17 00:00:00 2001 From: Nicolas MERELLI Date: Wed, 4 Jan 2017 23:07:49 +0100 Subject: Add application create API --- lib/api/api.rb | 1 + lib/api/applications.rb | 26 ++++++++++++++++++++++++++ lib/api/entities.rb | 6 ++++++ 3 files changed, 33 insertions(+) create mode 100644 lib/api/applications.rb (limited to 'lib/api') diff --git a/lib/api/api.rb b/lib/api/api.rb index ae161efb358..f3f64244589 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -106,6 +106,7 @@ module API # Keep in alphabetical order mount ::API::AccessRequests + mount ::API::Applications mount ::API::AwardEmoji mount ::API::Boards mount ::API::Branches diff --git a/lib/api/applications.rb b/lib/api/applications.rb new file mode 100644 index 00000000000..063f8efab97 --- /dev/null +++ b/lib/api/applications.rb @@ -0,0 +1,26 @@ +module API + # External applications API + class Applications < Grape::API + before { authenticated_as_admin! } + + resource :applications do + desc 'Create a new application' do + success Entities::Application + end + params do + requires :name, type: String, desc: 'Application name' + requires :redirect_uri, type: String, desc: 'Application redirect URI' + requires :scopes, type: String, desc: 'Application scopes' + end + post do + application = Doorkeeper::Application.new(declared_params) + + if application.save + present application, with: Entities::Application + else + render_validation_error! application + end + end + end + end +end diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 3f4b62dc1b2..cfe9a8704bc 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -1157,5 +1157,11 @@ module API pages_domain end end + + class Application < Grape::Entity + expose :uid, as: :application_id + expose :secret + expose :redirect_uri, as: :callback_url + end end end -- cgit v1.2.1 From d38faa30ed6fb79964b25fce843cb57db1bdb198 Mon Sep 17 00:00:00 2001 From: Toon Claes Date: Tue, 23 Jan 2018 10:50:10 +0100 Subject: Add documentation about when the application API was added --- lib/api/applications.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/api') diff --git a/lib/api/applications.rb b/lib/api/applications.rb index 063f8efab97..142ba73a53d 100644 --- a/lib/api/applications.rb +++ b/lib/api/applications.rb @@ -5,6 +5,7 @@ module API resource :applications do desc 'Create a new application' do + detail 'This feature was introduced in GitLab 10.5' success Entities::Application end params do -- cgit v1.2.1 From 45b62dfd324318959ff6fa37f9d3f8a1a95b4aa7 Mon Sep 17 00:00:00 2001 From: Toon Claes Date: Wed, 24 Jan 2018 09:44:07 +0100 Subject: Make the exposing of the Application secret more explicit To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation). --- lib/api/applications.rb | 4 ++-- lib/api/entities.rb | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/api') diff --git a/lib/api/applications.rb b/lib/api/applications.rb index 142ba73a53d..b122cdefe4e 100644 --- a/lib/api/applications.rb +++ b/lib/api/applications.rb @@ -6,7 +6,7 @@ module API resource :applications do desc 'Create a new application' do detail 'This feature was introduced in GitLab 10.5' - success Entities::Application + success Entities::ApplicationWithSecret end params do requires :name, type: String, desc: 'Application name' @@ -17,7 +17,7 @@ module API application = Doorkeeper::Application.new(declared_params) if application.save - present application, with: Entities::Application + present application, with: Entities::ApplicationWithSecret else render_validation_error! application end diff --git a/lib/api/entities.rb b/lib/api/entities.rb index cfe9a8704bc..7b9a80a234b 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -1160,8 +1160,12 @@ module API class Application < Grape::Entity expose :uid, as: :application_id - expose :secret expose :redirect_uri, as: :callback_url end + + # Use with care, this exposes the secret + class ApplicationWithSecret < Application + expose :secret + end end end -- cgit v1.2.1 From 1db2f22b15c08c96f02796bb64715d184793ffa3 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Thu, 25 Jan 2018 11:12:14 +0000 Subject: Revert "Merge branch 'osw-updates-merge-status-on-api-actions' into 'master'" This reverts merge request !16626 --- lib/api/entities.rb | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 5b470bd3479..7b9a80a234b 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -507,16 +507,7 @@ module API expose :work_in_progress?, as: :work_in_progress expose :milestone, using: Entities::Milestone expose :merge_when_pipeline_succeeds - - # Ideally we should deprecate `MergeRequest#merge_status` exposure and - # use `MergeRequest#mergeable?` instead (boolean). - # See https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 for more - # information. - expose :merge_status do |merge_request| - # In order to avoid having a breaking change for users, we keep returning the - # expected values from MergeRequest#merge_status state machine. - merge_request.mergeable? ? 'can_be_merged' : 'cannot_be_merged' - end + expose :merge_status expose :diff_head_sha, as: :sha expose :merge_commit_sha expose :user_notes_count -- cgit v1.2.1 From 2944896466ea89a334556c19c82b5403ab6b9f32 Mon Sep 17 00:00:00 2001 From: Oswaldo Ferreira Date: Tue, 23 Jan 2018 19:08:10 -0200 Subject: Return more consistent values for merge_status on MR API --- lib/api/entities.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 7b9a80a234b..ac5b6e518fd 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -507,7 +507,14 @@ module API expose :work_in_progress?, as: :work_in_progress expose :milestone, using: Entities::Milestone expose :merge_when_pipeline_succeeds - expose :merge_status + + # Ideally we should deprecate `MergeRequest#merge_status` exposure and + # use `MergeRequest#mergeable?` instead (boolean). + # See https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 for more + # information. + expose :merge_status do |merge_request| + merge_request.tap(&:check_if_can_be_merged).merge_status + end expose :diff_head_sha, as: :sha expose :merge_commit_sha expose :user_notes_count -- cgit v1.2.1 From 395e500f0143258c956f11e09dda676d7ed2b554 Mon Sep 17 00:00:00 2001 From: Oswaldo Ferreira Date: Mon, 29 Jan 2018 16:29:25 -0200 Subject: Remove tap and use simplified method call --- lib/api/entities.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/api') diff --git a/lib/api/entities.rb b/lib/api/entities.rb index ac5b6e518fd..cb222697f32 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -513,7 +513,8 @@ module API # See https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 for more # information. expose :merge_status do |merge_request| - merge_request.tap(&:check_if_can_be_merged).merge_status + merge_request.check_if_can_be_merged + merge_request.merge_status end expose :diff_head_sha, as: :sha expose :merge_commit_sha -- cgit v1.2.1 From 46a6edc7314ce8acab5d8ce04799bd3557bc26bc Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 26 Jan 2018 22:16:56 -0800 Subject: Remove N+1 queries with /projects/:project_id/{access_requests,members} API endpoints We can simplify the code quite a bit and improve performance by using grape-entity merge fields: https://github.com/ruby-grape/grape-entity/tree/v0.6.0#merge-fields Relates to #42030 --- lib/api/access_requests.rb | 6 +++--- lib/api/entities.rb | 21 +++++++-------------- lib/api/members.rb | 13 +++++++------ lib/api/v3/members.rb | 15 ++++++++------- 4 files changed, 25 insertions(+), 30 deletions(-) (limited to 'lib/api') diff --git a/lib/api/access_requests.rb b/lib/api/access_requests.rb index 374b611f55e..60ae5e6b9a2 100644 --- a/lib/api/access_requests.rb +++ b/lib/api/access_requests.rb @@ -24,7 +24,7 @@ module API access_requesters = AccessRequestsFinder.new(source).execute!(current_user) access_requesters = paginate(access_requesters.includes(:user)) - present access_requesters.map(&:user), with: Entities::AccessRequester, source: source + present access_requesters, with: Entities::AccessRequester end desc "Requests access for the authenticated user to a #{source_type}." do @@ -36,7 +36,7 @@ module API access_requester = source.request_access(current_user) if access_requester.persisted? - present access_requester.user, with: Entities::AccessRequester, access_requester: access_requester + present access_requester, with: Entities::AccessRequester else render_validation_error!(access_requester) end @@ -56,7 +56,7 @@ module API member = ::Members::ApproveAccessRequestService.new(source, current_user, declared_params).execute status :created - present member.user, with: Entities::Member, member: member + present member, with: Entities::Member end desc 'Denies an access request for the given user.' do diff --git a/lib/api/entities.rb b/lib/api/entities.rb index cb222697f32..e13463ec66b 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -205,22 +205,15 @@ module API expose :build_artifacts_size, as: :job_artifacts_size end - class Member < UserBasic - expose :access_level do |user, options| - member = options[:member] || options[:source].members.find_by(user_id: user.id) - member.access_level - end - expose :expires_at do |user, options| - member = options[:member] || options[:source].members.find_by(user_id: user.id) - member.expires_at - end + class Member < Grape::Entity + expose :user, merge: true, using: UserBasic + expose :access_level + expose :expires_at end - class AccessRequester < UserBasic - expose :requested_at do |user, options| - access_requester = options[:access_requester] || options[:source].requesters.find_by(user_id: user.id) - access_requester.requested_at - end + class AccessRequester < Grape::Entity + expose :user, merge: true, using: UserBasic + expose :requested_at end class Group < Grape::Entity diff --git a/lib/api/members.rb b/lib/api/members.rb index 130c6d6da71..bc1de37284a 100644 --- a/lib/api/members.rb +++ b/lib/api/members.rb @@ -21,10 +21,11 @@ module API get ":id/members" do source = find_source(source_type, params[:id]) - users = source.users - users = users.merge(User.search(params[:query])) if params[:query].present? + members = source.members.where.not(user_id: nil).includes(:user) + members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present? + members = paginate(members) - present paginate(users), with: Entities::Member, source: source + present members, with: Entities::Member end desc 'Gets a member of a group or project.' do @@ -39,7 +40,7 @@ module API members = source.members member = members.find_by!(user_id: params[:user_id]) - present member.user, with: Entities::Member, member: member + present member, with: Entities::Member end desc 'Adds a member to a group or project.' do @@ -62,7 +63,7 @@ module API if !member not_allowed! # This currently can only be reached in EE elsif member.persisted? && member.valid? - present member.user, with: Entities::Member, member: member + present member, with: Entities::Member else render_validation_error!(member) end @@ -83,7 +84,7 @@ module API member = source.members.find_by!(user_id: params.delete(:user_id)) if member.update_attributes(declared_params(include_missing: false)) - present member.user, with: Entities::Member, member: member + present member, with: Entities::Member else render_validation_error!(member) end diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb index 46145cac7a5..d7bde8ceb89 100644 --- a/lib/api/v3/members.rb +++ b/lib/api/v3/members.rb @@ -22,10 +22,11 @@ module API get ":id/members" do source = find_source(source_type, params[:id]) - users = source.users - users = users.merge(User.search(params[:query])) if params[:query].present? + members = source.members.where.not(user_id: nil).includes(:user) + members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present? + members = paginate(members) - present paginate(users), with: ::API::Entities::Member, source: source + present members, with: ::API::Entities::Member end desc 'Gets a member of a group or project.' do @@ -40,7 +41,7 @@ module API members = source.members member = members.find_by!(user_id: params[:user_id]) - present member.user, with: ::API::Entities::Member, member: member + present member, with: ::API::Entities::Member end desc 'Adds a member to a group or project.' do @@ -69,7 +70,7 @@ module API end if member.persisted? && member.valid? - present member.user, with: ::API::Entities::Member, member: member + present member, with: ::API::Entities::Member else # This is to ensure back-compatibility but 400 behavior should be used # for all validation errors in 9.0! @@ -93,7 +94,7 @@ module API member = source.members.find_by!(user_id: params.delete(:user_id)) if member.update_attributes(declared_params(include_missing: false)) - present member.user, with: ::API::Entities::Member, member: member + present member, with: ::API::Entities::Member else # This is to ensure back-compatibility but 400 behavior should be used # for all validation errors in 9.0! @@ -125,7 +126,7 @@ module API else ::Members::DestroyService.new(source, current_user, declared_params).execute - present member.user, with: ::API::Entities::Member, member: member + present member, with: ::API::Entities::Member end end end -- cgit v1.2.1 From 2b6307f6ad9d09156c42befe4babbfea40dad052 Mon Sep 17 00:00:00 2001 From: Takuya Noguchi Date: Sat, 27 Jan 2018 14:35:53 +0900 Subject: Enable RuboCop Style/RegexpLiteral --- lib/api/templates.rb | 8 ++++---- lib/api/v3/projects.rb | 2 +- lib/api/v3/templates.rb | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/api') diff --git a/lib/api/templates.rb b/lib/api/templates.rb index 6550b331fb8..41862768a3f 100644 --- a/lib/api/templates.rb +++ b/lib/api/templates.rb @@ -17,15 +17,15 @@ module API } }.freeze PROJECT_TEMPLATE_REGEX = - /[\<\{\[] + %r{[\<\{\[] (project|description| one\sline\s.+\swhat\sit\sdoes\.) # matching the start and end is enough here - [\>\}\]]/xi.freeze + [\>\}\]]}xi.freeze YEAR_TEMPLATE_REGEX = /[<{\[](year|yyyy)[>}\]]/i.freeze FULLNAME_TEMPLATE_REGEX = - /[\<\{\[] + %r{[\<\{\[] (fullname|name\sof\s(author|copyright\sowner)) - [\>\}\]]/xi.freeze + [\>\}\]]}xi.freeze helpers do def parsed_license_template diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb index a7f0813bf74..c856ba99f09 100644 --- a/lib/api/v3/projects.rb +++ b/lib/api/v3/projects.rb @@ -173,7 +173,7 @@ module API use :sort_params use :pagination end - get "/search/:query", requirements: { query: /[^\/]+/ } do + get "/search/:query", requirements: { query: %r{[^/]+} } do search_service = Search::GlobalService.new(current_user, search: params[:query]).execute projects = search_service.objects('projects', params[:page], false) projects = projects.reorder(params[:order_by] => params[:sort]) diff --git a/lib/api/v3/templates.rb b/lib/api/v3/templates.rb index 7298203df10..b82b02b5f49 100644 --- a/lib/api/v3/templates.rb +++ b/lib/api/v3/templates.rb @@ -16,15 +16,15 @@ module API } }.freeze PROJECT_TEMPLATE_REGEX = - /[\<\{\[] + %r{[\<\{\[] (project|description| one\sline\s.+\swhat\sit\sdoes\.) # matching the start and end is enough here - [\>\}\]]/xi.freeze + [\>\}\]]}xi.freeze YEAR_TEMPLATE_REGEX = /[<{\[](year|yyyy)[>}\]]/i.freeze FULLNAME_TEMPLATE_REGEX = - /[\<\{\[] + %r{[\<\{\[] (fullname|name\sof\s(author|copyright\sowner)) - [\>\}\]]/xi.freeze + [\>\}\]]}xi.freeze DEPRECATION_MESSAGE = ' This endpoint is deprecated and has been removed in V4.'.freeze helpers do -- cgit v1.2.1 From 2057a6acdee7c1f6824ff6289b0d979e8cb15f35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mica=C3=ABl=20Bergeron?= Date: Mon, 29 Jan 2018 12:57:34 -0500 Subject: port of 594e6a0a625^..f74c90f68c6 --- lib/api/runner.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/api') diff --git a/lib/api/runner.rb b/lib/api/runner.rb index 80feb629d54..1f80646a2ea 100644 --- a/lib/api/runner.rb +++ b/lib/api/runner.rb @@ -215,9 +215,9 @@ module API job = authenticate_job! forbidden!('Job is not running!') unless job.running? - artifacts_upload_path = JobArtifactUploader.artifacts_upload_path - artifacts = uploaded_file(:file, artifacts_upload_path) - metadata = uploaded_file(:metadata, artifacts_upload_path) + workhorse_upload_path = JobArtifactUploader.workhorse_upload_path + artifacts = uploaded_file(:file, workhorse_upload_path) + metadata = uploaded_file(:metadata, workhorse_upload_path) bad_request!('Missing artifacts file!') unless artifacts file_to_large! unless artifacts.size < max_artifacts_size -- cgit v1.2.1 From 8af23def1d6450420d06b8de54d23311a978de20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20Trzci=C5=84ski?= Date: Wed, 28 Feb 2018 21:09:34 +0100 Subject: Revert "Merge branch '3867-port-to-ce' into 'master'" This reverts commit 54a575f1bbba44573ab92dc58a4242f1ee734c5d, reversing changes made to c63af942e5baf7849a94fa99da8494bcba28e3f8. --- lib/api/runner.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/api') diff --git a/lib/api/runner.rb b/lib/api/runner.rb index 1f80646a2ea..80feb629d54 100644 --- a/lib/api/runner.rb +++ b/lib/api/runner.rb @@ -215,9 +215,9 @@ module API job = authenticate_job! forbidden!('Job is not running!') unless job.running? - workhorse_upload_path = JobArtifactUploader.workhorse_upload_path - artifacts = uploaded_file(:file, workhorse_upload_path) - metadata = uploaded_file(:metadata, workhorse_upload_path) + artifacts_upload_path = JobArtifactUploader.artifacts_upload_path + artifacts = uploaded_file(:file, artifacts_upload_path) + metadata = uploaded_file(:metadata, artifacts_upload_path) bad_request!('Missing artifacts file!') unless artifacts file_to_large! unless artifacts.size < max_artifacts_size -- cgit v1.2.1