Commit 7014a737 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '29943-environment-folder' into 'security-9-5'

Do not use `location.pathname` when accessing environments folders

See merge request !2147
parents 54ede0b8 0a1a50d2
...@@ -111,11 +111,11 @@ export default { ...@@ -111,11 +111,11 @@ export default {
}, },
methods: { methods: {
toggleFolder(folder, folderUrl) { toggleFolder(folder) {
this.store.toggleFolder(folder); this.store.toggleFolder(folder);
if (!folder.isOpen) { if (!folder.isOpen) {
this.fetchChildEnvironments(folder, folderUrl, true); this.fetchChildEnvironments(folder, true);
} }
}, },
...@@ -143,10 +143,10 @@ export default { ...@@ -143,10 +143,10 @@ export default {
.catch(this.errorCallback); .catch(this.errorCallback);
}, },
fetchChildEnvironments(folder, folderUrl, showLoader = false) { fetchChildEnvironments(folder, showLoader = false) {
this.store.updateEnvironmentProp(folder, 'isLoadingFolderContent', showLoader); this.store.updateEnvironmentProp(folder, 'isLoadingFolderContent', showLoader);
this.service.getFolderContent(folderUrl) this.service.getFolderContent(folder.folder_path)
.then(resp => resp.json()) .then(resp => resp.json())
.then(response => this.store.setfolderContent(folder, response.environments)) .then(response => this.store.setfolderContent(folder, response.environments))
.then(() => this.store.updateEnvironmentProp(folder, 'isLoadingFolderContent', false)) .then(() => this.store.updateEnvironmentProp(folder, 'isLoadingFolderContent', false))
...@@ -173,12 +173,7 @@ export default { ...@@ -173,12 +173,7 @@ export default {
// We need to verify if any folder is open to also update it // We need to verify if any folder is open to also update it
const openFolders = this.store.getOpenFolders(); const openFolders = this.store.getOpenFolders();
if (openFolders.length) { if (openFolders.length) {
openFolders.forEach((folder) => { openFolders.forEach(folder => this.fetchChildEnvironments(folder));
// TODO - Move this to the backend
const folderUrl = `${window.location.pathname}/folders/${folder.folderName}`;
return this.fetchChildEnvironments(folder, folderUrl);
});
} }
}, },
......
...@@ -410,20 +410,11 @@ export default { ...@@ -410,20 +410,11 @@ export default {
this.hasStopAction || this.hasStopAction ||
this.canRetry; this.canRetry;
}, },
/**
* Constructs folder URL based on the current location and the folder id.
*
* @return {String}
*/
folderUrl() {
return `${window.location.pathname}/folders/${this.model.folderName}`;
},
}, },
methods: { methods: {
onClickFolder() { onClickFolder() {
eventHub.$emit('toggleFolder', this.model, this.folderUrl); eventHub.$emit('toggleFolder', this.model);
}, },
}, },
}; };
......
...@@ -82,12 +82,7 @@ class Environment < ActiveRecord::Base ...@@ -82,12 +82,7 @@ class Environment < ActiveRecord::Base
def set_environment_type def set_environment_type
names = name.split('/') names = name.split('/')
self.environment_type = self.environment_type = names.many? ? names.first : nil
if names.many?
names.first
else
nil
end
end end
def includes_commit?(commit) def includes_commit?(commit)
...@@ -101,7 +96,7 @@ class Environment < ActiveRecord::Base ...@@ -101,7 +96,7 @@ class Environment < ActiveRecord::Base
end end
def update_merge_request_metrics? def update_merge_request_metrics?
(environment_type || name) == "production" folder_name == "production"
end end
def first_deployment_for(commit) def first_deployment_for(commit)
...@@ -223,6 +218,10 @@ class Environment < ActiveRecord::Base ...@@ -223,6 +218,10 @@ class Environment < ActiveRecord::Base
format: :json) format: :json)
end end
def folder_name
self.environment_type || self.name
end
private private
# Slugifying a name may remove the uniqueness guarantee afforded by it being # Slugifying a name may remove the uniqueness guarantee afforded by it being
......
...@@ -26,5 +26,9 @@ class EnvironmentEntity < Grape::Entity ...@@ -26,5 +26,9 @@ class EnvironmentEntity < Grape::Entity
terminal_project_environment_path(environment.project, environment) terminal_project_environment_path(environment.project, environment)
end end
expose :folder_path do |environment|
folder_project_environments_path(environment.project, environment.folder_name)
end
expose :created_at, :updated_at expose :created_at, :updated_at
end end
...@@ -36,9 +36,9 @@ class EnvironmentSerializer < BaseSerializer ...@@ -36,9 +36,9 @@ class EnvironmentSerializer < BaseSerializer
private private
def itemize(resource) def itemize(resource)
items = resource.order('folder_name ASC') items = resource.order('folder ASC')
.group('COALESCE(environment_type, name)') .group('COALESCE(environment_type, name)')
.select('COALESCE(environment_type, name) AS folder_name', .select('COALESCE(environment_type, name) AS folder',
'COUNT(*) AS size', 'MAX(id) AS last_id') 'COUNT(*) AS size', 'MAX(id) AS last_id')
# It makes a difference when you call `paginate` method, because # It makes a difference when you call `paginate` method, because
...@@ -49,7 +49,7 @@ class EnvironmentSerializer < BaseSerializer ...@@ -49,7 +49,7 @@ class EnvironmentSerializer < BaseSerializer
environments = resource.where(id: items.map(&:last_id)).index_by(&:id) environments = resource.where(id: items.map(&:last_id)).index_by(&:id)
items.map do |item| items.map do |item|
Item.new(item.folder_name, item.size, environments[item.last_id]) Item.new(item.folder, item.size, environments[item.last_id])
end end
end end
end end
---
title: Resolve CSRF token leakage via pathname manipulation on environments page
merge_request:
author:
...@@ -54,6 +54,28 @@ describe Environment do ...@@ -54,6 +54,28 @@ describe Environment do
end end
end end
describe '#folder_name' do
context 'when it is inside a folder' do
subject(:environment) do
create(:environment, name: 'staging/review-1')
end
it 'returns a top-level folder name' do
expect(environment.folder_name).to eq 'staging'
end
end
context 'when the environment if a top-level item itself' do
subject(:environment) do
create(:environment, name: 'production')
end
it 'returns an environment name' do
expect(environment.folder_name).to eq 'production'
end
end
end
describe '#nullify_external_url' do describe '#nullify_external_url' do
it 'replaces a blank url with nil' do it 'replaces a blank url with nil' do
env = build(:environment, external_url: "") env = build(:environment, external_url: "")
......
...@@ -16,6 +16,10 @@ describe EnvironmentEntity do ...@@ -16,6 +16,10 @@ describe EnvironmentEntity do
expect(subject).to include(:id, :name, :state, :environment_path) expect(subject).to include(:id, :name, :state, :environment_path)
end end
it 'exposes folder path' do
expect(subject).to include(:folder_path)
end
context 'metrics disabled' do context 'metrics disabled' do
before do before do
allow(environment).to receive(:has_metrics?).and_return(false) allow(environment).to receive(:has_metrics?).and_return(false)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment