Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ee into ce_upstream

80b54eeb · Valery Sizov · 68d6a2a2 · 0a6e660b · 80b54eeb · 80b54eeb
Commit 80b54eeb authored Dec 29, 2016 by Valery Sizov
22 changed files
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.
+## 8.15.2 (2016-12-27)
+- No changes.
+- Fix ES search for non-default branches.
 ## 8.15.1 (2016-12-23)
 - Fix 404/500 error while navigating to the 'show/destroy' pages. !993
-## 8.15.0 (2017-01-22)
+## 8.15.0 (2016-12-22)
 - Adds a check ensure only active, ie. non-blocked users can be emailed from the admin panel.
 - Add user activities API.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 8.15.2 (2016-12-27)
+- No changes.
+- Fix mr list timestamp alignment. !8271
+- Fix discussion overlap text in regular screens. !8273
+- Fixes mini-pipeline-graph dropdown animation and stage position in chrome, firefox and safari. !8282
+- Fix line breaking in nodes of the pipeline graph in firefox. !8292
+- Fixes confendential warning text alignment. !8293
+- Hide Scroll Top button for failed build page. !8295
+- Fix finding the latest pipeline. !8301
+- Disable PostgreSQL statement timeouts when removing unneeded services. !8322
+- Fix timeout when MR contains large files marked as binary by .gitattributes.
+- Rename "autodeploy" to "auto deploy".
+- Fixed GFM autocomplete error when no data exists.
+- Fixed resolve discussion note button color.
 ## 8.15.1 (2016-12-23)
 - Push payloads schedule at most 100 commits, instead of all commits.

--- a/app/assets/stylesheets/framework/gitlab-theme.scss
+++ b/app/assets/stylesheets/framework/gitlab-theme.scss
@@ -80,6 +80,9 @@
        }
      }
+      .about-gitlab {
+        color: $color-light;
+      }
    }
  }
 }

--- a/app/assets/stylesheets/framework/sidebar.scss
+++ b/app/assets/stylesheets/framework/sidebar.scss
@@ -101,6 +101,17 @@
    padding: 0 8px;
    border-radius: 6px;
  }
+  .about-gitlab {
+    padding: 7px $gl-sidebar-padding;
+    font-size: $gl-font-size;
+    line-height: 24px;
+    display: block;
+    text-decoration: none;
+    font-weight: normal;
+    position: absolute;
+    bottom: 10px;
+  }
 }
 .sidebar-action-buttons {

--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -96,8 +96,9 @@ module Issuable
    after_save :record_metrics
    def update_assignee_cache_counts
-      # make sure we flush the cache for both the old *and* new assignee
+      # make sure we flush the cache for both the old *and* new assignees(if they exist)
-      User.find(assignee_id_was).update_cache_counts if assignee_id_was
+      previous_assignee = User.find_by_id(assignee_id_was) if assignee_id_was
+      previous_assignee.update_cache_counts if previous_assignee
      assignee.update_cache_counts if assignee
    end

--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -44,14 +44,10 @@ class IssuableBaseService < BaseService
    SystemNoteService.change_time_spent(issuable, issuable.project, current_user)
  end
-  def filter_params(issuable_ability_name = :issue)
+  def filter_params(issuable)
-    filter_assignee
+    ability_name = :"admin_#{issuable.to_ability_name}"
-    filter_milestone
-    filter_labels
-    ability = :"admin_#{issuable_ability_name}"
+    unless can?(current_user, ability_name, project)
-    unless can?(current_user, ability, project)
      params.delete(:milestone_id)
      params.delete(:labels)
      params.delete(:add_label_ids)
@@ -60,14 +56,35 @@ class IssuableBaseService < BaseService
      params.delete(:assignee_id)
      params.delete(:due_date)
    end
+    filter_assignee(issuable)
+    filter_milestone
+    filter_labels
  end
-  def filter_assignee
+  def filter_assignee(issuable)
-    if params[:assignee_id] == IssuableFinder::NONE
+    return unless params[:assignee_id].present?
-      params[:assignee_id] = ''
+    assignee_id = params[:assignee_id]
+    if assignee_id.to_s == IssuableFinder::NONE
+      params[:assignee_id] = ""
+    else
+      params.delete(:assignee_id) unless assignee_can_read?(issuable, assignee_id)
    end
  end
+  def assignee_can_read?(issuable, assignee_id)
+    new_assignee = User.find_by_id(assignee_id)
+    return false unless new_assignee.present?
+    ability_name = :"read_#{issuable.to_ability_name}"
+    resource     = issuable.persisted? ? issuable : project
+    can?(new_assignee, ability_name, resource)
+  end
  def filter_milestone
    milestone_id = params[:milestone_id]
    return unless milestone_id
@@ -146,7 +163,7 @@ class IssuableBaseService < BaseService
  def create(issuable)
    merge_slash_commands_into_params!(issuable)
-    filter_params
+    filter_params(issuable)
    change_time_spent(issuable)
    params.delete(:state_event)
@@ -190,7 +207,7 @@ class IssuableBaseService < BaseService
    change_subscription(issuable)
    change_todo(issuable)
    time_spent = change_time_spent(issuable)
-    filter_params
+    filter_params(issuable)
    old_labels = issuable.labels.to_a
    old_mentioned_users = issuable.mentioned_users.to_a

--- a/app/services/issues/base_service.rb
+++ b/app/services/issues/base_service.rb
@@ -17,10 +17,6 @@ module Issues
    private
-    def filter_params
-      super(:issue)
-    end
    def execute_hooks(issue, action = 'open')
      issue_data  = hook_data(issue, action)
      hooks_scope = issue.confidential? ? :confidential_issue_hooks : :issue_hooks

--- a/app/services/merge_requests/base_service.rb
+++ b/app/services/merge_requests/base_service.rb
@@ -38,10 +38,6 @@ module MergeRequests
    private
-    def filter_params
-      super(:merge_request)
-    end
    def merge_requests_for(branch)
      origin_merge_requests = @project.origin_merge_requests
        .opened.where(source_branch: branch).to_a

--- a/app/views/layouts/nav/_dashboard.html.haml
+++ b/app/views/layouts/nav/_dashboard.html.haml
@@ -35,3 +35,7 @@
      = link_to dashboard_snippets_path, title: 'Snippets' do
        %span
          Snippets
+    = link_to help_path, title: 'About GitLab EE', class: 'about-gitlab' do
+      %span
+        About GitLab EE
--- a/changelogs/unreleased-ee/fix_es_for_non-default-branches.yml
+++ b/changelogs/unreleased-ee/fix_es_for_non-default-branches.yml
---
-title: Fix ES search for non-default branches
-merge_request:
-author:
--- a/changelogs/unreleased-ee/view-ce-vs-ee.yml
+++ b/changelogs/unreleased-ee/view-ce-vs-ee.yml
+---
+title: About GitLab link in sidebar that links to help page
+merge_request: 1008
+author:
--- a/changelogs/unreleased/issue_22664.yml
+++ b/changelogs/unreleased/issue_22664.yml
+---
+title: Check if user can read project before being assigned to issue
+merge_request:
+author:
--- a/lib/api/license.rb
+++ b/lib/api/license.rb
@@ -3,26 +3,22 @@ module API
    before { authenticated_as_admin! }
    resource :license do
-      # Get information on the currently active license
+      desc 'Get information on the currently active license' do
-      #
+        success Entities::License
-      # Example request:
+      end
-      #   GET /license
      get do
        license = ::License.current
        present license, with: Entities::License
      end
-      # Add a new license
+      desc 'Add a new license' do
-      #
+        success Entities::License
-      # Parameters:
+      end
-      #   license (required) - The license text
+      params do
-      #
+        requires :license, type: String, desc: 'The license text'
-      # Example request:
+      end
-      #   POST /license
      post do
-        required_attributes! [:license]
        license = ::License.new(data: params[:license])
        if license.save
          present license, with: Entities::License

--- a/spec/models/concerns/issuable_spec.rb
+++ b/spec/models/concerns/issuable_spec.rb
@@ -44,6 +44,45 @@ describe Issue, "Issuable" do
    it { expect(described_class).to respond_to(:assigned) }
  end
+  describe "before_save" do
+    describe "#update_cache_counts" do
+      context "when previous assignee exists" do
+        before do
+          assignee = create(:user)
+          issue.project.team << [assignee, :developer]
+          issue.update(assignee: assignee)
+        end
+        it "updates cache counts for new assignee" do
+          user = create(:user)
+          expect(user).to receive(:update_cache_counts)
+          issue.update(assignee: user)
+        end
+        it "updates cache counts for previous assignee" do
+          old_assignee = issue.assignee
+          allow(User).to receive(:find_by_id).with(old_assignee.id).and_return(old_assignee)
+          expect(old_assignee).to receive(:update_cache_counts)
+          issue.update(assignee: nil)
+        end
+      end
+      context "when previous assignee does not exist" do
+        before{ issue.update(assignee: nil) }
+        it "updates cache count for the new assignee" do
+          expect_any_instance_of(User).to receive(:update_cache_counts)
+          issue.update(assignee: user)
+        end
+      end
+    end
+  end
  describe ".search" do
    let!(:searchable_issue) { create(:issue, title: "Searchable issue") }

--- a/spec/services/issuable/bulk_update_service_spec.rb
+++ b/spec/services/issuable/bulk_update_service_spec.rb
@@ -52,7 +52,10 @@ describe Issuable::BulkUpdateService, services: true do
    context 'when the new assignee ID is a valid user' do
      it 'succeeds' do
-        result = bulk_update(issue, assignee_id: create(:user).id)
+        new_assignee = create(:user)
+        project.team << [new_assignee, :developer]
+        result = bulk_update(issue, assignee_id: new_assignee.id)
        expect(result[:success]).to be_truthy
        expect(result[:count]).to eq(1)
@@ -60,15 +63,16 @@ describe Issuable::BulkUpdateService, services: true do
      it 'updates the assignee to the use ID passed' do
        assignee = create(:user)
+        project.team << [assignee, :developer]
        expect { bulk_update(issue, assignee_id: assignee.id) }
          .to change { issue.reload.assignee }.from(user).to(assignee)
      end
    end
-    context 'when the new assignee ID is -1' do
+    context "when the new assignee ID is #{IssuableFinder::NONE}" do
-      it 'unassigns the issues' do
+      it "unassigns the issues" do
-        expect { bulk_update(issue, assignee_id: -1) }
+        expect { bulk_update(issue, assignee_id: IssuableFinder::NONE) }
          .to change { issue.reload.assignee }.to(nil)
      end
    end

--- a/spec/services/issues/create_service_spec.rb
+++ b/spec/services/issues/create_service_spec.rb
@@ -135,6 +135,8 @@ describe Issues::CreateService, services: true do
      end
    end
+    it_behaves_like 'issuable create service'
    it_behaves_like 'new issuable record that supports slash commands'
    context 'for a merge request' do

--- a/spec/services/issues/update_service_spec.rb
+++ b/spec/services/issues/update_service_spec.rb
@@ -142,6 +142,17 @@ describe Issues::UpdateService, services: true do
        update_issue(confidential: true)
      end
+      it 'does not update assignee_id with unauthorized users' do
+        project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        update_issue(confidential: true)
+        non_member        = create(:user)
+        original_assignee = issue.assignee
+        update_issue(assignee_id: non_member.id)
+        expect(issue.reload.assignee_id).to eq(original_assignee.id)
+      end
    end
    context 'todos' do

--- a/spec/services/merge_requests/create_service_spec.rb
+++ b/spec/services/merge_requests/create_service_spec.rb
@@ -84,6 +84,8 @@ describe MergeRequests::CreateService, services: true do
      end
    end
+    it_behaves_like 'issuable create service'
    context 'while saving references to issues that the created merge request closes' do
      let(:first_issue) { create(:issue, project: project) }
      let(:second_issue) { create(:issue, project: project) }

--- a/spec/services/notes/slash_commands_service_spec.rb
+++ b/spec/services/notes/slash_commands_service_spec.rb
@@ -5,6 +5,8 @@ describe Notes::SlashCommandsService, services: true do
    let(:project) { create(:empty_project) }
    let(:master) { create(:user).tap { |u| project.team << [u, :master] } }
    let(:assignee) { create(:user) }
+    before { project.team << [assignee, :master] }
  end
  shared_examples 'note on noteable that does not support slash commands' do

--- a/spec/support/services/issuable_create_service_shared_examples.rb
+++ b/spec/support/services/issuable_create_service_shared_examples.rb
+shared_examples 'issuable create service' do
+  context 'asssignee_id' do
+    let(:assignee) { create(:user) }
+    before { project.team << [user, :master] }
+    it 'removes assignee_id when user id is invalid' do
+      opts = { title: 'Title', description: 'Description', assignee_id: -1 }
+      issuable = described_class.new(project, user, opts).execute
+      expect(issuable.assignee_id).to be_nil
+    end
+    it 'removes assignee_id when user id is 0' do
+      opts = { title: 'Title', description: 'Description',  assignee_id: 0 }
+      issuable = described_class.new(project, user, opts).execute
+      expect(issuable.assignee_id).to be_nil
+    end
+    it 'saves assignee when user id is valid' do
+      project.team << [assignee, :master]
+      opts = { title: 'Title', description: 'Description', assignee_id: assignee.id }
+      issuable = described_class.new(project, user, opts).execute
+      expect(issuable.assignee_id).to eq(assignee.id)
+    end
+    context "when issuable feature is private" do
+      before do
+        project.project_feature.update(issues_access_level: ProjectFeature::PRIVATE)
+        project.project_feature.update(merge_requests_access_level: ProjectFeature::PRIVATE)
+      end
+      levels = [Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC]
+      levels.each do |level|
+        it "removes not authorized assignee when project is #{Gitlab::VisibilityLevel.level_name(level)}" do
+          project.update(visibility_level: level)
+          opts = { title: 'Title', description: 'Description', assignee_id: assignee.id }
+          issuable = described_class.new(project, user, opts).execute
+          expect(issuable.assignee_id).to be_nil
+        end
+      end
+    end
+  end
+end
--- a/spec/support/services/issuable_create_service_slash_commands_shared_examples.rb
+++ b/spec/support/services/issuable_create_service_slash_commands_shared_examples.rb
@@ -11,6 +11,8 @@ shared_examples 'new issuable record that supports slash commands' do
  let(:params) { base_params.merge(defined?(default_params) ? default_params : {}).merge(example_params) }
  let(:issuable) { described_class.new(project, user, params).execute }
+  before { project.team << [assignee, :master ] }
  context 'with labels in command only' do
    let(:example_params) do
      {
@@ -55,7 +57,7 @@ shared_examples 'new issuable record that supports slash commands' do
  context 'with assignee and milestone in params and command' do
    let(:example_params) do
      {
-        assignee: build_stubbed(:user),
+        assignee: create(:user),
        milestone_id: double(:milestone),
        description: %(/assign @#{assignee.username}\n/milestone %"#{milestone.name}")
      }

--- a/spec/support/services/issuable_update_service_shared_examples.rb
+++ b/spec/support/services/issuable_update_service_shared_examples.rb
 shared_examples 'issuable update service' do
+  def update_issuable(opts)
+    described_class.new(project, user, opts).execute(open_issuable)
+  end
  context 'changing state' do
    before { expect(project).to receive(:execute_hooks).once }
@@ -14,4 +18,52 @@ shared_examples 'issuable update service' do
      end
    end
  end
+  context 'asssignee_id' do
+    it 'does not update assignee when assignee_id is invalid' do
+      open_issuable.update(assignee_id: user.id)
+      update_issuable(assignee_id: -1)
+      expect(open_issuable.reload.assignee).to eq(user)
+    end
+    it 'unassigns assignee when user id is 0' do
+      open_issuable.update(assignee_id: user.id)
+      update_issuable(assignee_id: 0)
+      expect(open_issuable.assignee_id).to be_nil
+    end
+    it 'saves assignee when user id is valid' do
+      update_issuable(assignee_id: user.id)
+      expect(open_issuable.assignee_id).to eq(user.id)
+    end
+    it 'does not update assignee_id when user cannot read issue' do
+      non_member        = create(:user)
+      original_assignee = open_issuable.assignee
+      update_issuable(assignee_id: non_member.id)
+      expect(open_issuable.assignee_id).to eq(original_assignee.id)
+    end
+    context "when issuable feature is private" do
+      levels = [Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC]
+      levels.each do |level|
+        it "does not update with unauthorized assignee when project is #{Gitlab::VisibilityLevel.level_name(level)}" do
+          assignee = create(:user)
+          project.update(visibility_level: level)
+          feature_visibility_attr = :"#{open_issuable.model_name.plural}_access_level"
+          project.project_feature.update_attribute(feature_visibility_attr, ProjectFeature::PRIVATE)
+          expect{ update_issuable(assignee_id: assignee) }.not_to change{ open_issuable.assignee }
+        end
+      end
+    end
+  end
 end