Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ee into ce_upstream

aefea581 · Valery Sizov · 85201751 · 4c2d4315 · aefea581 · aefea581
Commit aefea581 authored Oct 25, 2016 by Valery Sizov
10 changed files
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.

+## 8.13.1
+
+  - Fix Elasticsearch::Transport::Transport::Errors::BadRequest when ES is enabled. #21036
+  - Hides multiple board actions if user doesnt have permissions
+
 ## 8.13.0 (2016-10-22)

  - Cache the last usage data to avoid unicorn timeouts

--- a/app/models/concerns/protected_branch_access.rb
+++ b/app/models/concerns/protected_branch_access.rb
@@ -8,6 +8,9 @@ module ProtectedBranchAccess
                            scope: :protected_branch,
                            unless: Proc.new { |access_level| access_level.user_id? || access_level.group_id? },
                            conditions: -> { where(user_id: nil, group_id: nil) }
+
+    scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
+    scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
  end

  def type

--- a/app/models/diff_note.rb
+++ b/app/models/diff_note.rb
 class DiffNote < Note
+  # Elastic search configuration (it does not support STI properly)
+  document_type 'note'
+  index_name [Rails.application.class.parent_name.downcase, Rails.env].join('-')
+  include Elastic::NotesSearch
+
  include NoteOnDiff

  serialize :original_position, Gitlab::Diff::Position

--- a/app/models/legacy_diff_note.rb
+++ b/app/models/legacy_diff_note.rb
 class LegacyDiffNote < Note
+  # Elastic search configuration (it does not support STI properly)
+  document_type 'note'
+  index_name [Rails.application.class.parent_name.downcase, Rails.env].join('-')
+  include Elastic::NotesSearch
+
  include NoteOnDiff

  serialize :st_diff

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -58,6 +58,7 @@ class ProjectPolicy < BasePolicy
    can! :update_issue
    can! :admin_issue
    can! :admin_label
+    can! :admin_board
    can! :admin_list
    can! :read_commit_status
    can! :read_build

--- a/app/services/protected_branches/api_update_service.rb
+++ b/app/services/protected_branches/api_update_service.rb
@@ -12,6 +12,7 @@ module ProtectedBranches

      protected_branch.transaction do
        delete_redundant_access_levels
+        delete_redundant_ee_access_levels

        case @developers_can_push
        when true
@@ -43,5 +44,26 @@ module ProtectedBranches
        @protected_branch.push_access_levels.destroy_all
      end
    end
+
+    # If a protected branch can have more than one access level (EE), only
+    # remove the relevant access levels. If we don't do this, we'll have a
+    # failed validation.
+    def delete_redundant_ee_access_levels
+      case @developers_can_merge
+      when true
+        @protected_branch.merge_access_levels.developer.destroy_all
+      when false
+        @protected_branch.merge_access_levels.developer.destroy_all
+        @protected_branch.merge_access_levels.master.destroy_all
+      end
+
+      case @developers_can_push
+      when true
+        @protected_branch.push_access_levels.developer.destroy_all
+      when false
+        @protected_branch.push_access_levels.developer.destroy_all
+        @protected_branch.push_access_levels.master.destroy_all
+      end
+    end
  end
 end
--- a/app/views/projects/boards/_title.html.haml
+++ b/app/views/projects/boards/_title.html.haml
@@ -23,6 +23,7 @@
              {{ board.name }}
      .dropdown-loading{ "v-if" => "loading" }
        = icon("spin spinner")
+      - if can?(current_user, :admin_board, @project)
        %board-selector-form{ "inline-template" => true,
          "v-if" => "currentPage === 'edit'",
          "type" => "edit",
@@ -48,6 +49,7 @@
            %button.btn.btn-default.pull-right{ type: "button",
              "@click.stop.prevent" => "currentPage = ''" }
              Cancel
+      - if can?(current_user, :admin_board, @project)
        .dropdown-footer{ "v-if" => "currentPage === ''" }
          %ul.dropdown-footer-list
            %li

--- a/spec/features/boards/multiple_boards_spec.rb
+++ b/spec/features/boards/multiple_boards_spec.rb
@@ -10,6 +10,7 @@ describe 'Multiple Issue Boards', feature: true, js: true do
  let!(:board)    { create(:board, project: project) }
  let!(:board2)   { create(:board, project: project) }

+  context 'authorized user' do
    before do
      project.team << [user, :master]

@@ -142,4 +143,22 @@ describe 'Multiple Issue Boards', feature: true, js: true do

      expect(page).to have_selector('.board', count: 2)
    end
+  end
+
+  context 'unauthorized user' do
+    before do
+      visit namespace_project_boards_path(project.namespace, project)
+      wait_for_vue_resource
+    end
+
+    it 'does not show action links' do
+      click_button board.name
+
+      page.within('.boards-title-holder .dropdown-menu') do
+        expect(page).not_to have_content('Create new board')
+        expect(page).not_to have_content('Edit board name')
+        expect(page).not_to have_content('Delete board')
+      end
+    end
+  end
 end
--- a/spec/models/concerns/elastic/note_spec.rb
+++ b/spec/models/concerns/elastic/note_spec.rb
@@ -29,6 +29,24 @@ describe Note, elastic: true do
    expect(described_class.elastic_search('term', options: options).total_count).to eq(1)
  end

+  it "indexes && searches diff notes" do
+    notes = []
+
+    Sidekiq::Testing.inline! do
+      notes << create(:diff_note_on_merge_request, note: "term")
+      notes << create(:diff_note_on_commit, note: "term")
+      notes << create(:legacy_diff_note_on_merge_request, note: "term")
+      notes << create(:legacy_diff_note_on_commit, note: "term")
+
+      Gitlab::Elastic::Helper.refresh_index
+    end
+
+    project_ids = notes.map { |note| note.noteable.project.id }
+    options = { project_ids: project_ids }
+
+    expect(described_class.elastic_search('term', options: options).total_count).to eq(4)
+  end
+
  it "returns json with all needed elements" do
    note = create :note


--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -163,6 +163,19 @@ describe API::API, api: true  do
          expect(json_response['developers_can_merge']).to eq(true)
        end
      end
+
+      context "when no one can push" do
+        let(:protected_branch) { create(:protected_branch, :no_one_can_push, project: project, name: 'protected_branch') }
+
+        it "updates 'developers_can_push' without removing the 'no_one' access level" do
+          put api("/projects/#{project.id}/repository/branches/#{protected_branch.name}/protect", user),
+              developers_can_push: true, developers_can_merge: true
+
+          expect(response).to have_http_status(200)
+          expect(json_response['name']).to eq(protected_branch.name)
+          expect(protected_branch.reload.push_access_levels.pluck(:access_level)).to include(Gitlab::Access::NO_ACCESS)
+        end
+      end
    end

    context "multiple API calls" do