Commit bd4413eb authored by Tiago Botelho's avatar Tiago Botelho

Resolves feedback round requests

parent d77d8964
......@@ -4,10 +4,6 @@ module EE
extend ::Gitlab::Utils::Override
extend ActiveSupport::Concern
prepended do
include SafeMirrorParams
end
def ssh_host_keys
lookup = SshHostKey.new(project: project, url: params[:ssh_url])
......@@ -99,8 +95,6 @@ module EE
def safe_mirror_params
params = mirror_params
params[:mirror_user_id] = current_user.id unless valid_mirror_user?(params)
import_data = params[:import_data_attributes]
if import_data.present?
# Prevent Rails from destroying the existing import data
......
......@@ -9,7 +9,7 @@ module EE
private
def project_params_ee
%i[
attrs = %i[
approvals_before_merge
approver_group_ids
approver_ids
......@@ -19,11 +19,22 @@ module EE
repository_size_limit
reset_approvals_on_push
service_desk_enabled
external_authorization_classification_label
ci_cd_only
]
if allow_mirror_params?
attrs + mirror_params
else
attrs
end
end
def mirror_params
%i[
mirror
mirror_trigger_builds
mirror_user_id
external_authorization_classification_label
ci_cd_only
]
end
......@@ -40,5 +51,13 @@ module EE
def active_new_project_tab
project_params[:ci_cd_only] == 'true' ? 'ci_cd_only' : super
end
def allow_mirror_params?
if @project # rubocop:disable Gitlab/ModuleWithInstanceVariables
can?(current_user, :admin_mirror, @project) # rubocop:disable Gitlab/ModuleWithInstanceVariables
else
::Gitlab::CurrentSettings.current_application_settings.mirror_available || current_user&.admin?
end
end
end
end
......@@ -7,8 +7,8 @@ module EE
override :execute
def execute
limit = params.delete(:repository_size_limit)
mirror = params.delete(:mirror)
mirror_user_id = params.delete(:mirror_user_id)
mirror = ::Gitlab::Utils.to_boolean(params.delete(:mirror))
mirror_user_id = current_user.id if mirror
mirror_trigger_builds = params.delete(:mirror_trigger_builds)
ci_cd_only = ::Gitlab::Utils.to_boolean(params.delete(:ci_cd_only))
......@@ -16,7 +16,7 @@ module EE
# Repository size limit comes as MB from the view
project.repository_size_limit = ::Gitlab::Utils.try_megabytes_to_bytes(limit) if limit
if mirror && project.feature_available?(:repository_mirrors)
if mirror && can?(current_user, :admin_mirror, project)
project.mirror = mirror unless mirror.nil?
project.mirror_trigger_builds = mirror_trigger_builds unless mirror_trigger_builds.nil?
project.mirror_user_id = mirror_user_id
......
......@@ -7,19 +7,16 @@ module EE
override :execute
def execute
unless project.feature_available?(:repository_mirrors)
params.delete(:mirror)
params.delete(:mirror_user_id)
params.delete(:mirror_trigger_builds)
params.delete(:only_mirror_protected_branches)
params.delete(:mirror_overwrites_diverged_branches)
params.delete(:import_data_attributes)
end
should_remove_old_approvers = params.delete(:remove_old_approvers)
wiki_was_enabled = project.wiki_enabled?
limit = params.delete(:repository_size_limit)
unless valid_mirror_user?
project.errors.add(:mirror_user_id, 'is invalid')
return project
end
result = super do
# Repository size limit comes as MB from the view
project.repository_size_limit = ::Gitlab::Utils.try_megabytes_to_bytes(limit) if limit
......@@ -52,6 +49,15 @@ module EE
private
def valid_mirror_user?
return true unless params[:mirror_user_id].present?
mirror_user_id = params[:mirror_user_id].to_i
mirror_user_id == current_user.id ||
mirror_user_id == project.mirror_user&.id
end
def log_audit_events
EE::Audit::ProjectChangesAuditor.new(current_user, project).execute
end
......
......@@ -10,5 +10,3 @@
- if Gitlab::CurrentSettings.should_check_namespace_plan?
.form-text.text-muted
Mirroring will only be available if the feature is included in the plan of the selected group or user.
= f.hidden_field :mirror_user_id, value: current_user.id
---
title: Enables configuration of pull mirroring through API
merge_request: 6485
author:
type: added
......@@ -19,18 +19,10 @@ module EE
expose :repository_storage, if: ->(_project, options) { options[:current_user].try(:admin?) }
expose :approvals_before_merge, if: ->(project, _) { project.feature_available?(:merge_request_approvers) }
expose :mirror, if: ->(project, _) { project.feature_available?(:repository_mirrors) }
expose :mirror_user_id, if: ->(project, _) { mirroring_available? }
expose :mirror_trigger_builds, if: ->(project, _) { mirroring_available? }
expose :only_mirror_protected_branches, if: ->(project, _) { mirroring_available? }
expose :mirror_overwrites_diverged_branches, if: ->(project, _) { mirroring_available? }
private
alias_method :project, :object
def mirroring_available?
project.mirror? && project.feature_available?(:repository_mirrors)
end
expose :mirror_user_id, if: ->(project, _) { project.mirror? }
expose :mirror_trigger_builds, if: ->(project, _) { project.mirror? }
expose :only_mirror_protected_branches, if: ->(project, _) { project.mirror? }
expose :mirror_overwrites_diverged_branches, if: ->(project, _) { project.mirror? }
end
end
......
......@@ -61,20 +61,6 @@ module EE
::Gitlab::CurrentSettings.current_application_settings
.allow_group_owners_to_manage_ldap
end
def mirroring_available?
::Gitlab::CurrentSettings.current_application_settings.mirror_available ||
current_user&.admin?
end
def valid_mirror_user?(mirror_params)
return true unless mirror_params[:mirror_user_id].present?
mirror_user_id = mirror_params[:mirror_user_id].to_i
mirror_user_id == current_user.id ||
mirror_user_id == user_project.mirror_user&.id
end
end
end
end
......@@ -29,31 +29,21 @@ module EE
projects
end
override :verify_create_projects_attrs!
def verify_create_projects_attrs!(attrs)
super
verify_mirror_attrs!(attrs)
if attrs[:mirror]
attrs[:mirror_user_id] = current_user.id
end
end
override :verify_update_project_attrs!
def verify_update_project_attrs!(attrs)
def verify_update_project_attrs!(project, attrs)
super
verify_mirror_attrs!(attrs)
unless valid_mirror_user?(attrs)
render_api_error!("Invalid mirror user", 400)
end
verify_mirror_attrs!(project, attrs)
end
def verify_mirror_attrs!(attrs)
if attrs[:mirror].present? && !mirroring_available?
render_api_error!("Pull mirroring is not available", 403)
def verify_mirror_attrs!(project, attrs)
unless can?(current_user, :admin_mirror, project)
attrs.delete(:mirror)
attrs.delete(:mirror_user_id)
attrs.delete(:mirror_trigger_builds)
attrs.delete(:only_mirror_protected_branches)
attrs.delete(:mirror_overwrites_diverged_branches)
attrs.delete(:import_data_attributes)
end
end
end
......
......@@ -29,7 +29,7 @@ describe Projects::MirrorsController do
end
context 'when trying to create a mirror with the same URL' do
it 'should not setup the mirror' do
it 'does not setup the mirror' do
do_put(project, mirror: true, import_url: remote_mirror.url)
expect(project.reload.mirror).to be_falsey
......@@ -38,7 +38,7 @@ describe Projects::MirrorsController do
end
context 'when trying to create a mirror with a different URL' do
it 'should setup the mirror' do
it 'sets up the mirror' do
do_put(project, mirror: true, mirror_user_id: project.owner.id, import_url: 'http://local.dev')
expect(project.reload.mirror).to eq(true)
......@@ -46,14 +46,14 @@ describe Projects::MirrorsController do
end
context 'mirror user is not the current user' do
it 'should only assign the current user' do
it 'does not setup the mirror' do
new_user = create(:user)
project.add_maintainer(new_user)
do_put(project, mirror: true, mirror_user_id: new_user.id, import_url: 'http://local.dev')
expect(project.reload.mirror).to eq(true)
expect(project.reload.mirror_user.id).to eq(project.owner.id)
expect(project.reload.mirror).to be_falsey
expect(project.reload.import_url).to be_blank
end
end
end
......@@ -185,15 +185,13 @@ describe Projects::MirrorsController do
end
it 'only allows the current user to be the mirror user' do
mirror_user = project.mirror_user
other_user = create(:user)
project.add_maintainer(other_user)
do_put(project, { mirror_user_id: other_user.id }, format: :json)
expect(response).to have_gitlab_http_status(200)
expect(project.mirror_user(true)).to eq(mirror_user)
expect(response).to have_gitlab_http_status(422)
expect(json_response['mirror_user_id'].first).to eq("is invalid")
end
end
......
......@@ -20,7 +20,6 @@ describe ProjectsController do
namespace_id: user.namespace.id,
visibility_level: Gitlab::VisibilityLevel::PUBLIC,
mirror: true,
mirror_user_id: user.id,
mirror_trigger_builds: true
}
end
......
......@@ -50,11 +50,11 @@ describe API::Projects do
stub_ee_application_setting(mirror_available: false)
end
it 'returns a 403' do
it 'ignores the mirroring options' do
post api('/projects', user), mirror_params
expect(response).to have_gitlab_http_status(403)
expect(json_response["message"]).to eq("Pull mirroring is not available")
expect(response).to have_gitlab_http_status(201)
expect(Project.first.mirror?).to be false
end
it 'creates project with mirror settings' do
......@@ -107,11 +107,11 @@ describe API::Projects do
stub_ee_application_setting(mirror_available: false)
end
it 'raises an API error' do
it 'does not update mirror related attributes' do
put(api("/projects/#{project.id}", user), mirror_params)
expect(response).to have_gitlab_http_status(403)
expect(json_response["message"]).to eq("Pull mirroring is not available")
expect(response).to have_gitlab_http_status(200)
expect(project.reload.mirror).to be false
end
it 'updates mirror related attributes when user is admin' do
......@@ -168,7 +168,7 @@ describe API::Projects do
put(api("/projects/#{project.id}", user), mirror_params)
expect(response).to have_gitlab_http_status(400)
expect(json_response["message"]).to eq("Invalid mirror user")
expect(json_response["message"]["mirror_user_id"].first).to eq("is invalid")
end
it 'returns 403 when the user does not have access to mirror settings' do
......
......@@ -85,8 +85,7 @@ describe Projects::CreateService, '#execute' do
context 'with repository mirror' do
before do
opts.merge!(import_url: 'http://foo.com',
mirror: true,
mirror_user_id: user.id)
mirror: true)
end
context 'when licensed' do
......@@ -229,7 +228,6 @@ describe Projects::CreateService, '#execute' do
visibility_level: Gitlab::VisibilityLevel::PRIVATE,
namespace_id: user.namespace.id,
mirror: true,
mirror_user_id: user.id,
mirror_trigger_builds: true
}
......
......@@ -10,58 +10,24 @@ describe Projects::UpdateService, '#execute' do
context 'repository mirror' do
let!(:opts) do
{
}
end
it 'forces an import job' do
opts = {
import_url: 'http://foo.com',
mirror: true,
mirror_user_id: user.id,
mirror_trigger_builds: true
}
end
context 'when licensed' do
before do
stub_licensed_features(repository_mirrors: true)
end
it 'updates the correct attributes' do
update_project(project, user, opts)
updated_project = project.reload
expect(updated_project).to be_valid
expect(updated_project.mirror).to be true
expect(updated_project.mirror_user_id).to eq(user.id)
expect(updated_project.mirror_trigger_builds).to be true
end
it 'forces an import job' do
expect(project).to receive(:force_import_job!).once
update_project(project, user, opts)
end
end
context 'when unlicensed' do
before do
stub_licensed_features(repository_mirrors: false)
end
it 'does not update mirror attributes' do
update_project(project, user, opts)
updated_project = project.reload
expect(updated_project).to be_valid
expect(updated_project.mirror).to be false
expect(updated_project.mirror_user_id).to be_nil
expect(updated_project.mirror_trigger_builds).to be false
end
it 'does not force an import job' do
expect(project).not_to receive(:force_import_job!)
update_project(project, user, opts)
end
end
end
context 'audit events' do
let(:audit_event_params) do
{
......
......@@ -14,6 +14,7 @@ module API
end
params :optional_update_params_ee do
# EE::API::Projects would override this helper
end
# EE::API::Projects would override this method
......@@ -25,10 +26,7 @@ module API
projects
end
def verify_create_projects_attrs!(attrs)
end
def verify_update_project_attrs!(attrs)
def verify_update_project_attrs!(project, attrs)
end
end
......@@ -177,9 +175,6 @@ module API
post do
attrs = declared_params(include_missing: false)
attrs = translate_params_for_compatibility(attrs)
verify_create_projects_attrs!(attrs)
project = ::Projects::CreateService.new(current_user, attrs).execute
if project.saved?
......@@ -212,9 +207,6 @@ module API
attrs = declared_params(include_missing: false)
attrs = translate_params_for_compatibility(attrs)
verify_create_projects_attrs!(attrs)
project = ::Projects::CreateService.new(user, attrs).execute
if project.saved?
......@@ -314,7 +306,7 @@ module API
attrs = translate_params_for_compatibility(attrs)
verify_update_project_attrs!(attrs)
verify_update_project_attrs!(user_project, attrs)
result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment