Skip to content

WIP: Secret personal snippets

Ash McKenzie requested to merge 13235-secret-snippets into master

What does this MR do?

This MR adds support for a new visibility level for Snippets called Secret. A Secret Snippet can be viewed by anyone with the correct URL. Secret Snippets are not search-able.

The core mechanism for making a Snippet Secret vs. Public is via the introduction of the ?secret=<unique secret> query param which is stored in the snippets table in the secret_word attribute. Snippet#secret_word is populated via the before_save AR hook and currently uses SecureRandom.hex.

Because ?secret=<unique secret> needs to be provided in order to view a Secret Snippet, it should also be fairly easy to re-generate <unique secret> (perhaps via a button within Snippet edit mode). This ability allows existing URL's containing ?secret=<original unique secret> to be rendered invalid and offers some ability to the author to reset / reduce exposure should they need it.

TODO

  • Add missing unit tests
  • Create QA tests

Public Snippet (58)

http://localhost:3000/snippets/58

Public_snippet___58____Snippets___GitLab_2018-12-27_18-13-28

Secret Snippet (57 - as an authenticated user who is the author)

http://localhost:3000/snippets/57?secret=6b53dafbb1e9492ea1dce70081e0ed0e

Secret_Snippet___57____Snippets___GitLab_2018-12-27_18-13-03

Secret Snippet (57 - as an authenticated user who is not the author)

http://localhost:3000/snippets/57?secret=6b53dafbb1e9492ea1dce70081e0ed0e

Secret_Snippet___57____Snippets___GitLab_-__Private_Browsing__2018-12-27_18-17-55

Searching through Snippets - as an unauthenticated user

http://localhost:3000/search?utf8=%E2%9C%93&snippets=true&scope=&search=bleepers

bleepers___Search___GitLab_-__Private_Browsing__2018-12-27_18-14-17

Searching through Snippets - as an authenticated user (but not the author of Secret Snippet 57)

http://localhost:3000/search?utf8=%E2%9C%93&snippets=true&scope=&search=bleepers

bleepers___Search___GitLab_-__Private_Browsing__2018-12-27_18-22-53

Searching through Snippets - as an authenticated user who is the author of Secret Snippet 57

http://localhost:3000/search?utf8=%E2%9C%93&snippets=true&scope=&search=bleepers

bleepers___Search___GitLab_2018-12-27_18-13-50

What are the relevant issue numbers?

#13235 (moved)

Does this MR meet the acceptance criteria?

Closes #13235 (moved)

Edited by 🤖 GitLab Bot 🤖

Merge request reports