Move all EE controller differences to EE specific modules
EE specific code that resides in app/controllers
should be moved to the corresponding EE specific modules that reside in ee/app/controllers
, leaving behind only the necessary prepend
and include
calls, which should be placed at the end of the file).
Differences
app/controllers/projects_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects_controller.rb
index 7f4a9f5151b..93e8e1e9a82 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects_controller.rb
@@ -6,13 +6,13 @@ class ProjectsController < Projects::ApplicationController
include ExtractsPath
include PreviewMarkdown
include SendFileUpload
-
before_action :whitelist_query_limiting, only: [:create]
before_action :authenticate_user!, except: [:index, :show, :activity, :refs]
before_action :redirect_git_extension, only: [:show]
before_action :project, except: [:index, :new, :create]
before_action :repository, except: [:index, :new, :create]
before_action :assign_ref_vars, only: [:show], if: :repo_exists?
+ before_action :assign_tree_vars, only: [:show], if: [:repo_exists?, :project_view_files?]
before_action :tree, only: [:show], if: [:repo_exists?, :project_view_files?]
before_action :lfs_blob_ids, only: [:show], if: [:repo_exists?, :project_view_files?]
before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export]
@@ -408,6 +408,13 @@ class ProjectsController < Projects::ApplicationController
project.repository.root_ref
end
+ # ExtractsPath will set @id = project.path on the show route, but it has to be the
+ # branch name for the tree view to work correctly.
+ def assign_tree_vars
+ @id = get_id
+ tree
+ end
+
def project_view_files_allowed?
!project.empty_repo? && can?(current_user, :download_code, project)
end
@@ -440,3 +447,5 @@ class ProjectsController < Projects::ApplicationController
@project = @project.present(current_user: current_user)
end
end
+
+ProjectsController.prepend(EE::ProjectsController)
app/controllers/application_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/application_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/application_controller.rb
index 9b40ffb26a2..06dd666bc8f 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/application_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/application_controller.rb
@@ -160,6 +160,10 @@ class ApplicationController < ActionController::Base
sessionless_sign_in(user) if user
end
+ def verify_namespace_plan_check_enabled
+ render_404 unless Gitlab::CurrentSettings.should_check_namespace_plan?
+ end
+
def log_exception(exception)
Raven.capture_exception(exception) if sentry_enabled?
@@ -174,7 +178,11 @@ class ApplicationController < ActionController::Base
end
def after_sign_out_path_for(resource)
- Gitlab::CurrentSettings.after_sign_out_path.presence || new_user_session_path
+ if Gitlab::Geo.secondary?
+ Gitlab::Geo.primary_node.oauth_logout_url(@geo_logout_state)
+ else
+ Gitlab::CurrentSettings.after_sign_out_path.presence || new_user_session_path
+ end
end
def can?(object, action, subject = :global)
app/controllers/projects/protected_tags_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_tags_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_tags_controller.rb
index 01cedba95ac..41191639c2b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_tags_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_tags_controller.rb
@@ -15,6 +15,10 @@ class Projects::ProtectedTagsController < Projects::ProtectedRefsController
@protected_ref = @project.protected_tags.find(params[:id])
end
+ def access_levels
+ [:create_access_levels]
+ end
+
def protected_ref_params
params.require(:protected_tag).permit(:name, create_access_levels_attributes: access_level_attributes)
end
app/controllers/projects/protected_refs_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_refs_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_refs_controller.rb
index 3a3a29ddd0d..d8f2f4a02fe 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_refs_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_refs_controller.rb
@@ -32,7 +32,7 @@ class Projects::ProtectedRefsController < Projects::ApplicationController
@protected_ref = update_service_class.new(@project, current_user, protected_ref_params).execute(@protected_ref)
if @protected_ref.valid?
- render json: @protected_ref, status: :ok
+ render json: @protected_ref, status: :ok, include: access_levels
else
render json: @protected_ref.errors, status: :unprocessable_entity
end
@@ -62,6 +62,6 @@ class Projects::ProtectedRefsController < Projects::ApplicationController
end
def access_level_attributes
- %i(access_level id)
+ %i(access_level id user_id _destroy group_id)
end
end
app/controllers/projects/group_links_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/group_links_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/group_links_controller.rb
index 7c713c19762..ab58559fc14 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/group_links_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/group_links_controller.rb
@@ -4,6 +4,7 @@ class Projects::GroupLinksController < Projects::ApplicationController
layout 'project_settings'
before_action :authorize_admin_project!
before_action :authorize_admin_project_member!, only: [:update]
+ before_action :authorize_group_share!, only: [:create]
def index
redirect_to namespace_project_settings_members_path
@@ -44,6 +45,10 @@ class Projects::GroupLinksController < Projects::ApplicationController
protected
+ def authorize_group_share!
+ access_denied! unless project.allowed_to_share_with_group?
+ end
+
def group_link_params
params.require(:group_link).permit(:group_access, :expires_at)
end
app/controllers/projects/lfs_api_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/lfs_api_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/lfs_api_controller.rb
index be40077d389..3787c120605 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/lfs_api_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/lfs_api_controller.rb
@@ -1,8 +1,13 @@
# frozen_string_literal: true
class Projects::LfsApiController < Projects::GitHttpClientController
+ include ApplicationSettingsHelper
+ include ApplicationHelper
+ include GitlabRoutingHelper
include LfsRequest
+ prepend ::EE::Projects::LfsApiController
+
LFS_TRANSFER_CONTENT_TYPE = 'application/octet-stream'.freeze
skip_before_action :lfs_check_access!, only: [:deprecated]
app/controllers/projects/deploy_keys_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/deploy_keys_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/deploy_keys_controller.rb
index 0a593bd35b6..31456fd543d 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/deploy_keys_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/deploy_keys_controller.rb
@@ -26,7 +26,9 @@ class Projects::DeployKeysController < Projects::ApplicationController
def create
@key = DeployKeys::CreateService.new(current_user, create_params).execute
- unless @key.valid?
+ if @key.valid?
+ log_audit_event(@key.title, action: :create)
+ else
flash[:alert] = @key.errors.full_messages.join(', ').html_safe
end
@@ -87,4 +89,9 @@ class Projects::DeployKeysController < Projects::ApplicationController
def authorize_update_deploy_key!
access_denied! unless can?(current_user, :update_deploy_key, deploy_key)
end
+
+ def log_audit_event(key_title, options = {})
+ AuditEventService.new(current_user, @project, options)
+ .for_deploy_key(key_title).security_event
+ end
end
app/controllers/projects/protected_branches_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_branches_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_branches_controller.rb
index a860be83e95..c5454883060 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/protected_branches_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/protected_branches_controller.rb
@@ -15,6 +15,10 @@ class Projects::ProtectedBranchesController < Projects::ProtectedRefsController
@protected_ref = @project.protected_branches.find(params[:id])
end
+ def access_levels
+ [:merge_access_levels, :push_access_levels]
+ end
+
def protected_ref_params
params.require(:protected_branch).permit(:name,
merge_access_levels_attributes: access_level_attributes,
app/controllers/projects/imports_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/imports_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/imports_controller.rb
index e55065c5817..0206583210b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/projects/imports_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/projects/imports_controller.rb
@@ -2,6 +2,7 @@
class Projects::ImportsController < Projects::ApplicationController
include ContinueParams
+ include SafeMirrorParams
# Authorize
before_action :authorize_admin_project!
@@ -13,9 +14,7 @@ class Projects::ImportsController < Projects::ApplicationController
end
def create
- @project.import_url = params[:project][:import_url]
-
- if @project.save
+ if @project.update(safe_import_params)
@project.reload.import_schedule
end
@@ -67,4 +66,14 @@ class Projects::ImportsController < Projects::ApplicationController
redirect_to project_path(@project)
end
end
+
+ def import_params
+ params.require(:project).permit(:import_url, :mirror, :mirror_user_id)
+ end
+
+ def safe_import_params
+ return import_params if valid_mirror_user?(import_params)
+
+ import_params.merge(mirror_user_id: current_user.id)
+ end
end
app/controllers/admin/health_check_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/admin/health_check_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/admin/health_check_controller.rb
index 25cc241e5b0..d508759e49a 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/admin/health_check_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/admin/health_check_controller.rb
@@ -2,6 +2,9 @@
class Admin::HealthCheckController < Admin::ApplicationController
def show
- @errors = HealthCheck::Utils.process_checks(['standard'])
+ checks = ['standard']
+ checks << 'geo' if Gitlab::Geo.secondary?
+
+ @errors = HealthCheck::Utils.process_checks(checks)
end
end
app/controllers/omniauth_callbacks_controller.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/omniauth_callbacks_controller.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/omniauth_callbacks_controller.rb
index 30be50d4595..5fb6e2b5ea8 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/omniauth_callbacks_controller.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/omniauth_callbacks_controller.rb
@@ -3,7 +3,6 @@
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
include AuthenticatesWithTwoFactor
include Devise::Controllers::Rememberable
-
protect_from_forgery except: [:kerberos, :saml, :cas3], prepend: true
def handle_omniauth
@@ -56,6 +55,16 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
handle_omniauth
end
+ def kerberos_spnego
+ # The internal kerberos_spnego provider is a replacement for
+ # omniauth-kerberos. Here we re-use the 'kerberos' provider name to ease
+ # the transition. In time (in GitLab 9.0?) we should remove the
+ # omniauth-kerberos gem and rename the internal 'kerberos_spnego'
+ # provider to plain 'kerberos' and remove this special method.
+ oauth['provider'] = 'kerberos'
+ handle_omniauth
+ end
+
def authentiq
if params['sid']
handle_service_ticket oauth['provider'], params['sid']
@@ -190,3 +199,5 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
(request_params['remember_me'] == '1') if request_params.present?
end
end
+
+OmniauthCallbacksController.prepend(EE::OmniauthCallbacksController)
app/controllers/concerns/lfs_request.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/concerns/lfs_request.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/concerns/lfs_request.rb
index 9576eb14fdd..78aa1f1dcf5 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/concerns/lfs_request.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/concerns/lfs_request.rb
@@ -94,6 +94,7 @@ module LfsRequest
def lfs_upload_access?
return false unless project.lfs_enabled?
return false unless has_authentication_ability?(:push_code)
+ return false if project.above_size_limit? || objects_exceed_repo_limit?
lfs_deploy_token? || can?(user, :push_code, project)
end
@@ -122,3 +123,5 @@ module LfsRequest
(authentication_abilities || []).include?(capability)
end
end
+
+LfsRequest.prepend(EE::LfsRequest)
app/controllers/concerns/service_params.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/concerns/service_params.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/concerns/service_params.rb
index 8bd93a349ef..00ed6b1a251 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/controllers/concerns/service_params.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/controllers/concerns/service_params.rb
@@ -2,7 +2,6 @@
module ServiceParams
extend ActiveSupport::Concern
-
ALLOWED_PARAMS_CE = [
:active,
:add_pusher,
@@ -70,7 +69,7 @@ module ServiceParams
def service_params
dynamic_params = @service.event_channel_names + @service.event_names # rubocop:disable Gitlab/ModuleWithInstanceVariables
- service_params = params.permit(:id, service: ALLOWED_PARAMS_CE + dynamic_params)
+ service_params = params.permit(:id, service: allowed_service_params + dynamic_params)
if service_params[:service].is_a?(Hash)
FILTER_BLANK_PARAMS.each do |param|
@@ -80,4 +79,10 @@ module ServiceParams
service_params
end
+
+ def allowed_service_params
+ ALLOWED_PARAMS_CE
+ end
end
+
+ServiceParams.prepend(EE::ServiceParams)
Edited by Yorick Peterse