Extract EE specific files/lines for Create lib/api
We have the following files containing EE specific code. We should move them to ee/
lib/api/api.rb
diff --git a/lib/api/api.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/api.rb
index 4dd1b459554..872b556cbfb 100644
--- a/lib/api/api.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/api.rb
@@ -29,6 +29,13 @@ module API
prefix :api
version 'v3', using: :path do
+ ## EE-specific API V3 endpoints START
+ # Although the following endpoints are kept behind V3 namespace, they're not
+ # deprecated neither should be removed when V3 get removed.
+ # They're needed as a layer to integrate with Jira Development Panel.
+ mount ::API::V3::Github
+ ## EE-specific API V3 endpoints END
+
route :any, '*path' do
error!('API V3 is no longer supported. Use API V4 instead.', 410)
end
@@ -115,14 +122,17 @@ module API
mount ::API::GroupVariables
mount ::API::ImportGithub
mount ::API::Internal
+ mount ::API::IssuableBulkUpdate
mount ::API::Issues
mount ::API::JobArtifacts
mount ::API::Jobs
mount ::API::Keys
mount ::API::Labels
mount ::API::Lint
+ mount ::API::ManagedLicenses
mount ::API::Markdown
mount ::API::Members
+ mount ::API::MergeRequestApprovals
mount ::API::MergeRequestDiffs
mount ::API::MergeRequests
mount ::API::Namespaces
@@ -133,6 +143,7 @@ module API
mount ::API::PagesDomains
mount ::API::Pipelines
mount ::API::PipelineSchedules
+ mount ::API::ProjectApprovals
mount ::API::ProjectClusters
mount ::API::ProjectExport
mount ::API::ProjectImport
@@ -172,3 +183,5 @@ module API
end
end
end
+
+API::API.prepend(::EE::API::Endpoints)
lib/api/entities.rb
diff --git a/lib/api/entities.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/entities.rb
index 7c035990fb0..fc625743c10 100644
--- a/lib/api/entities.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/entities.rb
@@ -485,6 +485,7 @@ module API
class ProtectedRefAccess < Grape::Entity
expose :access_level
+
expose :access_level_description do |protected_ref_access|
protected_ref_access.humanize
end
@@ -494,6 +495,7 @@ module API
expose :name
expose :push_access_levels, using: Entities::ProtectedRefAccess
expose :merge_access_levels, using: Entities::ProtectedRefAccess
+ expose :unprotect_access_levels, using: Entities::ProtectedRefAccess
end
class ProtectedTag < Grape::Entity
@@ -1552,6 +1554,19 @@ module API
end
end
+ def self.prepend_entity(klass, with: nil)
+ if with.nil?
+ raise ArgumentError, 'You need to pass either the :with or :namespace option!'
+ end
+
+ klass.descendants.each { |descendant| descendant.prepend(with) }
+ klass.prepend(with)
+ end
+
+ class ManagedLicense < Grape::Entity
+ expose :id, :name, :approval_status
+ end
+
class ResourceLabelEvent < Grape::Entity
expose :id
expose :user, using: Entities::UserBasic
@@ -1612,3 +1627,17 @@ module API
end
end
end
+
+API::Entities.prepend_entity(::API::Entities::ApplicationSetting, with: EE::API::Entities::ApplicationSetting)
+API::Entities.prepend_entity(::API::Entities::Board, with: EE::API::Entities::Board)
+API::Entities.prepend_entity(::API::Entities::Group, with: EE::API::Entities::Group)
+API::Entities.prepend_entity(::API::Entities::GroupDetail, with: EE::API::Entities::GroupDetail)
+API::Entities.prepend_entity(::API::Entities::IssueBasic, with: EE::API::Entities::IssueBasic)
+API::Entities.prepend_entity(::API::Entities::List, with: EE::API::Entities::List)
+API::Entities.prepend_entity(::API::Entities::MergeRequestBasic, with: EE::API::Entities::MergeRequestBasic)
+API::Entities.prepend_entity(::API::Entities::Namespace, with: EE::API::Entities::Namespace)
+API::Entities.prepend_entity(::API::Entities::Project, with: EE::API::Entities::Project)
+API::Entities.prepend_entity(::API::Entities::ProtectedRefAccess, with: EE::API::Entities::ProtectedRefAccess)
+API::Entities.prepend_entity(::API::Entities::UserPublic, with: EE::API::Entities::UserPublic)
+API::Entities.prepend_entity(::API::Entities::Variable, with: EE::API::Entities::Variable)
+API::Entities.prepend_entity(::API::Entities::Todo, with: EE::API::Entities::Todo)
lib/api/helpers.rb
diff --git a/lib/api/helpers.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/helpers.rb
index 54cd4cd9cdb..cf05da5960e 100644
--- a/lib/api/helpers.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/helpers.rb
@@ -2,7 +2,10 @@
module API
module Helpers
+ prepend EE::API::Helpers # rubocop: disable Cop/InjectEnterpriseEditionModule
+
include Gitlab::Utils
+ include Gitlab::Utils::StrongMemoize
include Helpers::Pagination
SUDO_HEADER = "HTTP_SUDO".freeze
@@ -115,7 +118,12 @@ module API
def find_project!(id)
project = find_project(id)
- if can?(current_user, :read_project, project)
+ # CI job token authentication:
+ # this method grants limited privileged for admin users
+ # admin users can only access project if they are direct member
+ ability = job_token_authentication? ? :build_read_project : :read_project
+
+ if can?(current_user, ability, project)
project
else
not_found!('Project')
@@ -133,6 +141,10 @@ module API
# rubocop: enable CodeReuse/ActiveRecord
def find_group!(id)
+ # CI job token authentication:
+ # currently we do not allow any group access for CI job token
+ not_found!('Group') if job_token_authentication?
+
group = find_group(id)
if can?(current_user, :read_group, group)
@@ -171,8 +183,9 @@ module API
end
# rubocop: disable CodeReuse/ActiveRecord
- def find_project_issue(iid)
- IssuesFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid)
+ def find_project_issue(iid, project_id = nil)
+ project = project_id ? find_project!(project_id) : user_project
+ IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
end
# rubocop: enable CodeReuse/ActiveRecord
@@ -451,12 +464,34 @@ module API
private
+ def private_token
+ params[APIGuard::PRIVATE_TOKEN_PARAM] || env[APIGuard::PRIVATE_TOKEN_HEADER]
+ end
+
+ def job_token_authentication?
+ initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
+ end
+
+ def warden
+ env['warden']
+ end
+
+ # Check if the request is GET/HEAD, or if CSRF token is valid.
+ def verified_request?
+ Gitlab::RequestForgeryProtection.verified?(env)
+ end
+
+ # Check the Rails session for valid authentication details
+ def find_user_from_warden
+ warden.try(:authenticate) if verified_request?
+ end
+
# rubocop:disable Gitlab/ModuleWithInstanceVariables
def initial_current_user
- return @initial_current_user if defined?(@initial_current_user)
+ return @initial_current_user if defined?(@initial_current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables
begin
- @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! }
+ @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } # rubocop:disable Gitlab/ModuleWithInstanceVariables
rescue Gitlab::Auth::UnauthorizedError
unauthorized!
end
@@ -492,6 +527,10 @@ module API
Gitlab::Shell.secret_token
end
+ def geo_token
+ Gitlab::Geo.current_node.system_hook.token
+ end
+
def send_git_blob(repository, blob)
env['api.format'] = :txt
content_type 'text/plain'
lib/api/protected_branches.rb
diff --git a/lib/api/protected_branches.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/protected_branches.rb
index 5af43448727..2f135e2fc7e 100644
--- a/lib/api/protected_branches.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/protected_branches.rb
@@ -51,6 +51,24 @@ module API
optional :merge_access_level, type: Integer,
values: ProtectedBranch::MergeAccessLevel.allowed_access_levels,
desc: 'Access levels allowed to merge (defaults: `40`, maintainer access level)'
+ optional :unprotect_access_level, type: Integer,
+ values: ProtectedBranch::UnprotectAccessLevel.allowed_access_levels,
+ desc: 'Access levels allowed to unprotect (defaults: `40`, maintainer access level)'
+ optional :allowed_to_push, type: Array, desc: 'An array of users/groups allowed to push' do
+ optional :access_level, type: Integer, values: ProtectedBranch::PushAccessLevel.allowed_access_levels
+ optional :user_id, type: Integer
+ optional :group_id, type: Integer
+ end
+ optional :allowed_to_merge, type: Array, desc: 'An array of users/groups allowed to merge' do
+ optional :access_level, type: Integer, values: ProtectedBranch::MergeAccessLevel.allowed_access_levels
+ optional :user_id, type: Integer
+ optional :group_id, type: Integer
+ end
+ optional :allowed_to_unprotect, type: Array, desc: 'An array of users/groups allowed to unprotect' do
+ optional :access_level, type: Integer, values: ProtectedBranch::UnprotectAccessLevel.allowed_access_levels
+ optional :user_id, type: Integer
+ optional :group_id, type: Integer
+ end
end
# rubocop: disable CodeReuse/ActiveRecord
post ':id/protected_branches' do
lib/api/search.rb
diff --git a/lib/api/search.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/search.rb
index f5db692afe5..9b203522acd 100644
--- a/lib/api/search.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/lib/api/search.rb
@@ -20,6 +20,8 @@ module API
snippet_blobs: Entities::Snippet
}.freeze
+ ELASTICSEARCH_SCOPES = %w(wiki_blobs blobs commits).freeze
+
def search(additional_params = {})
search_params = {
scope: params[:scope],
@@ -35,6 +37,12 @@ module API
end
def process_results(results)
+ return [] if results.empty?
+
+ if results.is_a?(Elasticsearch::Model::Response::Response)
+ return paginate(results).map { |blob| Gitlab::Elastic::SearchResults.parse_search_result(blob) }
+ end
+
paginate(results)
end
@@ -45,6 +53,16 @@ module API
def entity
SCOPE_ENTITY[params[:scope].to_sym]
end
+
+ def check_elasticsearch_scope!
+ if ELASTICSEARCH_SCOPES.include?(params[:scope]) && !elasticsearch?
+ render_api_error!({ error: 'Scope not supported without Elasticsearch!' }, 400)
+ end
+ end
+
+ def elasticsearch?
+ Gitlab::CurrentSettings.elasticsearch_search?
+ end
end
resource :search do
@@ -56,11 +74,15 @@ module API
requires :scope,
type: String,
desc: 'The scope of search, available scopes:
- projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs',
- values: %w(projects issues merge_requests milestones snippet_titles snippet_blobs)
+ projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs,
+ if Elasticsearch enabled: wiki_blobs, blobs, commits',
+ values: %w(projects issues merge_requests milestones snippet_titles snippet_blobs
+ wiki_blobs blobs commits)
use :pagination
end
get do
+ check_elasticsearch_scope!
+
present search, with: entity
end
end
@@ -75,11 +97,14 @@ module API
requires :scope,
type: String,
desc: 'The scope of search, available scopes:
- projects, issues, merge_requests, milestones',
- values: %w(projects issues merge_requests milestones)
+ projects, issues, merge_requests, milestones,
+ if Elasticsearch enabled: wiki_blobs, blobs, commits',
+ values: %w(projects issues merge_requests milestones wiki_blobs blobs commits)
use :pagination
end
get ':id/(-/)search' do
+ check_elasticsearch_scope!
+
present search(group_id: user_group.id), with: entity
end
end
Edited by Douwe Maan