BigW Consortium Gitlab

blob_helper.rb 9.82 KB
Newer Older
1
module BlobHelper
2 3
  def highlight(blob_name, blob_content, repository: nil, plain: false)
    highlighted = Gitlab::Highlight.highlight(blob_name, blob_content, plain: plain, repository: repository)
4
    raw %(<pre class="code highlight"><code>#{highlighted}</code></pre>)
5 6 7
  end

  def no_highlight_files
8
    %w(credits changelog news copying copyright license authors)
9
  end
10

11
  def edit_path(project = @project, ref = @ref, path = @path, options = {})
12
    project_edit_blob_path(project,
13 14 15 16 17
                                     tree_join(ref, path),
                                     options[:link_opts])
  end

  def edit_blob_link(project = @project, ref = @ref, path = @path, options = {})
18 19
    blob = options.delete(:blob)
    blob ||= project.repository.blob_at(ref, path) rescue nil
20

21
    return unless blob && blob.readable_text?
22

23
    common_classes = "btn js-edit-blob #{options[:extra_class]}"
24

Douwe Maan committed
25
    if !on_top_of_branch?(project, ref)
26 27
      button_tag 'Edit', class: "#{common_classes} disabled has-tooltip", title: "You can only edit files when you are on a branch", data: { container: 'body' }
    # This condition applies to anonymous or users who can edit directly
28
    elsif !current_user || (current_user && can_modify_blob?(blob, project, ref))
29 30
      link_to 'Edit', edit_path(project, ref, path, options), class: "#{common_classes} btn-sm"
    elsif current_user && can?(current_user, :fork_project, project)
31
      continue_params = {
32
        to: edit_path(project, ref, path, options),
33 34 35
        notice: edit_in_new_fork_notice,
        notice_now: edit_in_new_fork_notice_now
      }
36
      fork_path = project_forks_path(project, namespace_key: current_user.namespace.id, continue: continue_params)
37 38 39 40

      button_tag 'Edit',
        class: "#{common_classes} js-edit-blob-link-fork-toggler",
        data: { action: 'edit', fork_path: fork_path }
41 42 43 44 45 46 47 48 49 50
    end
  end

  def modify_file_link(project = @project, ref = @ref, path = @path, label:, action:, btn_class:, modal_type:)
    return unless current_user

    blob = project.repository.blob_at(ref, path) rescue nil

    return unless blob

51 52
    common_classes = "btn btn-#{btn_class}"

Douwe Maan committed
53
    if !on_top_of_branch?(project, ref)
54
      button_tag label, class: "#{common_classes} disabled has-tooltip", title: "You can only #{action} files when you are on a branch", data: { container: 'body' }
55
    elsif blob.stored_externally?
56
      button_tag label, class: "#{common_classes} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' }
57
    elsif can_modify_blob?(blob, project, ref)
58
      button_tag label, class: "#{common_classes}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal'
59 60
    elsif can?(current_user, :fork_project, project)
      continue_params = {
61
        to: request.fullpath,
62 63 64
        notice: edit_in_new_fork_notice + " Try to #{action} this file again.",
        notice_now: edit_in_new_fork_notice_now
      }
65
      fork_path = project_forks_path(project, namespace_key: current_user.namespace.id, continue: continue_params)
66

67 68 69
      button_tag label,
        class: "#{common_classes} js-edit-blob-link-fork-toggler",
        data: { action: action, fork_path: fork_path }
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
    end
  end

  def replace_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Replace",
      action:     "replace",
      btn_class:  "default",
      modal_type: "upload"
    )
  end

  def delete_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Delete",
      action:     "delete",
      btn_class:  "remove",
      modal_type: "remove"
    )
  end

97
  def can_modify_blob?(blob, project = @project, ref = @ref)
98
    !blob.stored_externally? && can_edit_tree?(project, ref)
99 100 101 102 103 104 105
  end

  def leave_edit_message
    "Leave edit mode?\nAll unsaved changes will be lost."
  end

  def editing_preview_title(filename)
106
    if Gitlab::MarkupHelper.previewable?(filename)
107 108
      'Preview'
    else
109
      'Preview changes'
110 111
    end
  end
112 113 114 115 116 117 118 119

  # Return an image icon depending on the file mode and extension
  #
  # mode - File unix mode
  # mode - File name
  def blob_icon(mode, name)
    icon("#{file_type_icon_class('file', mode, name)} fw")
  end
120

Douwe Maan committed
121
  def blob_raw_path
122
    if @build && @entry
123
      raw_project_job_artifacts_path(@project, @build, path: @entry.path)
124
    elsif @snippet
125
      if @snippet.project_id
126
        raw_project_snippet_path(@project, @snippet)
127 128 129 130
      else
        raw_snippet_path(@snippet)
      end
    elsif @blob
131
      project_raw_path(@project, @id)
132
    end
Douwe Maan committed
133 134
  end

Stan Hu committed
135 136 137
  # SVGs can contain malicious JavaScript; only include whitelisted
  # elements and attributes. Note that this whitelist is by no means complete
  # and may omit some elements.
Douwe Maan committed
138 139
  def sanitize_svg_data(data)
    Gitlab::Sanitizers::SVG.clean(data)
Stan Hu committed
140
  end
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158

  # If we blindly set the 'real' content type when serving a Git blob we
  # are enabling XSS attacks. An attacker could upload e.g. a Javascript
  # file to a Git repository, trick the browser of a victim into
  # downloading the blob, and then the 'application/javascript' content
  # type would tell the browser to execute the attacker's Javascript. By
  # overriding the content type and setting it to 'text/plain' (in the
  # example of Javascript) we tell the browser of the victim not to
  # execute untrusted data.
  def safe_content_type(blob)
    if blob.text?
      'text/plain; charset=utf-8'
    elsif blob.image?
      blob.content_type
    else
      'application/octet-stream'
    end
  end
159

Jacob Vosmaer committed
160 161 162 163
  def cached_blob?
    stale = stale?(etag: @blob.id) # The #stale? method sets cache headers.

    # Because we are opionated we set the cache headers ourselves.
164
    response.cache_control[:public] = @project.public?
165

Douwe Maan committed
166 167 168 169 170 171 172 173 174 175 176
    response.cache_control[:max_age] =
      if @ref && @commit && @ref == @commit.id
        # This is a link to a commit by its commit SHA. That means that the blob
        # is immutable. The only reason to invalidate the cache is if the commit
        # was deleted or if the user lost access to the repository.
        Blob::CACHE_TIME_IMMUTABLE
      else
        # A branch or tag points at this blob. That means that the expected blob
        # value may change over time.
        Blob::CACHE_TIME
      end
177

178
    response.etag = @blob.id
Jacob Vosmaer committed
179
    !stale
180
  end
181 182 183 184 185 186 187

  def licenses_for_select
    return @licenses_for_select if defined?(@licenses_for_select)

    licenses = Licensee::License.all

    @licenses_for_select = {
188 189
      Popular: licenses.select(&:featured).map { |license| { name: license.name, id: license.key } },
      Other: licenses.reject(&:featured).map { |license| { name: license.name, id: license.key } }
190 191
    }
  end
192

193 194 195 196
  def ref_project
    @ref_project ||= @target_project || @project
  end

197
  def gitignore_names
198
    @gitignore_names ||= Gitlab::Template::GitignoreTemplate.dropdown_names
199
  end
200

201
  def gitlab_ci_ymls
202
    @gitlab_ci_ymls ||= Gitlab::Template::GitlabCiYmlTemplate.dropdown_names(params[:context])
203
  end
204

205 206 207 208
  def dockerfile_names
    @dockerfile_names ||= Gitlab::Template::DockerfileTemplate.dropdown_names
  end

209 210 211 212 213 214 215
  def blob_editor_paths
    {
      'relative-url-root' => Rails.application.config.relative_url_root,
      'assets-prefix' => Gitlab::Application.config.assets.prefix,
      'blob-language' => @blob && @blob.language.try(:ace_mode)
    }
  end
Douwe Maan committed
216 217

  def copy_file_path_button(file_path)
218
    clipboard_button(text: file_path, gfm: "`#{file_path}`", class: 'btn-clipboard btn-transparent prepend-left-5', title: 'Copy file path to clipboard')
Douwe Maan committed
219 220
  end

221
  def copy_blob_source_button(blob)
222 223
    return unless blob.rendered_as_text?(ignore_errors: false)

224
    clipboard_button(target: ".blob-content[data-blob-id='#{blob.id}']", class: "btn btn-sm js-copy-blob-source-btn", title: "Copy source to clipboard")
Douwe Maan committed
225 226
  end

227
  def open_raw_blob_button(blob)
228
    return if blob.empty?
229

230
    if blob.raw_binary? || blob.stored_externally?
231 232 233 234 235 236 237
      icon = icon('download')
      title = 'Download'
    else
      icon = icon('file-code-o')
      title = 'Open raw'
    end

Douwe Maan committed
238
    link_to icon, blob_raw_path, class: 'btn btn-sm has-tooltip', target: '_blank', rel: 'noopener noreferrer', title: title, data: { container: 'body' }
Douwe Maan committed
239
  end
Douwe Maan committed
240

Douwe Maan committed
241 242
  def blob_render_error_reason(viewer)
    case viewer.render_error
243 244
    when :collapsed
      "it is larger than #{number_to_human_size(viewer.collapse_limit)}"
Douwe Maan committed
245
    when :too_large
246
      "it is larger than #{number_to_human_size(viewer.size_limit)}"
247 248 249 250
    when :server_side_but_stored_externally
      case viewer.blob.external_storage
      when :lfs
        'it is stored in LFS'
251 252
      when :build_artifact
        'it is stored as a job artifact'
253 254 255
      else
        'it is stored externally'
      end
Douwe Maan committed
256 257
    end
  end
Douwe Maan committed
258

Douwe Maan committed
259
  def blob_render_error_options(viewer)
260
    error = viewer.render_error
Douwe Maan committed
261 262
    options = []

263 264
    if error == :collapsed
      options << link_to('load it anyway', url_for(params.merge(viewer: viewer.type, expanded: true, format: nil)))
Douwe Maan committed
265 266
    end

267 268 269
    # If the error is `:server_side_but_stored_externally`, the simple viewer will show the same error,
    # so don't bother switching.
    if viewer.rich? && viewer.blob.rendered_as_text? && error != :server_side_but_stored_externally
270
      options << link_to('view the source', '#', class: 'js-blob-viewer-switch-btn', data: { viewer: 'simple' })
Douwe Maan committed
271 272
    end

Douwe Maan committed
273
    options << link_to('download it', blob_raw_path, target: '_blank', rel: 'noopener noreferrer')
Douwe Maan committed
274 275 276

    options
  end
277 278 279 280 281

  def contribution_options(project)
    options = []

    if can?(current_user, :create_issue, project)
282
      options << link_to("submit an issue", new_project_issue_path(project))
283 284 285 286
    end

    merge_project = can?(current_user, :create_merge_request, project) ? project : (current_user && current_user.fork_of(project))
    if merge_project
287
      options << link_to("create a merge request", project_new_merge_request_path(project))
288 289 290 291
    end

    options
  end
292
end