BigW Consortium Gitlab

blob_helper.rb 6.67 KB
Newer Older
1
module BlobHelper
2 3 4 5
  def highlighter(blob_name, blob_content, nowrap: false)
    Gitlab::Highlight.new(blob_name, blob_content, nowrap: nowrap)
  end

6 7
  def highlight(blob_name, blob_content, nowrap: false, plain: false)
    Gitlab::Highlight.highlight(blob_name, blob_content, nowrap: nowrap, plain: plain)
8 9 10
  end

  def no_highlight_files
11
    %w(credits changelog news copying copyright license authors)
12
  end
13

14 15 16 17 18
  def edit_blob_link(project = @project, ref = @ref, path = @path, options = {})
    return unless current_user

    blob = project.repository.blob_at(ref, path) rescue nil

19
    return unless blob && blob_text_viewable?(blob)
20

21 22 23
    from_mr = options[:from_merge_request_id]
    link_opts = {}
    link_opts[:from_merge_request_id] = from_mr if from_mr
24 25 26 27 28

    edit_path = namespace_project_edit_blob_path(project.namespace, project,
                                     tree_join(ref, path),
                                     link_opts)

Douwe Maan committed
29
    if !on_top_of_branch?(project, ref)
Annabel Dunstone committed
30
      button_tag "Edit", class: "btn disabled has-tooltip btn-file-option", title: "You can only edit files when you are on a branch", data: { container: 'body' }
Douwe Maan committed
31
    elsif can_edit_blob?(blob, project, ref)
Annabel Dunstone committed
32
      link_to "Edit", edit_path, class: 'btn btn-file-option'
33 34 35 36 37 38
    elsif can?(current_user, :fork_project, project)
      continue_params = {
        to:     edit_path,
        notice: edit_in_new_fork_notice,
        notice_now: edit_in_new_fork_notice_now
      }
39
      fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)
40

Annabel Dunstone committed
41
      link_to "Edit", fork_path, class: 'btn btn-file-option', method: :post
42 43 44 45 46 47 48 49 50 51
    end
  end

  def modify_file_link(project = @project, ref = @ref, path = @path, label:, action:, btn_class:, modal_type:)
    return unless current_user

    blob = project.repository.blob_at(ref, path) rescue nil

    return unless blob

Douwe Maan committed
52
    if !on_top_of_branch?(project, ref)
53
      button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "You can only #{action} files when you are on a branch", data: { container: 'body' }
54
    elsif blob.lfs_pointer?
55
      button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' }
Douwe Maan committed
56
    elsif can_edit_blob?(blob, project, ref)
57 58 59 60 61 62 63
      button_tag label, class: "btn btn-#{btn_class}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal'
    elsif can?(current_user, :fork_project, project)
      continue_params = {
        to:     request.fullpath,
        notice: edit_in_new_fork_notice + " Try to #{action} this file again.",
        notice_now: edit_in_new_fork_notice_now
      }
64
      fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95

      link_to label, fork_path, class: "btn btn-#{btn_class}", method: :post
    end
  end

  def replace_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Replace",
      action:     "replace",
      btn_class:  "default",
      modal_type: "upload"
    )
  end

  def delete_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Delete",
      action:     "delete",
      btn_class:  "remove",
      modal_type: "remove"
    )
  end

  def can_edit_blob?(blob, project = @project, ref = @ref)
    !blob.lfs_pointer? && can_edit_tree?(project, ref)
96 97 98 99 100 101 102
  end

  def leave_edit_message
    "Leave edit mode?\nAll unsaved changes will be lost."
  end

  def editing_preview_title(filename)
103
    if Gitlab::MarkupHelper.previewable?(filename)
104 105
      'Preview'
    else
Douwe Maan committed
106
      'Preview Changes'
107 108
    end
  end
109 110 111 112 113 114 115 116

  # Return an image icon depending on the file mode and extension
  #
  # mode - File unix mode
  # mode - File name
  def blob_icon(mode, name)
    icon("#{file_type_icon_class('file', mode, name)} fw")
  end
117

118
  def blob_text_viewable?(blob)
119
    blob && blob.text? && !blob.lfs_pointer? && !blob.only_display_raw?
120 121 122 123 124 125 126 127 128
  end

  def blob_size(blob)
    if blob.lfs_pointer?
      blob.lfs_size
    else
      blob.size
    end
  end
Stan Hu committed
129 130 131 132 133

  # SVGs can contain malicious JavaScript; only include whitelisted
  # elements and attributes. Note that this whitelist is by no means complete
  # and may omit some elements.
  def sanitize_svg(blob)
134
    blob.data = Gitlab::Sanitizers::SVG.clean(blob.data)
Stan Hu committed
135 136
    blob
  end
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154

  # If we blindly set the 'real' content type when serving a Git blob we
  # are enabling XSS attacks. An attacker could upload e.g. a Javascript
  # file to a Git repository, trick the browser of a victim into
  # downloading the blob, and then the 'application/javascript' content
  # type would tell the browser to execute the attacker's Javascript. By
  # overriding the content type and setting it to 'text/plain' (in the
  # example of Javascript) we tell the browser of the victim not to
  # execute untrusted data.
  def safe_content_type(blob)
    if blob.text?
      'text/plain; charset=utf-8'
    elsif blob.image?
      blob.content_type
    else
      'application/octet-stream'
    end
  end
155

Jacob Vosmaer committed
156 157 158 159
  def cached_blob?
    stale = stale?(etag: @blob.id) # The #stale? method sets cache headers.

    # Because we are opionated we set the cache headers ourselves.
160
    response.cache_control[:public] = @project.public?
161 162 163

    if @ref && @commit && @ref == @commit.id
      # This is a link to a commit by its commit SHA. That means that the blob
Jacob Vosmaer committed
164 165
      # is immutable. The only reason to invalidate the cache is if the commit
      # was deleted or if the user lost access to the repository.
166
      response.cache_control[:max_age] = Blob::CACHE_TIME_IMMUTABLE
167 168 169
    else
      # A branch or tag points at this blob. That means that the expected blob
      # value may change over time.
170
      response.cache_control[:max_age] = Blob::CACHE_TIME
171 172
    end

173
    response.etag = @blob.id
Jacob Vosmaer committed
174
    !stale
175
  end
176 177 178 179 180 181 182

  def licenses_for_select
    return @licenses_for_select if defined?(@licenses_for_select)

    licenses = Licensee::License.all

    @licenses_for_select = {
183 184
      Popular: licenses.select(&:featured).map { |license| { name: license.name, id: license.key } },
      Other: licenses.reject(&:featured).map { |license| { name: license.name, id: license.key } }
185 186
    }
  end
187

188 189
  def gitignore_names
    return @gitignore_names if defined?(@gitignore_names)
190

191 192
    @gitignore_names = {
      Global: Gitlab::Gitignore.global.map { |gitignore| { name: gitignore.name } },
193
      # Note that the key here doesn't cover it really
194
      Languages: Gitlab::Gitignore.languages_frameworks.map{ |gitignore| { name: gitignore.name } }
195
    }
196
  end
197
end