BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
672cbbff
Commit
672cbbff
authored
Dec 24, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Only allow group/project members to mention `
@all
`
parent
d84ca3e8
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
59 additions
and
18 deletions
+59
-18
CHANGELOG
CHANGELOG
+1
-0
projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
mentionable.rb
app/models/concerns/mentionable.rb
+1
-1
redactor_filter.rb
lib/banzai/filter/redactor_filter.rb
+3
-3
reference_filter.rb
lib/banzai/filter/reference_filter.rb
+5
-1
reference_gatherer_filter.rb
lib/banzai/filter/reference_gatherer_filter.rb
+7
-1
user_reference_filter.rb
lib/banzai/filter/user_reference_filter.rb
+13
-1
reference_extractor.rb
lib/gitlab/reference_extractor.rb
+12
-7
user_reference_filter_spec.rb
spec/lib/banzai/filter/user_reference_filter_spec.rb
+16
-3
No files found.
CHANGELOG
View file @
672cbbff
...
...
@@ -5,6 +5,7 @@ v 8.4.0 (unreleased)
- Implement new UI for group page
- Implement search inside emoji picker
- Add project permissions to all project API endpoints (Stan Hu)
- Only allow group/project members to mention `@all`
v 8.3.1 (unreleased)
- Fix Error 500 when global milestones have slashes (Stan Hu)
...
...
app/controllers/projects_controller.rb
View file @
672cbbff
...
...
@@ -178,7 +178,7 @@ class ProjectsController < ApplicationController
def
markdown_preview
text
=
params
[
:text
]
ext
=
Gitlab
::
ReferenceExtractor
.
new
(
@project
,
current_user
)
ext
=
Gitlab
::
ReferenceExtractor
.
new
(
@project
,
current_user
,
current_user
)
ext
.
analyze
(
text
)
render
json:
{
...
...
app/models/concerns/mentionable.rb
View file @
672cbbff
...
...
@@ -44,7 +44,7 @@ module Mentionable
end
def
all_references
(
current_user
=
self
.
author
,
text
=
nil
)
ext
=
Gitlab
::
ReferenceExtractor
.
new
(
self
.
project
,
current_user
)
ext
=
Gitlab
::
ReferenceExtractor
.
new
(
self
.
project
,
current_user
,
self
.
author
)
if
text
ext
.
analyze
(
text
)
...
...
lib/banzai/filter/redactor_filter.rb
View file @
672cbbff
...
...
@@ -11,7 +11,7 @@ module Banzai
class
RedactorFilter
<
HTML
::
Pipeline
::
Filter
def
call
doc
.
css
(
'a.gfm'
).
each
do
|
node
|
unless
user_can_reference?
(
node
)
unless
user_can_
see_
reference?
(
node
)
# The reference should be replaced by the original text,
# which is not always the same as the rendered text.
text
=
node
.
attr
(
'data-original'
)
||
node
.
text
...
...
@@ -24,12 +24,12 @@ module Banzai
private
def
user_can_reference?
(
node
)
def
user_can_
see_
reference?
(
node
)
if
node
.
has_attribute?
(
'data-reference-filter'
)
reference_type
=
node
.
attr
(
'data-reference-filter'
)
reference_filter
=
Banzai
::
Filter
.
const_get
(
reference_type
)
reference_filter
.
user_can_reference?
(
current_user
,
node
,
context
)
reference_filter
.
user_can_
see_
reference?
(
current_user
,
node
,
context
)
else
true
end
...
...
lib/banzai/filter/reference_filter.rb
View file @
672cbbff
...
...
@@ -12,7 +12,7 @@ module Banzai
# :project (required) - Current project, ignored if reference is cross-project.
# :only_path - Generate path-only links.
class
ReferenceFilter
<
HTML
::
Pipeline
::
Filter
def
self
.
user_can_reference?
(
user
,
node
,
context
)
def
self
.
user_can_
see_
reference?
(
user
,
node
,
context
)
if
node
.
has_attribute?
(
'data-project'
)
project_id
=
node
.
attr
(
'data-project'
).
to_i
return
true
if
project_id
==
context
[
:project
].
try
(
:id
)
...
...
@@ -24,6 +24,10 @@ module Banzai
end
end
def
self
.
user_can_reference?
(
user
,
node
,
context
)
true
end
def
self
.
referenced_by
(
node
)
raise
NotImplementedError
,
"
#{
self
}
does not implement
#{
__method__
}
"
end
...
...
lib/banzai/filter/reference_gatherer_filter.rb
View file @
672cbbff
...
...
@@ -35,7 +35,9 @@ module Banzai
return
if
context
[
:reference_filter
]
&&
reference_filter
!=
context
[
:reference_filter
]
return
unless
reference_filter
.
user_can_reference?
(
current_user
,
node
,
context
)
return
if
author
&&
!
reference_filter
.
user_can_reference?
(
author
,
node
,
context
)
return
unless
reference_filter
.
user_can_see_reference?
(
current_user
,
node
,
context
)
references
=
reference_filter
.
referenced_by
(
node
)
return
unless
references
...
...
@@ -57,6 +59,10 @@ module Banzai
def
current_user
context
[
:current_user
]
end
def
author
context
[
:author
]
end
end
end
end
lib/banzai/filter/user_reference_filter.rb
View file @
672cbbff
...
...
@@ -39,7 +39,7 @@ module Banzai
end
end
def
self
.
user_can_reference?
(
user
,
node
,
context
)
def
self
.
user_can_
see_
reference?
(
user
,
node
,
context
)
if
node
.
has_attribute?
(
'data-group'
)
group
=
Group
.
find
(
node
.
attr
(
'data-group'
))
rescue
nil
Ability
.
abilities
.
allowed?
(
user
,
:read_group
,
group
)
...
...
@@ -48,6 +48,18 @@ module Banzai
end
end
def
self
.
user_can_reference?
(
user
,
node
,
context
)
# Only team members can reference `@all`
if
node
.
has_attribute?
(
'data-project'
)
project
=
Project
.
find
(
node
.
attr
(
'data-project'
))
rescue
nil
return
false
unless
project
user
&&
project
.
team
.
member?
(
user
)
else
super
end
end
def
call
replace_text_nodes_matching
(
User
.
reference_pattern
)
do
|
content
|
user_link_filter
(
content
)
...
...
lib/gitlab/reference_extractor.rb
View file @
672cbbff
...
...
@@ -3,11 +3,12 @@ require 'banzai'
module
Gitlab
# Extract possible GFM references from an arbitrary String for further processing.
class
ReferenceExtractor
<
Banzai
::
ReferenceExtractor
attr_accessor
:project
,
:current_user
attr_accessor
:project
,
:current_user
,
:author
def
initialize
(
project
,
current_user
=
nil
)
def
initialize
(
project
,
current_user
=
nil
,
author
=
nil
)
@project
=
project
@current_user
=
current_user
@author
=
author
@references
=
{}
...
...
@@ -20,18 +21,22 @@ module Gitlab
%i(user label merge_request snippet commit commit_range)
.
each
do
|
type
|
define_method
(
"
#{
type
}
s"
)
do
@references
[
type
]
||=
references
(
type
,
project:
project
,
current_user:
current_user
)
@references
[
type
]
||=
references
(
type
,
reference_context
)
end
end
def
issues
options
=
{
project:
project
,
current_user:
current_user
}
if
project
&&
project
.
jira_tracker?
@references
[
:external_issue
]
||=
references
(
:external_issue
,
options
)
@references
[
:external_issue
]
||=
references
(
:external_issue
,
reference_context
)
else
@references
[
:issue
]
||=
references
(
:issue
,
options
)
@references
[
:issue
]
||=
references
(
:issue
,
reference_context
)
end
end
private
def
reference_context
{
project:
project
,
current_user:
current_user
,
author:
author
}
end
end
end
spec/lib/banzai/filter/user_reference_filter_spec.rb
View file @
672cbbff
...
...
@@ -37,9 +37,22 @@ describe Banzai::Filter::UserReferenceFilter, lib: true do
.
to
eq
urls
.
namespace_project_url
(
project
.
namespace
,
project
)
end
it
'adds to the results hash'
do
result
=
reference_pipeline_result
(
"Hey
#{
reference
}
"
)
expect
(
result
[
:references
][
:user
]).
to
eq
[
project
.
creator
]
context
"when the author is a member of the project"
do
it
'adds to the results hash'
do
result
=
reference_pipeline_result
(
"Hey
#{
reference
}
"
,
author:
project
.
creator
)
expect
(
result
[
:references
][
:user
]).
to
eq
[
project
.
creator
]
end
end
context
"when the author is not a member of the project"
do
let
(
:other_user
)
{
create
(
:user
)
}
it
"doesn't add to the results hash"
do
result
=
reference_pipeline_result
(
"Hey
#{
reference
}
"
,
author:
other_user
)
expect
(
result
[
:references
][
:user
]).
to
eq
[]
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment