BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
8fee5a05
Unverified
Commit
8fee5a05
authored
Jun 26, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make app works with strong params
Signed-off-by:
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
parent
2acde87e
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
84 additions
and
90 deletions
+84
-90
users_controller.rb
app/controllers/admin/users_controller.rb
+10
-17
emails_controller.rb
app/controllers/profiles/emails_controller.rb
+7
-1
profiles_controller.rb
app/controllers/profiles_controller.rb
+1
-1
deploy_keys_controller.rb
app/controllers/projects/deploy_keys_controller.rb
+5
-1
note.rb
app/models/note.rb
+6
-6
project.rb
app/models/project.rb
+9
-6
user.rb
app/models/user.rb
+10
-17
update_service.rb
app/services/issues/update_service.rb
+2
-2
update_service.rb
app/services/merge_requests/update_service.rb
+4
-4
update_service.rb
app/services/milestones/update_service.rb
+2
-2
create_service.rb
app/services/projects/create_service.rb
+7
-20
transfer_service.rb
app/services/projects/transfer_service.rb
+1
-1
update_service.rb
app/services/projects/update_service.rb
+3
-8
helpers.rb
lib/api/helpers.rb
+6
-2
users.rb
lib/api/users.rb
+1
-1
config_helper.rb
lib/gitlab/config_helper.rb
+9
-0
user.rb
lib/gitlab/oauth/user.rb
+1
-1
No files found.
app/controllers/admin/users_controller.rb
View file @
8fee5a05
...
...
@@ -13,7 +13,7 @@ class Admin::UsersController < Admin::ApplicationController
end
def
new
@user
=
User
.
build_user
@user
=
User
.
new
end
def
edit
...
...
@@ -37,15 +37,12 @@ class Admin::UsersController < Admin::ApplicationController
end
def
create
admin
=
user_params
.
delete
(
"admin"
)
opts
=
{
force_random_password:
true
,
password_expires_at:
Time
.
now
}
@user
=
User
.
build_user
(
user_params
.
merge
(
opts
),
as: :admin
)
@user
.
admin
=
(
admin
&&
admin
.
to_i
>
0
)
@user
=
User
.
new
(
user_params
.
merge
(
opts
))
@user
.
created_by_id
=
current_user
.
id
@user
.
generate_password
@user
.
skip_confirmation!
...
...
@@ -62,19 +59,15 @@ class Admin::UsersController < Admin::ApplicationController
end
def
update
admin
=
user_params
.
delete
(
"admin"
)
if
user_params
[
:password
].
blank?
user_params
.
delete
(
:password
)
user_params
.
delete
(
:password_confirmation
)
end
if
admin
.
present?
user
.
admin
=
!
admin
.
to_i
.
zero?
if
params
[
:user
][
:password
].
present?
user_params
.
merge
(
password:
params
[
:user
][
:password
],
password_confirmation:
params
[
:user
][
:password_confirmation
],
)
end
respond_to
do
|
format
|
if
user
.
update_attributes
(
user_params
,
as: :admin
)
if
user
.
update_attributes
(
user_params
)
user
.
confirm!
format
.
html
{
redirect_to
[
:admin
,
user
],
notice:
'User was successfully updated.'
}
format
.
json
{
head
:ok
}
...
...
@@ -118,10 +111,10 @@ class Admin::UsersController < Admin::ApplicationController
def
user_params
params
.
require
(
:user
).
permit
(
:email
,
:
password
,
:password_confirmation
,
:
remember_me
,
:bio
,
:name
,
:username
,
:email
,
:remember_me
,
:bio
,
:name
,
:username
,
:skype
,
:linkedin
,
:twitter
,
:website_url
,
:color_scheme_id
,
:theme_id
,
:force_random_password
,
:extern_uid
,
:provider
,
:password_expires_at
,
:avatar
,
:hide_no_ssh_key
,
:projects_limit
,
:can_create_group
,
:projects_limit
,
:can_create_group
,
:admin
)
end
end
app/controllers/profiles/emails_controller.rb
View file @
8fee5a05
...
...
@@ -7,7 +7,7 @@ class Profiles::EmailsController < ApplicationController
end
def
create
@email
=
current_user
.
emails
.
new
(
params
[
:email
]
)
@email
=
current_user
.
emails
.
new
(
email_params
)
flash
[
:alert
]
=
@email
.
errors
.
full_messages
.
first
unless
@email
.
save
...
...
@@ -23,4 +23,10 @@ class Profiles::EmailsController < ApplicationController
format
.
js
{
render
nothing:
true
}
end
end
private
def
email_params
params
.
require
(
:email
).
permit
(
:email
)
end
end
app/controllers/profiles_controller.rb
View file @
8fee5a05
...
...
@@ -14,7 +14,7 @@ class ProfilesController < ApplicationController
end
def
update
user_params
.
delete
(
:email
)
if
@user
.
ldap_user?
user_params
.
except!
(
:email
)
if
@user
.
ldap_user?
if
@user
.
update_attributes
(
user_params
)
flash
[
:notice
]
=
"Profile was successfully updated"
...
...
app/controllers/projects/deploy_keys_controller.rb
View file @
8fee5a05
...
...
@@ -22,7 +22,7 @@ class Projects::DeployKeysController < Projects::ApplicationController
end
def
create
@key
=
DeployKey
.
new
(
params
[
:deploy_key
]
)
@key
=
DeployKey
.
new
(
deploy_key_params
)
if
@key
.
valid?
&&
@project
.
deploy_keys
<<
@key
redirect_to
project_deploy_keys_path
(
@project
)
...
...
@@ -58,4 +58,8 @@ class Projects::DeployKeysController < Projects::ApplicationController
def
available_keys
@available_keys
||=
current_user
.
accessible_deploy_keys
end
def
deploy_key_params
params
.
require
(
:deploy_key
).
permit
(
:key
,
:title
)
end
end
app/models/note.rb
View file @
8fee5a05
...
...
@@ -61,13 +61,13 @@ class Note < ActiveRecord::Base
def
create_status_change_note
(
noteable
,
project
,
author
,
status
,
source
)
body
=
"_Status changed to
#{
status
}#{
' by '
+
source
.
gfm_reference
if
source
}
_"
create
(
{
create
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
,
system:
true
},
without_protection:
true
)
)
end
# +noteable+ was referenced from +mentioner+, by including GFM in either +mentioner+'s description or an associated Note.
...
...
@@ -86,7 +86,7 @@ class Note < ActiveRecord::Base
note_options
.
merge!
(
noteable:
noteable
)
end
create
(
note_options
,
without_protection:
true
)
create
(
note_options
)
end
def
create_milestone_change_note
(
noteable
,
project
,
author
,
milestone
)
...
...
@@ -96,13 +96,13 @@ class Note < ActiveRecord::Base
"_Milestone changed to
#{
milestone
.
title
}
_"
end
create
(
{
create
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
,
system:
true
},
without_protection:
true
)
)
end
def
create_assignee_change_note
(
noteable
,
project
,
author
,
assignee
)
...
...
@@ -114,7 +114,7 @@ class Note < ActiveRecord::Base
author:
author
,
note:
body
,
system:
true
}
,
without_protection:
true
)
})
end
def
discussions_from_notes
(
notes
)
...
...
app/models/project.rb
View file @
8fee5a05
...
...
@@ -27,14 +27,17 @@
class
Project
<
ActiveRecord
::
Base
include
Gitlab
::
ShellAdapter
include
Gitlab
::
VisibilityLevel
include
Gitlab
::
ConfigHelper
extend
Gitlab
::
ConfigHelper
extend
Enumerize
default_value_for
:archived
,
false
default_value_for
:issues_enabled
,
true
default_value_for
:merge_requests_enabled
,
true
default_value_for
:wiki_enabled
,
true
default_value_for
:visibility_level
,
gitlab_config_features
.
visibility_level
default_value_for
:issues_enabled
,
gitlab_config_features
.
issues
default_value_for
:merge_requests_enabled
,
gitlab_config_features
.
merge_requests
default_value_for
:wiki_enabled
,
gitlab_config_features
.
wiki
default_value_for
:wall_enabled
,
false
default_value_for
:snippets_enabled
,
true
default_value_for
:snippets_enabled
,
gitlab_config_features
.
snippets
ActsAsTaggableOn
.
strict_case_match
=
true
...
...
@@ -249,7 +252,7 @@ class Project < ActiveRecord::Base
end
def
web_url
[
Gitlab
.
config
.
gitlab
.
url
,
path_with_namespace
].
join
(
"/"
)
[
gitlab_config
.
url
,
path_with_namespace
].
join
(
"/"
)
end
def
web_url_without_protocol
...
...
@@ -470,7 +473,7 @@ class Project < ActiveRecord::Base
end
def
http_url_to_repo
[
Gitlab
.
config
.
gitlab
.
url
,
"/"
,
path_with_namespace
,
".git"
].
join
(
''
)
[
gitlab_config
.
url
,
"/"
,
path_with_namespace
,
".git"
].
join
(
''
)
end
# Check if current branch name is marked as protected in the system
...
...
app/models/user.rb
View file @
8fee5a05
...
...
@@ -50,10 +50,15 @@ require 'carrierwave/orm/activerecord'
require
'file_size_validator'
class
User
<
ActiveRecord
::
Base
include
Gitlab
::
ConfigHelper
extend
Gitlab
::
ConfigHelper
default_value_for
:admin
,
false
default_value_for
:can_create_group
,
true
default_value_for
:can_create_group
,
gitlab_config
.
default_can_create_group
default_value_for
:can_create_team
,
false
default_value_for
:hide_no_ssh_key
,
false
default_value_for
:projects_limit
,
gitlab_config
.
default_projects_limit
default_value_for
:theme_id
,
gitlab_config
.
default_theme
devise
:database_authenticatable
,
:token_authenticatable
,
:lockable
,
:async
,
:recoverable
,
:rememberable
,
:trackable
,
:validatable
,
:omniauthable
,
:confirmable
,
:registerable
...
...
@@ -211,20 +216,8 @@ class User < ActiveRecord::Base
where
(
'users.username = ? OR users.id = ?'
,
name_or_id
.
to_s
,
name_or_id
.
to_i
).
first
end
def
build_user
(
attrs
=
{},
options
=
{})
if
options
[
:as
]
==
:admin
User
.
new
(
defaults
.
merge
(
attrs
.
symbolize_keys
),
options
)
else
User
.
new
(
attrs
,
options
).
with_defaults
end
end
def
defaults
{
projects_limit:
Gitlab
.
config
.
gitlab
.
default_projects_limit
,
can_create_group:
Gitlab
.
config
.
gitlab
.
default_can_create_group
,
theme_id:
Gitlab
.
config
.
gitlab
.
default_theme
}
def
build_user
(
attrs
=
{})
User
.
new
(
attrs
)
end
end
...
...
@@ -302,7 +295,7 @@ class User < ActiveRecord::Base
end
def
can_change_username?
Gitlab
.
config
.
gitlab
.
username_changing_enabled
gitlab_config
.
username_changing_enabled
end
def
can_create_project?
...
...
@@ -477,7 +470,7 @@ class User < ActiveRecord::Base
def
avatar_url
(
size
=
nil
)
if
avatar
.
present?
URI
::
join
(
Gitlab
.
config
.
gitlab
.
url
,
avatar
.
url
).
to_s
URI
::
join
(
gitlab_config
.
url
,
avatar
.
url
).
to_s
else
GravatarService
.
new
.
execute
(
email
,
size
)
end
...
...
app/services/issues/update_service.rb
View file @
8fee5a05
module
Issues
class
UpdateService
<
Issues
::
BaseService
def
execute
(
issue
)
state
=
params
.
delete
(
'state_event'
)
||
params
.
delete
(
:state_event
)
state
=
params
[
:state_event
]
case
state
when
'reopen'
...
...
@@ -10,7 +10,7 @@ module Issues
Issues
::
CloseService
.
new
(
project
,
current_user
,
{}).
execute
(
issue
)
end
if
params
.
present?
&&
issue
.
update_attributes
(
params
)
if
params
.
present?
&&
issue
.
update_attributes
(
params
.
except
(
:state_event
)
)
issue
.
reset_events_cache
if
issue
.
previous_changes
.
include?
(
'milestone_id'
)
...
...
app/services/merge_requests/update_service.rb
View file @
8fee5a05
...
...
@@ -7,10 +7,10 @@ module MergeRequests
def
execute
(
merge_request
)
# We dont allow change of source/target projects
# after merge request was created
params
.
delete
(
:source_project_id
)
params
.
delete
(
:target_project_id
)
params
.
except!
(
:source_project_id
)
params
.
except!
(
:target_project_id
)
state
=
params
.
delete
(
'state_event'
)
||
params
.
delete
(
:state_event
)
state
=
params
[
:state_event
]
case
state
when
'reopen'
...
...
@@ -19,7 +19,7 @@ module MergeRequests
MergeRequests
::
CloseService
.
new
(
project
,
current_user
,
{}).
execute
(
merge_request
)
end
if
params
.
present?
&&
merge_request
.
update_attributes
(
params
)
if
params
.
present?
&&
merge_request
.
update_attributes
(
params
.
except
(
:state_event
)
)
merge_request
.
reset_events_cache
if
merge_request
.
previous_changes
.
include?
(
'milestone_id'
)
...
...
app/services/milestones/update_service.rb
View file @
8fee5a05
module
Milestones
class
UpdateService
<
Milestones
::
BaseService
def
execute
(
milestone
)
state
=
params
.
delete
(
'state_event'
)
||
params
.
delete
(
:state_event
)
state
=
params
[
:state_event
]
case
state
when
'activate'
...
...
@@ -11,7 +11,7 @@ module Milestones
end
if
params
.
present?
milestone
.
update_attributes
(
params
)
milestone
.
update_attributes
(
params
.
except
(
:state_event
)
)
end
milestone
...
...
app/services/projects/create_service.rb
View file @
8fee5a05
...
...
@@ -5,27 +5,13 @@ module Projects
end
def
execute
# get namespace id
namespace_id
=
params
.
delete
(
:namespace_id
)
@project
=
Project
.
new
(
params
)
#
check that user is allowed to set specified visibility_level
#
Reset visibility levet if is not allowed to set it
unless
Gitlab
::
VisibilityLevel
.
allowed_for?
(
current_user
,
params
[
:visibility_level
])
params
.
delete
(
:visibility_level
)
@project
.
visibility_level
=
default_features
.
visibility_level
end
# Load default feature settings
default_features
=
Gitlab
.
config
.
gitlab
.
default_projects_features
default_opts
=
{
issues_enabled:
default_features
.
issues
,
wiki_enabled:
default_features
.
wiki
,
snippets_enabled:
default_features
.
snippets
,
merge_requests_enabled:
default_features
.
merge_requests
,
visibility_level:
default_features
.
visibility_level
}.
stringify_keys
@project
=
Project
.
new
(
default_opts
.
merge
(
params
))
# Parametrize path for project
#
# Ex.
...
...
@@ -33,13 +19,14 @@ module Projects
#
@project
.
path
=
@project
.
name
.
dup
.
parameterize
unless
@project
.
path
.
present?
# get namespace id
namespace_id
=
params
[
:namespace_id
]
if
namespace_id
# Find matching namespace and check if it allowed
# for current user if namespace_id passed.
if
allowed_namespace?
(
current_user
,
namespace_id
)
@project
.
namespace_id
=
namespace_id
else
unless
allowed_namespace?
(
current_user
,
namespace_id
)
@project
.
namespace_id
=
nil
deny_namespace
return
@project
end
...
...
app/services/projects/transfer_service.rb
View file @
8fee5a05
...
...
@@ -12,7 +12,7 @@ module Projects
class
TransferError
<
StandardError
;
end
def
execute
namespace_id
=
params
.
delete
(
:namespace_id
)
namespace_id
=
params
[
:namespace_id
]
namespace
=
Namespace
.
find_by
(
id:
namespace_id
)
if
allowed_transfer?
(
current_user
,
project
,
namespace
)
...
...
app/services/projects/update_service.rb
View file @
8fee5a05
module
Projects
class
UpdateService
<
BaseService
def
execute
params
.
delete
(
:namespace_id
)
# check that user is allowed to set specified visibility_level
unless
can?
(
current_user
,
:change_visibility_level
,
project
)
&&
Gitlab
::
VisibilityLevel
.
allowed_for?
(
current_user
,
params
[
:visibility_level
])
params
.
delete
(
:visibility_level
)
params
[
:visibility_level
]
=
project
.
visibility_level
end
new_branch
=
params
.
delete
(
:default_branch
)
new_branch
=
params
[
:default_branch
]
if
project
.
repository
.
exists?
&&
new_branch
&&
new_branch
!=
project
.
default_branch
project
.
change_head
(
new_branch
)
end
if
project
.
update_attributes
(
params
)
if
project
.
previous_changes
.
include?
(
'namespace_id'
)
project
.
send_move_instructions
end
if
project
.
update_attributes
(
params
.
except
(
:default_branch
))
if
project
.
previous_changes
.
include?
(
'path'
)
project
.
rename_repo
end
...
...
lib/api/helpers.rb
View file @
8fee5a05
...
...
@@ -98,10 +98,14 @@ module API
def
attributes_for_keys
(
keys
)
attrs
=
{}
keys
.
each
do
|
key
|
attrs
[
key
]
=
params
[
key
]
if
params
[
key
].
present?
or
(
params
.
has_key?
(
key
)
and
params
[
key
]
==
false
)
if
params
[
key
].
present?
or
(
params
.
has_key?
(
key
)
and
params
[
key
]
==
false
)
attrs
[
key
]
=
params
[
key
]
end
end
attrs
ActionController
::
Parameters
.
new
(
attrs
).
permit!
end
# error helpers
...
...
lib/api/users.rb
View file @
8fee5a05
...
...
@@ -59,7 +59,7 @@ module API
authenticated_as_admin!
required_attributes!
[
:email
,
:password
,
:name
,
:username
]
attrs
=
attributes_for_keys
[
:email
,
:name
,
:password
,
:skype
,
:linkedin
,
:twitter
,
:projects_limit
,
:username
,
:extern_uid
,
:provider
,
:bio
,
:can_create_group
,
:admin
]
user
=
User
.
build_user
(
attrs
,
as: :admin
)
user
=
User
.
build_user
(
attrs
)
admin
=
attrs
.
delete
(
:admin
)
user
.
admin
=
admin
unless
admin
.
nil?
if
user
.
save
...
...
lib/gitlab/config_helper.rb
0 → 100644
View file @
8fee5a05
module
Gitlab::ConfigHelper
def
gitlab_config_features
Gitlab
.
config
.
gitlab
.
default_projects_features
end
def
gitlab_config
Gitlab
.
config
.
gitlab
end
end
lib/gitlab/oauth/user.rb
View file @
8fee5a05
...
...
@@ -27,7 +27,7 @@ module Gitlab
password_confirmation:
password
,
}
user
=
model
.
build_user
(
opts
,
as: :admin
)
user
=
model
.
build_user
(
opts
)
user
.
skip_confirmation!
# Services like twitter and github does not return email via oauth
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment