Merge remote-tracking branch 'origin/master' into artifacts-expire-date

1b62b86f · Kamil Trzcinski · 60e0137c · 0c0ef7df · 1b62b86f · 1b62b86f
Commit 1b62b86f authored 8 years ago by Kamil Trzcinski
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -92,9 +92,7 @@ update-knapsack:
    - export KNAPSACK_REPORT_PATH=knapsack/spinach_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
    - export KNAPSACK_GENERATE_REPORT=true
    - cp knapsack/spinach_report.json ${KNAPSACK_REPORT_PATH}
-    - knapsack spinach "-r rerun"
+    - knapsack spinach "-r rerun" || retry '[ ! -e tmp/spinach-rerun.txt ] || bundle exec spinach -r rerun $(cat tmp/spinach-rerun.txt)'
-    # retry failed tests 3 times
-    - retry '[ ! -e tmp/spinach-rerun.txt ] || bin/spinach -r rerun $(cat tmp/spinach-rerun.txt)'
  artifacts:
    paths:
    - knapsack/

--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -349,7 +349,7 @@ Style/MultilineArrayBraceLayout:
 # Avoid multi-line chains of blocks.
 Style/MultilineBlockChain:
-  Enabled: false
+  Enabled: true
 # Ensures newlines after multiline block do statements.
 Style/MultilineBlockLayout:

--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 8.9.0 (unreleased)
  - Fix Error 500 when using closes_issues API with an external issue tracker
+  - Add more information into RSS feed for issues (Alexander Matyushentsev)
  - Bulk assign/unassign labels to issues.
  - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
  - Fix endless redirections when accessing user OAuth applications when they are disabled
@@ -38,6 +39,8 @@ v 8.9.0 (unreleased)
  - Add option to project to only allow merge requests to be merged if the build succeeds (Rui Santos)
  - Fix issues filter when ordering by milestone
  - Added artifacts:when to .gitlab-ci.yml - this requires GitLab Runner 1.3
+  - Bamboo Service: Fix missing credentials & URL handling when base URL contains a path (Benjamin Schmid)
+  - TeamCity Service: Fix URL handling when base URL contains a path
  - Todos will display target state if issuable target is 'Closed' or 'Merged'
  - Fix bug when sorting issues by milestone due date and filtering by two or more labels
  - Add support for using Yubikeys (U2F) for two-factor authentication
@@ -72,6 +75,8 @@ v 8.9.0 (unreleased)
  - Cache on the database if a project has an active external issue tracker.
  - Put project Labels and Milestones pages links under Issues and Merge Requests tabs as subnav
  - All classes in the Banzai::ReferenceParser namespace are now instrumented
+  - Remove deprecated issues_tracker and issues_tracker_id from project model
+  - Allow users to create confidential issues in private projects
 v 8.8.5 (unreleased)
  - Ensure branch cleanup regardless of whether the GitHub import process succeeds

--- a/Gemfile
+++ b/Gemfile
@@ -248,7 +248,7 @@ end
 group :development do
  gem "foreman"
-  gem 'brakeman', '~> 3.2.0', require: false
+  gem 'brakeman', '~> 3.3.0', require: false
  gem 'letter_opener_web', '~> 1.3.0'
  gem 'quiet_assets', '~> 1.0.2'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -97,16 +97,7 @@ GEM
    bootstrap-sass (3.3.6)
      autoprefixer-rails (>= 5.2.1)
      sass (>= 3.3.4)
-    brakeman (3.2.1)
+    brakeman (3.3.2)
-      erubis (~> 2.6)
-      haml (>= 3.0, < 5.0)
-      highline (>= 1.6.20, < 2.0)
-      ruby2ruby (~> 2.3.0)
-      ruby_parser (~> 3.8.1)
-      safe_yaml (>= 1.0)
-      sass (~> 3.0)
-      slim (>= 1.3.6, < 4.0)
-      terminal-table (~> 1.4)
    browser (2.0.3)
    builder (3.2.2)
    bullet (5.0.0)
@@ -340,7 +331,6 @@ GEM
    hashie (3.4.3)
    health_check (1.5.1)
      rails (>= 2.3.0)
-    highline (1.7.8)
    hipchat (1.5.2)
      httparty
      mimemagic
@@ -645,10 +635,7 @@ GEM
    ruby-saml (1.1.2)
      nokogiri (>= 1.5.10)
      uuid (~> 2.3)
-    ruby2ruby (2.3.0)
+    ruby_parser (3.8.2)
-      ruby_parser (~> 3.1)
-      sexp_processor (~> 4.0)
-    ruby_parser (3.8.1)
      sexp_processor (~> 4.1)
    rubyntlm (0.5.2)
    rubypants (0.2.0)
@@ -658,7 +645,7 @@ GEM
    safe_yaml (1.0.4)
    sanitize (2.1.0)
      nokogiri (>= 1.4.4)
-    sass (3.4.21)
+    sass (3.4.22)
    sass-rails (5.0.4)
      railties (>= 4.0.0, < 5.0)
      sass (~> 3.1)
@@ -707,9 +694,6 @@ GEM
      tilt (>= 1.3, < 3)
    six (0.2.0)
    slack-notifier (1.2.1)
-    slim (3.0.6)
-      temple (~> 0.7.3)
-      tilt (>= 1.3.3, < 2.1)
    slop (3.6.0)
    spinach (0.8.10)
      colorize
@@ -750,10 +734,8 @@ GEM
      railties (>= 3.2.5, < 6)
    teaspoon-jasmine (2.2.0)
      teaspoon (>= 1.0.0)
-    temple (0.7.6)
    term-ansicolor (1.3.2)
      tins (~> 1.0)
-    terminal-table (1.5.2)
    test_after_commit (0.4.2)
      activerecord (>= 3.2)
    thin (1.6.4)
@@ -762,7 +744,7 @@ GEM
      rack (~> 1.0)
    thor (0.19.1)
    thread_safe (0.3.5)
-    tilt (2.0.2)
+    tilt (2.0.5)
    timecop (0.8.1)
    timfel-krb5-auth (0.8.3)
    tinder (1.10.1)
@@ -851,7 +833,7 @@ DEPENDENCIES
  better_errors (~> 1.0.1)
  binding_of_caller (~> 0.7.2)
  bootstrap-sass (~> 3.3.0)
-  brakeman (~> 3.2.0)
+  brakeman (~> 3.3.0)
  browser (~> 2.0.3)
  bullet
  bundler-audit

--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -42,7 +42,7 @@ class JwtController < ApplicationController
  end
  def authenticate_user(login, password)
-    user = Gitlab::Auth.find_in_gitlab_or_ldap(login, password)
+    user = Gitlab::Auth.find_with_user_password(login, password)
    Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login)
    user
  end

--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -43,7 +43,7 @@ class Projects::GitHttpController < Projects::ApplicationController
    return if project && project.public? && upload_pack?
    authenticate_or_request_with_http_basic do |login, password|
-      auth_result = Gitlab::Auth.find(login, password, project: project, ip: request.ip)
+      auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip)
      if auth_result.type == :ci && upload_pack?
        @ci = true

--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -51,7 +51,7 @@ class SnippetsFinder
    snippets = project.snippets.fresh
    if current_user
-      if project.team.member?(current_user.id) || current_user.admin?
+      if project.team.member?(current_user) || current_user.admin?
        snippets
      else
        snippets.public_and_internal

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -533,7 +533,7 @@ class Ability
    def filter_confidential_issues_abilities(user, issue, rules)
      return rules if user.admin? || !issue.confidential?
-      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user.id)
+      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user, Gitlab::Access::REPORTER)
        rules.delete(:admin_issue)
        rules.delete(:read_issue)
        rules.delete(:update_issue)

--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -51,10 +51,18 @@ class Issue < ActiveRecord::Base
  end
  def self.visible_to_user(user)
-    return where(confidential: false) if user.blank?
+    return where('issues.confidential IS NULL OR issues.confidential IS FALSE') if user.blank?
    return all if user.admin?
-    where('issues.confidential = false OR (issues.confidential = true AND (issues.author_id = :user_id OR issues.assignee_id = :user_id OR issues.project_id IN(:project_ids)))', user_id: user.id, project_ids: user.authorized_projects.select(:id))
+    where('
+      issues.confidential IS NULL
+      OR issues.confidential IS FALSE
+      OR (issues.confidential = TRUE
+        AND (issues.author_id = :user_id
+          OR issues.assignee_id = :user_id
+          OR issues.project_id IN(:project_ids)))',
+      user_id: user.id,
+      project_ids: user.authorized_projects(Gitlab::Access::REPORTER).select(:id))
  end
  def self.reference_prefix

--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -88,22 +88,9 @@ class Note < ActiveRecord::Base
      table   = arel_table
      pattern = "%#{query}%"
-      found_notes = joins('LEFT JOIN issues ON issues.id = noteable_id').
+      Note.joins('LEFT JOIN issues ON issues.id = noteable_id').
-        where(table[:note].matches(pattern))
+        where(table[:note].matches(pattern)).
+        merge(Issue.visible_to_user(as_user))
-      if as_user
-        found_notes.where('
-          issues.confidential IS NULL
-          OR issues.confidential IS FALSE
-          OR (issues.confidential IS TRUE
-            AND (issues.author_id = :user_id
-            OR issues.assignee_id = :user_id
-            OR issues.project_id IN(:project_ids)))',
-          user_id: as_user.id,
-          project_ids: as_user.authorized_projects.select(:id))
-      else
-        found_notes.where('issues.confidential IS NULL OR issues.confidential IS FALSE')
-      end
    end
  end

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -146,7 +146,6 @@ class Project < ActiveRecord::Base
              message: Gitlab::Regex.project_path_regex_message }
  validates :issues_enabled, :merge_requests_enabled,
            :wiki_enabled, inclusion: { in: [true, false] }
-  validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true
  validates :namespace, presence: true
  validates_uniqueness_of :name, scope: :namespace_id
  validates_uniqueness_of :path, scope: :namespace_id
@@ -589,10 +588,6 @@ class Project < ActiveRecord::Base
    update_column(:has_external_issue_tracker, services.external_issue_trackers.any?)
  end
-  def can_have_issues_tracker_id?
-    self.issues_enabled && !self.default_issues_tracker?
-  end
  def build_missing_services
    services_templates = Service.where(template: true)

--- a/app/models/project_services/bamboo_service.rb
+++ b/app/models/project_services/bamboo_service.rb
 class BambooService < CiService
-  include HTTParty
  prop_accessor :bamboo_url, :build_key, :username, :password
  validates :bamboo_url, presence: true, url: true, if: :activated?
@@ -61,18 +59,7 @@ class BambooService < CiService
  end
  def build_info(sha)
-    url = URI.join(bamboo_url, "/rest/api/latest/result?label=#{sha}").to_s
+    @response = get_path("rest/api/latest/result?label=#{sha}")
-    if username.blank? && password.blank?
-      @response = HTTParty.get(url, verify: false)
-    else
-      url << '&os_authType=basic'
-      auth = {
-        username: username,
-        password: password
-      }
-      @response = HTTParty.get(url, verify: false, basic_auth: auth)
-    end
  end
  def build_page(sha, ref)
@@ -80,11 +67,11 @@ class BambooService < CiService
    if @response.code != 200 || @response['results']['results']['size'] == '0'
      # If actual build link can't be determined, send user to build summary page.
-      URI.join(bamboo_url, "/browse/#{build_key}").to_s
+      URI.join("#{bamboo_url}/", "browse/#{build_key}").to_s
    else
      # If actual build link is available, go to build result page.
      result_key = @response['results']['results']['result']['planResultKey']['key']
-      URI.join(bamboo_url, "/browse/#{result_key}").to_s
+      URI.join("#{bamboo_url}/", "browse/#{result_key}").to_s
    end
  end
@@ -112,8 +99,27 @@ class BambooService < CiService
  def execute(data)
    return unless supported_events.include?(data[:object_kind])
-    # Bamboo requires a GET and does not take any data.
+    get_path("updateAndBuild.action?buildKey=#{build_key}")
-    url = URI.join(bamboo_url, "/updateAndBuild.action?buildKey=#{build_key}").to_s
+  end
-    self.class.get(url, verify: false)
+  private
+  def build_url(path)
+    URI.join("#{bamboo_url}/", path).to_s
+  end
+  def get_path(path)
+    url = build_url(path)
+    if username.blank? && password.blank?
+      HTTParty.get(url, verify: false)
+    else
+      url << '&os_authType=basic'
+      HTTParty.get(url, verify: false,
+                        basic_auth: {
+                          username: username,
+                          password: password
+                        })
+    end
  end
 end
--- a/app/models/project_services/issue_tracker_service.rb
+++ b/app/models/project_services/issue_tracker_service.rb
@@ -38,9 +38,9 @@ class IssueTrackerService < Service
      if enabled_in_gitlab_config
        self.properties = {
          title: issues_tracker['title'],
-          project_url: add_issues_tracker_id(issues_tracker['project_url']),
+          project_url: issues_tracker['project_url'],
-          issues_url: add_issues_tracker_id(issues_tracker['issues_url']),
+          issues_url: issues_tracker['issues_url'],
-          new_issue_url: add_issues_tracker_id(issues_tracker['new_issue_url'])
+          new_issue_url: issues_tracker['new_issue_url']
        }
      else
        self.properties = {}
@@ -83,16 +83,4 @@ class IssueTrackerService < Service
  def issues_tracker
    Gitlab.config.issues_tracker[to_param]
  end
-  def add_issues_tracker_id(url)
-    if self.project
-      id = self.project.issues_tracker_id
-      if id
-        url = url.gsub(":issues_tracker_id", id)
-      end
-    end
-    url
-  end
 end
--- a/app/models/project_services/teamcity_service.rb
+++ b/app/models/project_services/teamcity_service.rb
 class TeamcityService < CiService
-  include HTTParty
  prop_accessor :teamcity_url, :build_type, :username, :password
  validates :teamcity_url, presence: true, url: true, if: :activated?
@@ -64,15 +62,7 @@ class TeamcityService < CiService
  end
  def build_info(sha)
-    url = URI.join(
+    @response = get_path("httpAuth/app/rest/builds/branch:unspecified:any,number:#{sha}")
-      teamcity_url,
-      "/httpAuth/app/rest/builds/branch:unspecified:any,number:#{sha}"
-    ).to_s
-    auth = {
-      username: username,
-      password: password
-    }
-    @response = HTTParty.get(url, verify: false, basic_auth: auth)
  end
  def build_page(sha, ref)
@@ -81,14 +71,11 @@ class TeamcityService < CiService
    if @response.code != 200
      # If actual build link can't be determined,
      # send user to build summary page.
-      URI.join(teamcity_url, "/viewLog.html?buildTypeId=#{build_type}").to_s
+      build_url("viewLog.html?buildTypeId=#{build_type}")
    else
      # If actual build link is available, go to build result page.
      built_id = @response['build']['id']
-      URI.join(
+      build_url("viewLog.html?buildId=#{built_id}&buildTypeId=#{build_type}")
-        teamcity_url,
-        "/viewLog.html?buildId=#{built_id}&buildTypeId=#{build_type}"
-      ).to_s
    end
  end
@@ -123,8 +110,8 @@ class TeamcityService < CiService
    branch = Gitlab::Git.ref_name(data[:ref])
-    self.class.post(
+    HTTParty.post(
-      URI.join(teamcity_url, '/httpAuth/app/rest/buildQueue').to_s,
+      build_url('httpAuth/app/rest/buildQueue'),
      body: "<build branchName=\"#{branch}\">"\
            "<buildType id=\"#{build_type}\"/>"\
            '</build>',
@@ -132,4 +119,18 @@ class TeamcityService < CiService
      basic_auth: auth
    )
  end
+  private
+  def build_url(path)
+    URI.join("#{teamcity_url}/", path).to_s
+  end
+  def get_path(path)
+    HTTParty.get(build_url(path), verify: false,
+                                  basic_auth: {
+                                    username: username,
+                                    password: password
+                                  })
+  end
 end
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -131,8 +131,14 @@ class ProjectTeam
    max_member_access(user.id) == Gitlab::Access::MASTER
  end
-  def member?(user_id)
+  def member?(user, min_member_access = nil)
-    !!find_member(user_id)
+    member = !!find_member(user.id)
+    if min_member_access
+      member && max_member_access(user.id) >= min_member_access
+    else
+      member
+    end
  end
  def human_max_access(user_id)

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -405,8 +405,8 @@ class User < ActiveRecord::Base
  end
  # Returns projects user is authorized to access.
-  def authorized_projects
+  def authorized_projects(min_access_level = nil)
-    Project.where("projects.id IN (#{projects_union.to_sql})")
+    Project.where("projects.id IN (#{projects_union(min_access_level).to_sql})")
  end
  def viewable_starred_projects
@@ -824,11 +824,19 @@ class User < ActiveRecord::Base
  private
-  def projects_union
+  def projects_union(min_access_level = nil)
-    Gitlab::SQL::Union.new([personal_projects.select(:id),
+    relations = [personal_projects.select(:id),
-                            groups_projects.select(:id),
+                 groups_projects.select(:id),
-                            projects.select(:id),
+                 projects.select(:id),
-                            groups.joins(:shared_projects).select(:project_id)])
+                 groups.joins(:shared_projects).select(:project_id)]
+    if min_access_level
+      scope = { access_level: Gitlab::Access.values.select { |access| access >= min_access_level } }
+      relations = [relations.shift] + relations.map { |relation| relation.where(members: scope) }
+    end
+    Gitlab::SQL::Union.new(relations)
  end
  def ci_projects_union

--- a/app/views/issues/_issue.atom.builder
+++ b/app/views/issues/_issue.atom.builder
@@ -5,10 +5,28 @@ xml.entry do
  xml.updated issue.created_at.xmlschema
  xml.media   :thumbnail, width: "40", height: "40", url: image_url(avatar_icon(issue.author_email))
-  xml.author do |author|
+  xml.author do
    xml.name issue.author_name
    xml.email issue.author_email
  end
  xml.summary issue.title
+  xml.description issue.description if issue.description
+  xml.milestone issue.milestone.title if issue.milestone
+  xml.due_date issue.due_date if issue.due_date
+  unless issue.labels.empty?
+    xml.labels do
+      issue.labels.each do |label|
+        xml.label label.name
+      end
+    end
+  end
+  if issue.assignee
+    xml.assignee do
+      xml.name issue.assignee.name
+      xml.email issue.assignee.email
+    end
+  end
 end
--- a/app/views/projects/pipelines/_head.html.haml
+++ b/app/views/projects/pipelines/_head.html.haml
@@ -5,11 +5,9 @@
        = link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do
          %span
            Pipelines
-            %span.badge.count.ci_counter= number_with_delimiter(@project.pipelines.running_or_pending.count)
    - if project_nav_tab? :builds
      = nav_link(controller: %w(builds)) do
        = link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do
          %span
            Builds
-            %span.badge.count.builds_counter= number_with_delimiter(@project.running_or_pending_build_count)
--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -35,13 +35,13 @@
      .clearfix
      .error-alert
- if issuable.is_a?(Issue) && !issuable.project.private?
+- if issuable.is_a?(Issue)
  .form-group
    .col-sm-offset-2.col-sm-10
      .checkbox
        = f.label :confidential do
          = f.check_box :confidential
-          This issue is confidential and should only be visible to team members
+          This issue is confidential and should only be visible to team members with at least Reporter access.
 - if can?(current_user, :"admin_#{issuable.to_ability_name}", issuable.project)
  - has_due_date = issuable.has_attribute?(:due_date)