Add latest changes from gitlab-org/gitlab@master

cfc792b9 · GitLab Bot · 93c6764d · cfc792b9 · cfc792b9 · cfc792b9
Commit cfc792b9 authored 5 years ago by GitLab Bot
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -262,6 +262,7 @@ class ProjectPolicy < BasePolicy
    enable :update_container_image
    enable :destroy_container_image
    enable :create_environment
+    enable :update_environment
    enable :create_deployment
    enable :update_deployment
    enable :create_release
@@ -278,8 +279,6 @@ class ProjectPolicy < BasePolicy
    enable :admin_board
    enable :push_to_delete_protected_branch
    enable :update_project_snippet
-    enable :update_environment
-    enable :update_deployment
    enable :admin_project_snippet
    enable :admin_project_member
    enable :admin_note

--- a/app/policies/project_snippet_policy.rb
+++ b/app/policies/project_snippet_policy.rb
@@ -45,6 +45,9 @@ class ProjectSnippetPolicy < BasePolicy
  end
  
  rule { ~can?(:read_project_snippet) }.prevent :create_note
+
+  # Aliasing the ability to ease GraphQL permissions check
+  rule { can?(:read_project_snippet) }.enable :read_snippet
 end
  
 ProjectSnippetPolicy.prepend_if_ee('EE::ProjectSnippetPolicy')
--- a/app/presenters/snippet_presenter.rb
+++ b/app/presenters/snippet_presenter.rb
+# frozen_string_literal: true
+
+class SnippetPresenter < Gitlab::View::Presenter::Delegated
+  presents :snippet
+
+  def web_url
+    Gitlab::UrlBuilder.build(snippet)
+  end
+
+  def raw_url
+    Gitlab::UrlBuilder.build(snippet, raw: true)
+  end
+
+  def can_read_snippet?
+    can_access_resource?("read")
+  end
+
+  def can_update_snippet?
+    can_access_resource?("update")
+  end
+
+  def can_admin_snippet?
+    can_access_resource?("admin")
+  end
+
+  private
+
+  def can_access_resource?(ability_prefix)
+    can?(current_user, ability_name(ability_prefix), snippet)
+  end
+
+  def ability_name(ability_prefix)
+    "#{ability_prefix}_#{snippet.class.underscore}".to_sym
+  end
+end
--- a/app/serializers/environment_entity.rb
+++ b/app/serializers/environment_entity.rb
@@ -24,6 +24,10 @@ class EnvironmentEntity < Grape::Entity
    stop_project_environment_path(environment.project, environment)
  end
  
+  expose :cancel_auto_stop_path, if: -> (*) { can_update_environment? } do |environment|
+    cancel_auto_stop_project_environment_path(environment.project, environment)
+  end
+
  expose :cluster_type, if: ->(environment, _) { cluster_platform_kubernetes? } do |environment|
    cluster.cluster_type
  end
@@ -37,6 +41,7 @@ class EnvironmentEntity < Grape::Entity
  end
  
  expose :created_at, :updated_at
+  expose :auto_stop_at, expose_nil: false
  
  expose :can_stop do |environment|
    environment.available? && can?(current_user, :stop_environment, environment)
@@ -54,6 +59,10 @@ class EnvironmentEntity < Grape::Entity
    can?(request.current_user, :create_environment_terminal, environment)
  end
  
+  def can_update_environment?
+    can?(current_user, :update_environment, environment)
+  end
+
  def cluster_platform_kubernetes?
    deployment_platform && deployment_platform.is_a?(Clusters::Platforms::Kubernetes)
  end

--- a/app/services/deployments/after_create_service.rb
+++ b/app/services/deployments/after_create_service.rb
@@ -29,6 +29,7 @@ module Deployments
          environment.external_url = url
        end
  
+        renew_auto_stop_in
        environment.fire_state_event(action)
  
        if environment.save && !environment.stopped?
@@ -63,6 +64,12 @@ module Deployments
    def action
      environment_options[:action] || 'start'
    end
+
+    def renew_auto_stop_in
+      return unless deployable
+
+      environment.auto_stop_in = deployable.environment_auto_stop_in
+    end
  end
 end
  

--- a/app/services/environments/reset_auto_stop_service.rb
+++ b/app/services/environments/reset_auto_stop_service.rb
+# frozen_string_literal: true
+
+module Environments
+  class ResetAutoStopService < ::BaseService
+    def execute(environment)
+      return error(_('Failed to cancel auto stop because you do not have permission to update the environment.')) unless can_update_environment?(environment)
+      return error(_('Failed to cancel auto stop because the environment is not set as auto stop.')) unless environment.auto_stop_at?
+
+      if environment.reset_auto_stop
+        success
+      else
+        error(_('Failed to cancel auto stop because failed to update the environment.'))
+      end
+    end
+
+    private
+
+    def can_update_environment?(environment)
+      can?(current_user, :update_environment, environment)
+    end
+  end
+end
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -58,6 +58,14 @@ class NotificationService
    end
  end
  
+  # Notify the owner of the personal access token, when it is about to expire
+  # And mark the token with about_to_expire_delivered
+  def access_token_about_to_expire(user)
+    return unless user.can?(:receive_notifications)
+
+    mailer.access_token_about_to_expire_email(user).deliver_later
+  end
+
  # When create an issue we should send an email to:
  #
  #  * issue assignee if their notification level is not Disabled

--- a/app/views/clusters/clusters/_banner.html.haml
+++ b/app/views/clusters/clusters/_banner.html.haml
@@ -6,17 +6,19 @@
  %span.spinner.spinner-dark.spinner-sm{ 'aria-label': 'Loading' }
  %span.prepend-left-4= s_('ClusterIntegration|Kubernetes cluster is being created...')
  
-.hidden.row.js-cluster-api-unreachable.bs-callout.bs-callout-warning{ role: 'alert' }
-  .col-11
+.hidden.row.js-cluster-api-unreachable.gl-alert.gl-alert-warning{ role: 'alert' }
+  = sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+  %button.js-close-banner.gl-alert-dismiss{ type: 'button', 'aria-label' => _('Dismiss') }
+    = sprite_icon('close', size: 16, css_class: 'gl-icon')
+  .gl-alert-body
    = s_('ClusterIntegration|Your cluster API is unreachable. Please ensure your API URL is correct.')
-  .col-1.p-0
-    %button.js-close-banner.close.cluster-application-banner-close.h-100.m-0= "×"
  
-.hidden.js-cluster-authentication-failure.row.js-cluster-api-unreachable.bs-callout.bs-callout-warning{ role: 'alert' }
-  .col-11
+.hidden.js-cluster-authentication-failure.js-cluster-api-unreachable.gl-alert.gl-alert-warning{ role: 'alert' }
+  = sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+  %button.js-close-banner.gl-alert-dismiss{ type: 'button', 'aria-label' => _('Dismiss') }
+    = sprite_icon('close', size: 16, css_class: 'gl-icon')
+  .gl-alert-body
    = s_('ClusterIntegration|There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.')
-  .col-1.p-0
-    %button.js-close-banner.close.cluster-application-banner-close.h-100.m-0= "×"
  
 .hidden.js-cluster-success.bs-callout.bs-callout-success{ role: 'alert' }
  = s_("ClusterIntegration|Kubernetes cluster was successfully created.")
--- a/app/views/layouts/_flash.html.haml
+++ b/app/views/layouts/_flash.html.haml
+-# We currently only support `alert`, `notice`, `success`, 'toast'
 .flash-container.flash-container-page.sticky
-  -# We currently only support `alert`, `notice`, `success`
  - flash.each do |key, value|
-    -# Don't show a flash message if the message is nil
-    - if value
+    - if key == 'toast' && value
+      .js-toast-message{ data: { message: value } }
+    - elsif value
      %div{ class: "flash-#{key} mb-2" }
        %span= value
        %div{ class: "close-icon-wrapper js-close-icon" }

--- a/app/views/layouts/nav/sidebar/_project.html.haml
+++ b/app/views/layouts/nav/sidebar/_project.html.haml
@@ -144,8 +144,16 @@
                %strong.fly-out-top-item-name
                  = issue_tracker.title
  
+      - if (project_nav_tab? :labels) && !@project.issues_enabled?
+        = nav_link(controller: [:labels]) do
+          = link_to project_labels_path(@project), title: _('Labels'), class: 'shortcuts-labels qa-labels-items' do
+            .nav-icon-container
+              = sprite_icon('label')
+            %span.nav-item-name#js-onboarding-labels-link
+              = _('Labels')
+
      - if project_nav_tab? :merge_requests
-        = nav_link(controller: @project.issues_enabled? ? :merge_requests : [:merge_requests, :labels, :milestones]) do
+        = nav_link(controller: @project.issues_enabled? ? :merge_requests : [:merge_requests, :milestones]) do
          = link_to project_merge_requests_path(@project), class: 'shortcuts-merge_requests', data: { qa_selector: 'merge_requests_link' } do
            .nav-icon-container
              = sprite_icon('git-merge')

--- a/app/views/notify/access_token_about_to_expire_email.html.haml
+++ b/app/views/notify/access_token_about_to_expire_email.html.haml
+%p
+  = _('Hi %{username}!') % { username: sanitize_name(@user.name) }
+%p
+  = _('One or more of your personal access tokens will expire in %{days_to_expire} days or less.') % { days_to_expire: @days_to_expire }
+%p
+  - pat_link_start =  '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: @target_url }
+  = _('You can create a new one or check them in your %{pat_link_start}Personal Access Tokens%{pat_link_end} settings').html_safe % { pat_link_start: pat_link_start, pat_link_end: '</a>'.html_safe }
--- a/app/views/notify/access_token_about_to_expire_email.text.erb
+++ b/app/views/notify/access_token_about_to_expire_email.text.erb
+<%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %>
+
+<%= _('One or more of your personal access tokens will expire in %{days_to_expire} days or less.') % { days_to_expire: @days_to_expire} %>
+
+<%= _('You can create a new one or check them in your Personal Access Tokens settings %{pat_link}') % { pat_link: @target_url } %>
--- a/app/views/projects/environments/show.html.haml
+++ b/app/views/projects/environments/show.html.haml
@@ -5,7 +5,7 @@
 - content_for :page_specific_javascripts do
  = stylesheet_link_tag 'page_bundles/xterm'
  
- if can?(current_user, :stop_environment, @environment)
+- if @environment.available? && can?(current_user, :stop_environment, @environment)
  #stop-environment-modal.modal.fade{ tabindex: -1 }
    .modal-dialog
      .modal-content
@@ -40,7 +40,7 @@
    = render 'projects/environments/metrics_button', environment: @environment
    - if can?(current_user, :update_environment, @environment)
      = link_to _('Edit'), edit_project_environment_path(@project, @environment), class: 'btn'
-    - if can?(current_user, :stop_environment, @environment)
+    - if @environment.available? && can?(current_user, :stop_environment, @environment)
      = button_tag class: 'btn btn-danger', type: 'button', data: { toggle: 'modal',
        target: '#stop-environment-modal' } do
        = sprite_icon('stop')

--- a/app/views/projects/pages/_list.html.haml
+++ b/app/views/projects/pages/_list.html.haml
@@ -21,11 +21,11 @@
                  %span.badge.badge-danger
                    = s_('GitLabPages|Expired')
          %div
-            = link_to s_('GitLabPages|Edit'), edit_project_pages_domain_path(@project, domain), class: "btn btn-sm btn-grouped btn-success btn-inverted"
+            = link_to s_('GitLabPages|Edit'), project_pages_domain_path(@project, domain), class: "btn btn-sm btn-grouped btn-success btn-inverted"
            = link_to s_('GitLabPages|Remove'), project_pages_domain_path(@project, domain), data: { confirm: s_('GitLabPages|Are you sure?')}, method: :delete, class: "btn btn-remove btn-sm btn-grouped"
        - if verification_enabled && domain.unverified?
          %li.list-group-item.bs-callout-warning
-            - details_link_start = "<a href='#{edit_project_pages_domain_path(@project, domain)}'>".html_safe
+            - details_link_start = "<a href='#{project_pages_domain_path(@project, domain)}'>".html_safe
            - details_link_end = '</a>'.html_safe
            = s_('GitLabPages|%{domain} is not verified. To learn how to verify ownership, visit your %{link_start}domain details%{link_end}.').html_safe % { domain: domain.domain,
                link_start: details_link_start,

--- a/app/views/projects/pages_domains/edit.html.haml
+++ b/app/views/projects/pages_domains/edit.html.haml
- add_to_breadcrumbs _("Pages"), project_pages_path(@project)
- breadcrumb_title @domain.domain
- page_title @domain.domain
-
- verification_enabled = Gitlab::CurrentSettings.pages_domain_verification_enabled?
-
- if verification_enabled && @domain.unverified?
-  = content_for :flash_message do
-    .alert.alert-warning
-      .container-fluid.container-limited
-        = _("This domain is not verified. You will need to verify ownership before access is enabled.")
-
-%h3.page-title
-  = _('Pages Domain')
-= render 'projects/pages_domains/helper_text'
-%div
-  = form_for [@project.namespace.becomes(Namespace), @project, @domain], html: { class: 'fieldset-form' } do |f|
-    = render 'form', { f: f }
-    .form-actions.d-flex.justify-content-between
-      = f.submit _('Save Changes'), class: "btn btn-success"
-      = link_to _('Cancel'), project_pages_path(@project), class: 'btn btn-default btn-inverse'
--- a/app/views/projects/pages_domains/show.html.haml
+++ b/app/views/projects/pages_domains/show.html.haml
 - add_to_breadcrumbs _("Pages"), project_pages_path(@project)
 - breadcrumb_title @domain.domain
- page_title "#{@domain.domain}", _('Pages Domains')
- dns_record = "#{@domain.domain} CNAME #{@domain.project.pages_subdomain}.#{Settings.pages.host}."
+- page_title @domain.domain
  
 - verification_enabled = Gitlab::CurrentSettings.pages_domain_verification_enabled?
  
@@ -11,51 +10,12 @@
      .container-fluid.container-limited
        = _("This domain is not verified. You will need to verify ownership before access is enabled.")
  
-%h3.page-title.with-button
-  = link_to _('Edit'), edit_project_pages_domain_path(@project, @domain), class: 'btn btn-success float-right'
-  = _("Pages Domain")
-
-.table-holder
-  %table.table
-    %tr
-      %td
-        = _("Domain")
-      %td
-        = external_link(@domain.url, @domain.url)
-    %tr
-      %td
-        = _("DNS")
-      %td
-        .input-group
-          = text_field_tag :domain_dns, dns_record , class: "monospace js-select-on-focus form-control", readonly: true
-          .input-group-append
-            = clipboard_button(target: '#domain_dns', class: 'btn-default input-group-text d-none d-sm-block')
-        %p.form-text.text-muted
-          = _("To access this domain create a new DNS record")
-
-    - if verification_enabled
-      - verification_record = "#{@domain.verification_domain} TXT #{@domain.keyed_verification_code}"
-      %tr
-        %td
-          = _("Verification status")
-        %td
-          = form_tag verify_project_pages_domain_path(@project, @domain) do
-            .status-badge
-              - text, status = @domain.unverified? ? [_('Unverified'), 'badge-danger'] : [_('Verified'), 'badge-success']
-              .badge{ class: status }
-                = text
-              %button.btn.has-tooltip{ type: "submit", data: { container: 'body' }, title: _("Retry verification") }
-                = sprite_icon('redo')
-          .input-group
-            = text_field_tag :domain_verification, verification_record, class: "monospace js-select-on-focus form-control", readonly: true
-            .input-group-append
-              = clipboard_button(target: '#domain_verification', class: 'btn-default d-none d-sm-block')
-          %p.form-text.text-muted
-            - link_to_help = link_to(_('verify ownership'), help_page_path('user/project/pages/custom_domains_ssl_tls_certification/index.md', anchor: '4-verify-the-domains-ownership'))
-            = _("To %{link_to_help} of your domain, add the above key to a TXT record within to your DNS configuration.").html_safe % { link_to_help: link_to_help }
-
-    %tr
-      %td
-        = _("Certificate")
-      %td
-        = render 'lets_encrypt_callout', auto_ssl_available_and_enabled: false
+%h3.page-title
+  = _('Pages Domain')
+= render 'projects/pages_domains/helper_text'
+%div
+  = form_for [@project.namespace.becomes(Namespace), @project, @domain], html: { class: 'fieldset-form' } do |f|
+    = render 'form', { f: f }
+    .form-actions.d-flex.justify-content-between
+      = f.submit _('Save Changes'), class: "btn btn-success"
+      = link_to _('Cancel'), project_pages_path(@project), class: 'btn btn-default btn-inverse'
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -33,7 +33,7 @@
        .block.milestone{ data: { qa_selector: 'milestone_block' } }
          .sidebar-collapsed-icon.has-tooltip{ title: sidebar_milestone_tooltip_label(milestone), data: { container: 'body', html: 'true', placement: 'left', boundary: 'viewport' } }
            = icon('clock-o', 'aria-hidden': 'true')
-            %span.milestone-title.collapse-truncated-title{ data: { qa_selector: 'milestone_title' } }
+            %span.milestone-title.collapse-truncated-title
              - if milestone.present?
                = milestone[:title]
              - else
@@ -45,7 +45,7 @@
              = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right', data: { track_label: "right_sidebar", track_property: "milestone", track_event: "click_edit_button", track_value: "" }
          .value.hide-collapsed
            - if milestone.present?
-              = link_to milestone[:title], milestone[:web_url], class: "bold has-tooltip", title: sidebar_milestone_remaining_days(milestone), data: { container: "body", html: 'true', boundary: 'viewport', qa_selector: 'milestone_link' }
+              = link_to milestone[:title], milestone[:web_url], class: "bold has-tooltip", title: sidebar_milestone_remaining_days(milestone), data: { container: "body", html: 'true', boundary: 'viewport', qa_selector: 'milestone_link', qa_title: milestone[:title] }
            - else
              %span.no-value
                = _('None')

--- a/app/workers/all_queues.yml
+++ b/app/workers/all_queues.yml
@@ -16,6 +16,7 @@
 - cronjob:pages_domain_verification_cron
 - cronjob:pages_domain_removal_cron
 - cronjob:pages_domain_ssl_renewal_cron
+- cronjob:personal_access_tokens_expiring
 - cronjob:pipeline_schedule
 - cronjob:prune_old_events
 - cronjob:remove_expired_group_links
@@ -51,6 +52,8 @@
 - gcp_cluster:clusters_cleanup_app
 - gcp_cluster:clusters_cleanup_project_namespace
 - gcp_cluster:clusters_cleanup_service_account
+- gcp_cluster:clusters_applications_activate_service
+- gcp_cluster:clusters_applications_deactivate_service
  
 - github_import_advance_stage
 - github_importer:github_import_import_diff_note

--- a/app/workers/clusters/applications/activate_service_worker.rb
+++ b/app/workers/clusters/applications/activate_service_worker.rb
+# frozen_string_literal: true
+
+module Clusters
+  module Applications
+    class ActivateServiceWorker
+      include ApplicationWorker
+      include ClusterQueue
+
+      def perform(cluster_id, service_name)
+        cluster = Clusters::Cluster.find_by_id(cluster_id)
+        return unless cluster
+
+        cluster.all_projects.find_each do |project|
+          project.find_or_initialize_service(service_name).update!(active: true)
+        end
+      end
+    end
+  end
+end
--- a/app/workers/clusters/applications/deactivate_service_worker.rb
+++ b/app/workers/clusters/applications/deactivate_service_worker.rb
+# frozen_string_literal: true
+
+module Clusters
+  module Applications
+    class DeactivateServiceWorker
+      include ApplicationWorker
+      include ClusterQueue
+
+      def perform(cluster_id, service_name)
+        cluster = Clusters::Cluster.find_by_id(cluster_id)
+        raise cluster_missing_error(service_name) unless cluster
+
+        service = "#{service_name}_service".to_sym
+        cluster.all_projects.with_service(service).find_each do |project|
+          project.public_send(service).update!(active: false) # rubocop:disable GitlabSecurity/PublicSend
+        end
+      end
+
+      def cluster_missing_error(service)
+        ActiveRecord::RecordNotFound.new("Can't deactivate #{service} services, host cluster not found! Some inconsistent records may be left in database.")
+      end
+    end
+  end
+end