Commit 4f0bfdb5 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'strong-parameters' into 'master'

Strong parameters

Replace protected_attributes with strong parameters.
Fixes #1340
parents 76e36dd2 4967c087
...@@ -10,8 +10,6 @@ end ...@@ -10,8 +10,6 @@ end
gem "rails", "~> 4.1.0" gem "rails", "~> 4.1.0"
gem "protected_attributes"
# Make links from text # Make links from text
gem 'rails_autolink', '~> 1.1' gem 'rails_autolink', '~> 1.1'
......
...@@ -331,8 +331,6 @@ GEM ...@@ -331,8 +331,6 @@ GEM
websocket-driver (>= 0.2.0) websocket-driver (>= 0.2.0)
polyglot (0.3.4) polyglot (0.3.4)
posix-spawn (0.3.8) posix-spawn (0.3.8)
protected_attributes (1.0.5)
activemodel (>= 4.0.1, < 5.0)
pry (0.9.12.4) pry (0.9.12.4)
coderay (~> 1.0) coderay (~> 1.0)
method_source (~> 0.8) method_source (~> 0.8)
...@@ -635,7 +633,6 @@ DEPENDENCIES ...@@ -635,7 +633,6 @@ DEPENDENCIES
org-ruby org-ruby
pg pg
poltergeist (~> 1.5.1) poltergeist (~> 1.5.1)
protected_attributes
pry pry
quiet_assets (~> 1.0.1) quiet_assets (~> 1.0.1)
rack-attack rack-attack
......
...@@ -6,7 +6,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController ...@@ -6,7 +6,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
end end
def create def create
@broadcast_message = BroadcastMessage.new(params[:broadcast_message]) @broadcast_message = BroadcastMessage.new(broadcast_message_params)
if @broadcast_message.save if @broadcast_message.save
redirect_to admin_broadcast_messages_path, notice: 'Broadcast Message was successfully created.' redirect_to admin_broadcast_messages_path, notice: 'Broadcast Message was successfully created.'
...@@ -29,4 +29,11 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController ...@@ -29,4 +29,11 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
def broadcast_messages def broadcast_messages
@broadcast_messages ||= BroadcastMessage.order("starts_at DESC").page(params[:page]) @broadcast_messages ||= BroadcastMessage.order("starts_at DESC").page(params[:page])
end end
def broadcast_message_params
params.require(:broadcast_message).permit(
:alert_type, :color, :ends_at, :font,
:message, :starts_at
)
end
end end
...@@ -20,7 +20,7 @@ class Admin::GroupsController < Admin::ApplicationController ...@@ -20,7 +20,7 @@ class Admin::GroupsController < Admin::ApplicationController
end end
def create def create
@group = Group.new(params[:group]) @group = Group.new(group_params)
@group.path = @group.name.dup.parameterize if @group.name @group.path = @group.name.dup.parameterize if @group.name
if @group.save if @group.save
...@@ -32,7 +32,7 @@ class Admin::GroupsController < Admin::ApplicationController ...@@ -32,7 +32,7 @@ class Admin::GroupsController < Admin::ApplicationController
end end
def update def update
if @group.update_attributes(params[:group]) if @group.update_attributes(group_params)
redirect_to [:admin, @group], notice: 'Group was successfully updated.' redirect_to [:admin, @group], notice: 'Group was successfully updated.'
else else
render "edit" render "edit"
...@@ -56,4 +56,8 @@ class Admin::GroupsController < Admin::ApplicationController ...@@ -56,4 +56,8 @@ class Admin::GroupsController < Admin::ApplicationController
def group def group
@group = Group.find_by(path: params[:id]) @group = Group.find_by(path: params[:id])
end end
def group_params
params.require(:group).permit(:name, :description, :path, :avatar)
end
end end
...@@ -5,7 +5,7 @@ class Admin::HooksController < Admin::ApplicationController ...@@ -5,7 +5,7 @@ class Admin::HooksController < Admin::ApplicationController
end end
def create def create
@hook = SystemHook.new(params[:hook]) @hook = SystemHook.new(hook_params)
if @hook.save if @hook.save
redirect_to admin_hooks_path, notice: 'Hook was successfully created.' redirect_to admin_hooks_path, notice: 'Hook was successfully created.'
...@@ -37,4 +37,8 @@ class Admin::HooksController < Admin::ApplicationController ...@@ -37,4 +37,8 @@ class Admin::HooksController < Admin::ApplicationController
redirect_to :back redirect_to :back
end end
def hook_params
params.require(:hook).permit(:url)
end
end end
...@@ -13,7 +13,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -13,7 +13,7 @@ class Admin::UsersController < Admin::ApplicationController
end end
def new def new
@user = User.build_user @user = User.new
end end
def edit def edit
...@@ -37,15 +37,12 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -37,15 +37,12 @@ class Admin::UsersController < Admin::ApplicationController
end end
def create def create
admin = params[:user].delete("admin")
opts = { opts = {
force_random_password: true, force_random_password: true,
password_expires_at: Time.now password_expires_at: Time.now
} }
@user = User.build_user(params[:user].merge(opts), as: :admin) @user = User.new(user_params.merge(opts))
@user.admin = (admin && admin.to_i > 0)
@user.created_by_id = current_user.id @user.created_by_id = current_user.id
@user.generate_password @user.generate_password
@user.skip_confirmation! @user.skip_confirmation!
...@@ -62,19 +59,15 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -62,19 +59,15 @@ class Admin::UsersController < Admin::ApplicationController
end end
def update def update
admin = params[:user].delete("admin") if params[:user][:password].present?
user_params.merge(
if params[:user][:password].blank? password: params[:user][:password],
params[:user].delete(:password) password_confirmation: params[:user][:password_confirmation],
params[:user].delete(:password_confirmation) )
end
if admin.present?
user.admin = !admin.to_i.zero?
end end
respond_to do |format| respond_to do |format|
if user.update_attributes(params[:user], as: :admin) if user.update_attributes(user_params)
user.confirm! user.confirm!
format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' } format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
format.json { head :ok } format.json { head :ok }
...@@ -115,4 +108,13 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -115,4 +108,13 @@ class Admin::UsersController < Admin::ApplicationController
def user def user
@user ||= User.find_by!(username: params[:id]) @user ||= User.find_by!(username: params[:id])
end end
def user_params
params.require(:user).permit(
:email, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
:projects_limit, :can_create_group, :admin
)
end
end end
...@@ -22,7 +22,7 @@ class GroupsController < ApplicationController ...@@ -22,7 +22,7 @@ class GroupsController < ApplicationController
end end
def create def create
@group = Group.new(params[:group]) @group = Group.new(group_params)
@group.path = @group.name.dup.parameterize if @group.name @group.path = @group.name.dup.parameterize if @group.name
if @group.save if @group.save
...@@ -84,7 +84,7 @@ class GroupsController < ApplicationController ...@@ -84,7 +84,7 @@ class GroupsController < ApplicationController
end end
def update def update
if @group.update_attributes(params[:group]) if @group.update_attributes(group_params)
redirect_to edit_group_path(@group), notice: 'Group was successfully updated.' redirect_to edit_group_path(@group), notice: 'Group was successfully updated.'
else else
render action: "edit" render action: "edit"
...@@ -159,4 +159,8 @@ class GroupsController < ApplicationController ...@@ -159,4 +159,8 @@ class GroupsController < ApplicationController
params[:state] = 'opened' if params[:state].blank? params[:state] = 'opened' if params[:state].blank?
params[:group_id] = @group.id params[:group_id] = @group.id
end end
def group_params
params.require(:group).permit(:name, :description, :path, :avatar)
end
end end
...@@ -7,7 +7,7 @@ class Profiles::EmailsController < ApplicationController ...@@ -7,7 +7,7 @@ class Profiles::EmailsController < ApplicationController
end end
def create def create
@email = current_user.emails.new(params[:email]) @email = current_user.emails.new(email_params)
flash[:alert] = @email.errors.full_messages.first unless @email.save flash[:alert] = @email.errors.full_messages.first unless @email.save
...@@ -23,4 +23,10 @@ class Profiles::EmailsController < ApplicationController ...@@ -23,4 +23,10 @@ class Profiles::EmailsController < ApplicationController
format.js { render nothing: true } format.js { render nothing: true }
end end
end end
private
def email_params
params.require(:email).permit(:email)
end
end end
...@@ -15,7 +15,7 @@ class Profiles::KeysController < ApplicationController ...@@ -15,7 +15,7 @@ class Profiles::KeysController < ApplicationController
end end
def create def create
@key = current_user.keys.new(params[:key]) @key = current_user.keys.new(key_params)
if @key.save if @key.save
redirect_to profile_key_path(@key) redirect_to profile_key_path(@key)
...@@ -53,4 +53,9 @@ class Profiles::KeysController < ApplicationController ...@@ -53,4 +53,9 @@ class Profiles::KeysController < ApplicationController
end end
end end
private
def key_params
params.require(:key).permit(:title, :key)
end
end end
...@@ -11,8 +11,8 @@ class Profiles::PasswordsController < ApplicationController ...@@ -11,8 +11,8 @@ class Profiles::PasswordsController < ApplicationController
end end
def create def create
new_password = params[:user][:password] new_password = user_params[:password]
new_password_confirmation = params[:user][:password_confirmation] new_password_confirmation = user_params[:password_confirmation]
result = @user.update_attributes( result = @user.update_attributes(
password: new_password, password: new_password,
...@@ -31,11 +31,11 @@ class Profiles::PasswordsController < ApplicationController ...@@ -31,11 +31,11 @@ class Profiles::PasswordsController < ApplicationController
end end
def update def update
password_attributes = params[:user].select do |key, value| password_attributes = user_params.select do |key, value|
%w(password password_confirmation).include?(key.to_s) %w(password password_confirmation).include?(key.to_s)
end end
unless @user.valid_password?(params[:user][:current_password]) unless @user.valid_password?(user_params[:current_password])
redirect_to edit_profile_password_path, alert: 'You must provide a valid current password' redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
return return
end end
...@@ -74,4 +74,8 @@ class Profiles::PasswordsController < ApplicationController ...@@ -74,4 +74,8 @@ class Profiles::PasswordsController < ApplicationController
def authorize_change_password! def authorize_change_password!
return render_404 if @user.ldap_user? return render_404 if @user.ldap_user?
end end
def user_params
params.require(:user).permit(:current_password, :password, :password_confirmation)
end
end end
...@@ -14,9 +14,9 @@ class ProfilesController < ApplicationController ...@@ -14,9 +14,9 @@ class ProfilesController < ApplicationController
end end
def update def update
params[:user].delete(:email) if @user.ldap_user? user_params.except!(:email) if @user.ldap_user?
if @user.update_attributes(params[:user]) if @user.update_attributes(user_params)
flash[:notice] = "Profile was successfully updated" flash[:notice] = "Profile was successfully updated"
else else
flash[:alert] = "Failed to update profile" flash[:alert] = "Failed to update profile"
...@@ -41,7 +41,7 @@ class ProfilesController < ApplicationController ...@@ -41,7 +41,7 @@ class ProfilesController < ApplicationController
end end
def update_username def update_username
@user.update_attributes(username: params[:user][:username]) @user.update_attributes(username: user_params[:username])
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -57,4 +57,12 @@ class ProfilesController < ApplicationController ...@@ -57,4 +57,12 @@ class ProfilesController < ApplicationController
def authorize_change_username! def authorize_change_username!
return render_404 unless @user.can_change_username? return render_404 unless @user.can_change_username?
end end
def user_params
params.require(:user).permit(
:email, :password, :password_confirmation, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
:avatar, :hide_no_ssh_key,
)
end
end end
...@@ -22,7 +22,7 @@ class Projects::DeployKeysController < Projects::ApplicationController ...@@ -22,7 +22,7 @@ class Projects::DeployKeysController < Projects::ApplicationController
end end
def create def create
@key = DeployKey.new(params[:deploy_key]) @key = DeployKey.new(deploy_key_params)
if @key.valid? && @project.deploy_keys << @key if @key.valid? && @project.deploy_keys << @key
redirect_to project_deploy_keys_path(@project) redirect_to project_deploy_keys_path(@project)
...@@ -58,4 +58,8 @@ class Projects::DeployKeysController < Projects::ApplicationController ...@@ -58,4 +58,8 @@ class Projects::DeployKeysController < Projects::ApplicationController
def available_keys def available_keys
@available_keys ||= current_user.accessible_deploy_keys @available_keys ||= current_user.accessible_deploy_keys
end end
def deploy_key_params
params.require(:deploy_key).permit(:key, :title)
end
end end
...@@ -12,7 +12,7 @@ class Projects::HooksController < Projects::ApplicationController ...@@ -12,7 +12,7 @@ class Projects::HooksController < Projects::ApplicationController
end end
def create def create
@hook = @project.hooks.new(params[:hook]) @hook = @project.hooks.new(hook_params)
@hook.save @hook.save
if @hook.valid? if @hook.valid?
...@@ -40,4 +40,8 @@ class Projects::HooksController < Projects::ApplicationController ...@@ -40,4 +40,8 @@ class Projects::HooksController < Projects::ApplicationController
def hook def hook
@hook ||= @project.hooks.find(params[:id]) @hook ||= @project.hooks.find(params[:id])
end end
def hook_params
params.require(:hook).permit(:url, :push_events, :issues_events, :merge_requests_events, :tag_push_events)
end
end end
...@@ -42,7 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -42,7 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def new def new
@issue = @project.issues.new(params[:issue]) @issue = @project.issues.new(issue_params)
respond_with(@issue) respond_with(@issue)
end end
...@@ -59,7 +59,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -59,7 +59,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def create def create
@issue = Issues::CreateService.new(project, current_user, params[:issue]).execute @issue = Issues::CreateService.new(project, current_user, issue_params).execute
respond_to do |format| respond_to do |format|
format.html do format.html do
...@@ -76,7 +76,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -76,7 +76,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def update def update
@issue = Issues::UpdateService.new(project, current_user, params[:issue]).execute(issue) @issue = Issues::UpdateService.new(project, current_user, issue_params).execute(issue)
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -144,4 +144,11 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -144,4 +144,11 @@ class Projects::IssuesController < Projects::ApplicationController
raise ActiveRecord::RecordNotFound.new raise ActiveRecord::RecordNotFound.new
end end
end end
def issue_params
params.require(:issue).permit(
:title, :assignee_id, :position, :description,
:milestone_id, :label_list, :state_event
)
end
end end
...@@ -60,7 +60,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -60,7 +60,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController
end end
def new def new
@merge_request = MergeRequest.new(params[:merge_request]) params[:merge_request] ||= ActionController::Parameters.new(
source_project: @project
)
@merge_request = MergeRequest.new(merge_request_params)
@merge_request.source_project = @project unless @merge_request.source_project @merge_request.source_project = @project unless @merge_request.source_project
@merge_request.target_project ||= (@project.forked_from_project || @project) @merge_request.target_project ||= (@project.forked_from_project || @project)
@target_branches = @merge_request.target_project.nil? ? [] : @merge_request.target_project.repository.branch_names @target_branches = @merge_request.target_project.nil? ? [] : @merge_request.target_project.repository.branch_names
...@@ -110,7 +114,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -110,7 +114,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
def create def create
@target_branches ||= [] @target_branches ||= []
@merge_request = MergeRequests::CreateService.new(project, current_user, params[:merge_request]).execute @merge_request = MergeRequests::CreateService.new(project, current_user, merge_request_params).execute
if @merge_request.valid? if @merge_request.valid?
redirect_to project_merge_request_path(@merge_request.target_project, @merge_request), notice: 'Merge request was successfully created.' redirect_to project_merge_request_path(@merge_request.target_project, @merge_request), notice: 'Merge request was successfully created.'
...@@ -122,7 +126,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -122,7 +126,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
end end
def update def update
@merge_request = MergeRequests::UpdateService.new(project, current_user, params[:merge_request]).execute(@merge_request) @merge_request = MergeRequests::UpdateService.new(project, current_user, merge_request_params).execute(@merge_request)
if @merge_request.valid? if @merge_request.valid?
respond_to do |format| respond_to do |format|
...@@ -263,4 +267,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -263,4 +267,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
can?(current_user, action, project) can?(current_user, action, project)
end end
def merge_request_params
params.require(:merge_request).permit(
:title, :assignee_id, :source_project_id, :source_branch,
:target_project_id, :target_branch, :milestone_id,
:state_event, :description, :label_list
)
end
end end
...@@ -37,7 +37,7 @@ class Projects::MilestonesController < Projects::ApplicationController ...@@ -37,7 +37,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end end
def create def create
@milestone = Milestones::CreateService.new(project, current_user, params[:milestone]).execute @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute
if @milestone.save if @milestone.save
redirect_to project_milestone_path(@project, @milestone) redirect_to project_milestone_path(@project, @milestone)
...@@ -47,7 +47,7 @@ class Projects::MilestonesController < Projects::ApplicationController ...@@ -47,7 +47,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end end
def update def update
@milestone = Milestones::UpdateService.new(project, current_user, params[:milestone]).execute(milestone) @milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone)
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -105,4 +105,8 @@ class Projects::MilestonesController < Projects::ApplicationController ...@@ -105,4 +105,8 @@ class Projects::MilestonesController < Projects::ApplicationController
def module_enabled def module_enabled
return render_404 unless @project.issues_enabled return render_404 unless @project.issues_enabled
end end
def milestone_params
params.require(:milestone).permit(:title, :description, :due_date, :state_event)
end
end end
...@@ -21,7 +21,7 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -21,7 +21,7 @@ class Projects::NotesController < Projects::ApplicationController
end end
def create def create
@note = Notes::CreateService.new(project, current_user, params[:note]).execute @note = Notes::CreateService.new(project, current_user, note_params).execute
respond_to do |format| respond_to do |format|
format.json { render_note_json(@note) } format.json { render_note_json(@note) }
...@@ -30,7 +30,7 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -30,7 +30,7 @@ class Projects::NotesController < Projects::ApplicationController
end end
def update def update
note.update_attributes(params[:note]) note.update_attributes(note_params)
note.reset_events_cache note.reset_events_cache
respond_to do |format| respond_to do |format|
...@@ -109,4 +109,11 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -109,4 +109,11 @@ class Projects::NotesController < Projects::ApplicationController
def authorize_admin_note! def authorize_admin_note!
return access_denied! unless can?(current_user, :admin_note, note) return access_denied! unless can?(current_user, :admin_note, note)
end end
def note_params
params.require(:note).permit(
:note, :noteable, :noteable_id, :noteable_type, :project_id,
:attachment, :line_code, :commit_id
)
end
end end
...@@ -11,7 +11,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController ...@@ -11,7 +11,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
end end
def create def create
@project.protected_branches.create(params[:protected_branch]) @project.protected_branches.create(protected_branch_params)
redirect_to project_protected_branches_path(@project) redirect_to project_protected_branches_path(@project)
end end
...@@ -23,4 +23,10 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController ...@@ -23,4 +23,10 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
format.js { render nothing: true } format.js { render nothing: true }
end end
end end
private
def protected_branch_params
params.require(:protected_branch).permit(:name)
end
end end
...@@ -16,7 +16,7 @@ class Projects::ServicesController < Projects::ApplicationController ...@@ -16,7 +16,7 @@ class Projects::ServicesController < Projects::ApplicationController
end end
def update def update
if @service.update_attributes(params[:service]) if @service.update_attributes(service_params)
redirect_to edit_project_service_path(@project, @service.to_param) redirect_to edit_project_service_path(@project, @service.to_param)
else else
render 'edit' render 'edit'
...@@ -36,4 +36,11 @@ class Projects::ServicesController < Projects::ApplicationController ...@@ -36,4 +36,11 @@ class Projects::ServicesController < Projects::ApplicationController
def service def service
@service ||= @project.services.find { |service| service.to_param == params[:id] } @service ||= @project.services.find { |service| service.to_param == params[:id] }
end end
def service_params
params.require(:service).permit(
:title, :token, :type, :active, :api_key, :subdomain,
:room, :recipients, :project_url
)
end
end end
...@@ -25,7 +25,7 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -25,7 +25,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end end
def create def create
@snippet = @project.snippets.build(params[:project_snippet]) @snippet = @project.snippets.build(snippet_params)
@snippet.author = current_user @snippet.author = current_user
if @snippet.save if @snippet.save
...@@ -39,7 +39,7 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -39,7 +39,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end end
def update def update
if @snippet.update_attributes(params[:project_snippet]) if @snippet.update_attributes(snippet_params)
redirect_to project_snippet_path(@project, @snippet) redirect_to project_snippet_path(@project, @snippet)
else else
respond_with(@snippet) respond_with(@snippet)
...@@ -86,4 +86,8 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -86,4 +86,8 @@ class Projects::SnippetsController < Projects::ApplicationController
def module_enabled def module_enabled
return render_404 unless @project.snippets_enabled return render_404 unless @project.snippets_enabled
end end
def snippet_params
params.require(:project_snippet).permit(:title, :content, :file_name, :private)
end
end end
...@@ -27,7 +27,7 @@ class Projects::TeamMembersController < Projects::ApplicationController ...@@ -27,7 +27,7 @@ class Projects::TeamMembersController < Projects::ApplicationController
def update def update
@user_project_relation = project.users_projects.find_by(user_id: member) @user_project_relation = project.users_projects.find_by(user_id: member)
@user_project_relation.update_attributes(params[:team_member]) @user_project_relation.update_attributes(member_params)
unless @user_project_relation.valid? unless @user_project_relation.valid?
flash[:alert] = "User should have at least one role" flash[:alert] = "User should have at least one role"
...@@ -67,4 +67,8 @@ class Projects::TeamMembersController < Projects::ApplicationController ...@@ -67,4 +67,8 @@ class Projects::TeamMembersController < Projects::ApplicationController
def member def member
@member ||= User.find_by(username: params[:id]) @member ||= User.find_by(username: params[:id])
end end
def member_params
params.require(:team_member).permit(:user_id, :project_access)
end
end end
...@@ -20,7 +20,7 @@ class ProjectsController < ApplicationController ...@@ -20,7 +20,7 @@ class ProjectsController < ApplicationController
end end
def create def create
@project = ::Projects::CreateService.new(current_user, params[:project]).execute @project = ::Projects::CreateService.new(current_user, project_params).execute
flash[:notice] = 'Project was successfully created.' if @project.saved? flash[:notice] = 'Project was successfully created.' if @project.saved?
respond_to do |format| respond_to do |format|
...@@ -29,7 +29,7 @@ class ProjectsController < ApplicationController ...@@ -29,7 +29,7 @@ class ProjectsController < ApplicationController
end end
def update def update
status = ::Projects::UpdateService.new(@project, current_user, params).execute status = ::Projects::UpdateService.new(@project, current_user, project_params).execute
respond_to do |format| respond_to do |format|
if status if status
...@@ -44,7 +44,7 @@ class ProjectsController < ApplicationController ...@@ -44,7 +44,7 @@ class ProjectsController < ApplicationController
end end
def transfer def transfer
::Projects::TransferService.new(project, current_user, params[:project]).execute ::Projects::TransferService.new(project, current_user, project_params).execute
end end
def show def show
...@@ -85,7 +85,7 @@ class ProjectsController < ApplicationController ...@@ -85,7 +85,7 @@ class ProjectsController < ApplicationController
redirect_to import_project_path(@project) redirect_to import_project_path(@project)
end end
@project.import_url = params[:project][:import_url] @project.import_url = project_params[:import_url]
if @project.save if @project.save
@project.reload @project.reload
...@@ -185,4 +185,12 @@ class ProjectsController < ApplicationController ...@@ -185,4 +185,12 @@ class ProjectsController < ApplicationController
def user_layout def user_layout
current_user ? "projects" : "public_projects" current_user ? "projects" : "public_projects"
end end
def project_params
params.require(:project).permit(
:name, :path, :description, :issues_tracker, :label_list,
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id
)
end
end end
...@@ -13,7 +13,6 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -13,7 +13,6 @@ class RegistrationsController < Devise::RegistrationsController
def build_resource(hash=nil) def build_resource(hash=nil)
super super
self.resource.with_defaults
end end
private private
......
...@@ -51,7 +51,7 @@ class SnippetsController < ApplicationController ...@@ -51,7 +51,7 @@ class SnippetsController < ApplicationController
end end
def create def create
@snippet = PersonalSnippet.new(params[:personal_snippet]) @snippet = PersonalSnippet.new(snippet_params)
@snippet.author = current_user @snippet.author = current_user
if @snippet.save if @snippet.save
...@@ -65,7 +65,7 @@ class SnippetsController < ApplicationController ...@@ -65,7 +65,7 @@ class SnippetsController < ApplicationController
end end
def update def update
if @snippet.update_attributes(params[:personal_snippet]) if @snippet.update_attributes(snippet_params)
redirect_to snippet_path(@snippet) redirect_to snippet_path(@snippet)
else else
respond_with @snippet respond_with @snippet
...@@ -109,4 +109,8 @@ class SnippetsController < ApplicationController ...@@ -109,4 +109,8 @@ class SnippetsController < ApplicationController
def set_title def set_title
@title = 'Snippets' @title = 'Snippets'
end end
def snippet_params
params.require(:personal_snippet).permit(:title, :content, :file_name, :private)
end
end end
...@@ -14,7 +14,7 @@ class UsersGroupsController < ApplicationController ...@@ -14,7 +14,7 @@ class UsersGroupsController < ApplicationController
def update def update
@member = @group.users_groups.find(params[:id]) @member = @group.users_groups.find(params[:id])
@member.update_attributes(params[:users_group]) @member.update_attributes(member_params)
end end
def destroy def destroy
...@@ -41,4 +41,8 @@ class UsersGroupsController < ApplicationController ...@@ -41,4 +41,8 @@ class UsersGroupsController < ApplicationController
return render_404 return render_404
end end
end end
def member_params
params.require(:users_group).permit(:group_access, :user_id)
end
end end
...@@ -14,8 +14,6 @@ ...@@ -14,8 +14,6 @@
# #
class BroadcastMessage < ActiveRecord::Base class BroadcastMessage < ActiveRecord::Base
attr_accessible :alert_type, :color, :ends_at, :font, :message, :starts_at
validates :message, presence: true validates :message, presence: true
validates :starts_at, presence: true validates :starts_at, presence: true
validates :ends_at, presence: true validates :ends_at, presence: true
......
...@@ -10,13 +10,10 @@ ...@@ -10,13 +10,10 @@
# #
class DeployKeysProject < ActiveRecord::Base class DeployKeysProject < ActiveRecord::Base
attr_accessible :key_id, :project_id
belongs_to :project belongs_to :project
belongs_to :deploy_key belongs_to :deploy_key
validates :deploy_key_id, presence: true validates :deploy_key_id, presence: true
validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" } validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
validates :project_id, presence: true validates :project_id, presence: true
end end
...@@ -10,16 +10,8 @@ ...@@ -10,16 +10,8 @@
# #
class Email < ActiveRecord::Base class Email < ActiveRecord::Base
attr_accessible :email, :user_id
#
# Relations
#
belongs_to :user belongs_to :user
#
# Validations
#
validates :user_id, presence: true validates :user_id, presence: true
validates :email, presence: true, email: { strict_mode: true }, uniqueness: true validates :email, presence: true, email: { strict_mode: true }, uniqueness: true
validate :unique_email, if: ->(email) { email.email_changed? } validate :unique_email, if: ->(email) { email.email_changed? }
......
...@@ -15,9 +15,6 @@ ...@@ -15,9 +15,6 @@
# #
class Event < ActiveRecord::Base class Event < ActiveRecord::Base
attr_accessible :project, :action, :data, :author_id, :project_id,
:target_id, :target_type
default_scope { where.not(author_id: nil) } default_scope { where.not(author_id: nil) }
CREATED = 1 CREATED = 1
......
...@@ -10,10 +10,6 @@ ...@@ -10,10 +10,6 @@
# #
class ForkedProjectLink < ActiveRecord::Base class ForkedProjectLink < ActiveRecord::Base
attr_accessible :forked_from_project_id, :forked_to_project_id
# Relations
belongs_to :forked_to_project, class_name: Project belongs_to :forked_to_project, class_name: Project
belongs_to :forked_from_project, class_name: Project belongs_to :forked_from_project, class_name: Project
end end
...@@ -20,8 +20,6 @@ class Group < Namespace ...@@ -20,8 +20,6 @@ class Group < Namespace
has_many :users_groups, dependent: :destroy has_many :users_groups, dependent: :destroy
has_many :users, through: :users_groups has_many :users, through: :users_groups
attr_accessible :avatar
validate :avatar_type, if: ->(user) { user.avatar_changed? } validate :avatar_type, if: ->(user) { user.avatar_changed? }
validates :avatar, file_size: { maximum: 100.kilobytes.to_i } validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
......
...@@ -33,9 +33,6 @@ class Issue < ActiveRecord::Base ...@@ -33,9 +33,6 @@ class Issue < ActiveRecord::Base
scope :of_group, ->(group) { where(project_id: group.project_ids) } scope :of_group, ->(group) { where(project_id: group.project_ids) }
scope :of_user_team, ->(team) { where(project_id: team.project_ids, assignee_id: team.member_ids) } scope :of_user_team, ->(team) { where(project_id: team.project_ids, assignee_id: team.member_ids) }
attr_accessible :title, :assignee_id, :position, :description,
:milestone_id, :label_list, :state_event
acts_as_taggable_on :labels acts_as_taggable_on :labels
scope :cared, ->(user) { where(assignee_id: user) } scope :cared, ->(user) { where(assignee_id: user) }
......
...@@ -19,8 +19,6 @@ class Key < ActiveRecord::Base ...@@ -19,8 +19,6 @@ class Key < ActiveRecord::Base
belongs_to :user belongs_to :user
attr_accessible :key, :title
before_validation :strip_white_space, :generate_fingerpint before_validation :strip_white_space, :generate_fingerpint
validates :title, presence: true, length: { within: 0..255 } validates :title, presence: true, length: { within: 0..255 }
......
...@@ -36,10 +36,6 @@ class MergeRequest < ActiveRecord::Base ...@@ -36,10 +36,6 @@ class MergeRequest < ActiveRecord::Base
delegate :commits, :diffs, :last_commit, :last_commit_short_sha, to: :merge_request_diff, prefix: nil delegate :commits, :diffs, :last_commit, :last_commit_short_sha, to: :merge_request_diff, prefix: nil
attr_accessible :title, :assignee_id, :source_project_id, :source_branch,
:target_project_id, :target_branch, :milestone_id,
:state_event, :description, :label_list
attr_accessor :should_remove_source_branch attr_accessor :should_remove_source_branch
# When this attribute is true some MR validation is ignored # When this attribute is true some MR validation is ignored
......
...@@ -22,8 +22,6 @@ class MergeRequestDiff < ActiveRecord::Base ...@@ -22,8 +22,6 @@ class MergeRequestDiff < ActiveRecord::Base
belongs_to :merge_request belongs_to :merge_request
attr_accessible :state, :st_commits, :st_diffs
delegate :target_branch, :source_branch, to: :merge_request, prefix: nil delegate :target_branch, :source_branch, to: :merge_request, prefix: nil
state_machine :state, initial: :empty do state_machine :state, initial: :empty do
......
...@@ -16,8 +16,6 @@ ...@@ -16,8 +16,6 @@
class Milestone < ActiveRecord::Base class Milestone < ActiveRecord::Base
include InternalId include InternalId
attr_accessible :title, :description, :due_date, :state_event
belongs_to :project belongs_to :project
has_many :issues has_many :issues
has_many :merge_requests has_many :merge_requests
......
...@@ -16,8 +16,6 @@ ...@@ -16,8 +16,6 @@
class Namespace < ActiveRecord::Base class Namespace < ActiveRecord::Base
include Gitlab::ShellAdapter include Gitlab::ShellAdapter
attr_accessible :name, :description, :path
has_many :projects, dependent: :destroy has_many :projects, dependent: :destroy
belongs_to :owner, class_name: "User" belongs_to :owner, class_name: "User"
......
...@@ -25,8 +25,6 @@ class Note < ActiveRecord::Base ...@@ -25,8 +25,6 @@ class Note < ActiveRecord::Base
default_value_for :system, false default_value_for :system, false
attr_accessible :note, :noteable, :noteable_id, :noteable_type, :project_id,
:attachment, :line_code, :commit_id
attr_mentionable :note attr_mentionable :note
belongs_to :project belongs_to :project
...@@ -63,13 +61,13 @@ class Note < ActiveRecord::Base ...@@ -63,13 +61,13 @@ class Note < ActiveRecord::Base
def create_status_change_note(noteable, project, author, status, source) def create_status_change_note(noteable, project, author, status, source)
body = "_Status changed to #{status}#{' by ' + source.gfm_reference if source}_" body = "_Status changed to #{status}#{' by ' + source.gfm_reference if source}_"
create({ create(
noteable: noteable, noteable: noteable,
project: project, project: project,
author: author, author: author,
note: body, note: body,
system: true system: true
}, without_protection: true) )
end end
# +noteable+ was referenced from +mentioner+, by including GFM in either +mentioner+'s description or an associated Note. # +noteable+ was referenced from +mentioner+, by including GFM in either +mentioner+'s description or an associated Note.
...@@ -88,7 +86,7 @@ class Note < ActiveRecord::Base ...@@ -88,7 +86,7 @@ class Note < ActiveRecord::Base
note_options.merge!(noteable: noteable) note_options.merge!(noteable: noteable)
end end
create(note_options, without_protection: true) create(note_options)
end end
def create_milestone_change_note(noteable, project, author, milestone) def create_milestone_change_note(noteable, project, author, milestone)
...@@ -98,13 +96,13 @@ class Note < ActiveRecord::Base ...@@ -98,13 +96,13 @@ class Note < ActiveRecord::Base
"_Milestone changed to #{milestone.title}_" "_Milestone changed to #{milestone.title}_"
end end
create({ create(
noteable: noteable, noteable: noteable,
project: project, project: project,
author: author, author: author,
note: body, note: body,
system: true system: true
}, without_protection: true) )
end end
def create_assignee_change_note(noteable, project, author, assignee) def create_assignee_change_note(noteable, project, author, assignee)
...@@ -116,7 +114,7 @@ class Note < ActiveRecord::Base ...@@ -116,7 +114,7 @@ class Note < ActiveRecord::Base
author: author, author: author,
note: body, note: body,
system: true system: true
}, without_protection: true) })
end end
def discussions_from_notes(notes) def discussions_from_notes(notes)
......
...@@ -27,23 +27,20 @@ ...@@ -27,23 +27,20 @@
class Project < ActiveRecord::Base class Project < ActiveRecord::Base
include Gitlab::ShellAdapter include Gitlab::ShellAdapter
include Gitlab::VisibilityLevel include Gitlab::VisibilityLevel
include Gitlab::ConfigHelper
extend Gitlab::ConfigHelper
extend Enumerize extend Enumerize
default_value_for :archived, false default_value_for :archived, false
default_value_for :issues_enabled, true default_value_for :visibility_level, gitlab_config_features.visibility_level
default_value_for :merge_requests_enabled, true default_value_for :issues_enabled, gitlab_config_features.issues
default_value_for :wiki_enabled, true default_value_for :merge_requests_enabled, gitlab_config_features.merge_requests
default_value_for :wiki_enabled, gitlab_config_features.wiki
default_value_for :wall_enabled, false default_value_for :wall_enabled, false
default_value_for :snippets_enabled, true default_value_for :snippets_enabled, gitlab_config_features.snippets
ActsAsTaggableOn.strict_case_match = true ActsAsTaggableOn.strict_case_match = true
attr_accessible :name, :path, :description, :issues_tracker, :label_list,
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, as: [:default, :admin]
attr_accessible :namespace_id, :creator_id, as: :admin
acts_as_taggable_on :labels, :issues_default_labels acts_as_taggable_on :labels, :issues_default_labels
attr_accessor :new_default_branch attr_accessor :new_default_branch
...@@ -100,6 +97,9 @@ class Project < ActiveRecord::Base ...@@ -100,6 +97,9 @@ class Project < ActiveRecord::Base
message: "only letters, digits & '_' '-' '.' allowed. Letter or digit should be first" } message: "only letters, digits & '_' '-' '.' allowed. Letter or digit should be first" }
validates :issues_enabled, :merge_requests_enabled, validates :issues_enabled, :merge_requests_enabled,
:wiki_enabled, inclusion: { in: [true, false] } :wiki_enabled, inclusion: { in: [true, false] }
validates :visibility_level,
exclusion: { in: gitlab_config.restricted_visibility_levels },
if: -> { gitlab_config.restricted_visibility_levels.any? }
validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true
validates :namespace, presence: true validates :namespace, presence: true
validates_uniqueness_of :name, scope: :namespace_id validates_uniqueness_of :name, scope: :namespace_id
...@@ -255,7 +255,7 @@ class Project < ActiveRecord::Base ...@@ -255,7 +255,7 @@ class Project < ActiveRecord::Base
end end
def web_url def web_url
[Gitlab.config.gitlab.url, path_with_namespace].join("/") [gitlab_config.url, path_with_namespace].join("/")
end end
def web_url_without_protocol def web_url_without_protocol
...@@ -476,7 +476,7 @@ class Project < ActiveRecord::Base ...@@ -476,7 +476,7 @@ class Project < ActiveRecord::Base
end end
def http_url_to_repo def http_url_to_repo
[Gitlab.config.gitlab.url, "/", path_with_namespace, ".git"].join('') [gitlab_config.url, "/", path_with_namespace, ".git"].join('')
end end
# Check if current branch name is marked as protected in the system # Check if current branch name is marked as protected in the system
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
class ProjectHook < WebHook class ProjectHook < WebHook
belongs_to :project belongs_to :project
attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events
scope :push_hooks, -> { where(push_events: true) } scope :push_hooks, -> { where(push_events: true) }
scope :tag_push_hooks, -> { where(tag_push_events: true) } scope :tag_push_hooks, -> { where(tag_push_events: true) }
scope :issue_hooks, -> { where(issues_events: true) } scope :issue_hooks, -> { where(issues_events: true) }
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
# #
class AssemblaService < Service class AssemblaService < Service
attr_accessible :subdomain
include HTTParty include HTTParty
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
# #
class CampfireService < Service class CampfireService < Service
attr_accessible :subdomain, :room
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
def title def title
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
# #
class EmailsOnPushService < Service class EmailsOnPushService < Service
attr_accessible :recipients
validates :recipients, presence: true, if: :activated? validates :recipients, presence: true, if: :activated?
def title def title
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
# #
class GitlabCiService < CiService class GitlabCiService < CiService
attr_accessible :project_url
validates :project_url, presence: true, if: :activated? validates :project_url, presence: true, if: :activated?
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
# #
class HipchatService < Service class HipchatService < Service
attr_accessible :room
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
def title def title
......
...@@ -18,9 +18,6 @@ ...@@ -18,9 +18,6 @@
# #
class SlackService < Service class SlackService < Service
attr_accessible :room
attr_accessible :subdomain
validates :room, presence: true, if: :activated? validates :room, presence: true, if: :activated?
validates :subdomain, presence: true, if: :activated? validates :subdomain, presence: true, if: :activated?
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
......
...@@ -12,8 +12,6 @@ ...@@ -12,8 +12,6 @@
class ProtectedBranch < ActiveRecord::Base class ProtectedBranch < ActiveRecord::Base
include Gitlab::ShellAdapter include Gitlab::ShellAdapter
attr_accessible :name
belongs_to :project belongs_to :project
validates :name, presence: true validates :name, presence: true
validates :project, presence: true validates :project, presence: true
......
...@@ -22,8 +22,6 @@ ...@@ -22,8 +22,6 @@
class Service < ActiveRecord::Base class Service < ActiveRecord::Base
default_value_for :active, false default_value_for :active, false
attr_accessible :title, :token, :type, :active, :api_key
belongs_to :project belongs_to :project
has_one :service_hook has_one :service_hook
......
...@@ -18,8 +18,6 @@ ...@@ -18,8 +18,6 @@
class Snippet < ActiveRecord::Base class Snippet < ActiveRecord::Base
include Linguist::BlobHelper include Linguist::BlobHelper
attr_accessible :title, :content, :file_name, :expires_at, :private
default_value_for :private, true default_value_for :private, true
belongs_to :author, class_name: "User" belongs_to :author, class_name: "User"
......
...@@ -50,31 +50,24 @@ require 'carrierwave/orm/activerecord' ...@@ -50,31 +50,24 @@ require 'carrierwave/orm/activerecord'
require 'file_size_validator' require 'file_size_validator'
class User < ActiveRecord::Base class User < ActiveRecord::Base
include Gitlab::ConfigHelper
extend Gitlab::ConfigHelper
default_value_for :admin, false default_value_for :admin, false
default_value_for :can_create_group, true default_value_for :can_create_group, gitlab_config.default_can_create_group
default_value_for :can_create_team, false default_value_for :can_create_team, false
default_value_for :hide_no_ssh_key, false default_value_for :hide_no_ssh_key, false
default_value_for :projects_limit, gitlab_config.default_projects_limit
default_value_for :theme_id, gitlab_config.default_theme
devise :database_authenticatable, :token_authenticatable, :lockable, :async, devise :database_authenticatable, :token_authenticatable, :lockable, :async,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
as: [:default, :admin]
attr_accessible :projects_limit, :can_create_group,
as: :admin
attr_accessor :force_random_password attr_accessor :force_random_password
# Virtual attribute for authenticating by either username or email # Virtual attribute for authenticating by either username or email
attr_accessor :login attr_accessor :login
# Add login to attr_accessible
attr_accessible :login
# #
# Relations # Relations
# #
...@@ -223,20 +216,8 @@ class User < ActiveRecord::Base ...@@ -223,20 +216,8 @@ class User < ActiveRecord::Base
where('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i).first where('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i).first
end end
def build_user(attrs = {}, options= {}) def build_user(attrs = {})
if options[:as] == :admin User.new(attrs)
User.new(defaults.merge(attrs.symbolize_keys), options)
else
User.new(attrs, options).with_defaults
end
end
def defaults
{
projects_limit: Gitlab.config.gitlab.default_projects_limit,
can_create_group: Gitlab.config.gitlab.default_can_create_group,
theme_id: Gitlab.config.gitlab.default_theme
}
end end
end end
...@@ -314,7 +295,7 @@ class User < ActiveRecord::Base ...@@ -314,7 +295,7 @@ class User < ActiveRecord::Base
end end
def can_change_username? def can_change_username?
Gitlab.config.gitlab.username_changing_enabled gitlab_config.username_changing_enabled
end end
def can_create_project? def can_create_project?
...@@ -489,7 +470,7 @@ class User < ActiveRecord::Base ...@@ -489,7 +470,7 @@ class User < ActiveRecord::Base
def avatar_url(size = nil) def avatar_url(size = nil)
if avatar.present? if avatar.present?
URI::join(Gitlab.config.gitlab.url, avatar.url).to_s URI::join(gitlab_config.url, avatar.url).to_s
else else
GravatarService.new.execute(email, size) GravatarService.new.execute(email, size)
end end
......
...@@ -19,8 +19,6 @@ class UsersGroup < ActiveRecord::Base ...@@ -19,8 +19,6 @@ class UsersGroup < ActiveRecord::Base
Gitlab::Access.options_with_owner Gitlab::Access.options_with_owner
end end
attr_accessible :group_access, :user_id
belongs_to :user belongs_to :user
belongs_to :group belongs_to :group
......
...@@ -16,8 +16,6 @@ class UsersProject < ActiveRecord::Base ...@@ -16,8 +16,6 @@ class UsersProject < ActiveRecord::Base
include Notifiable include Notifiable
include Gitlab::Access include Gitlab::Access
attr_accessible :user, :user_id, :project_access
belongs_to :user belongs_to :user
belongs_to :project belongs_to :project
......
...@@ -22,8 +22,6 @@ class WebHook < ActiveRecord::Base ...@@ -22,8 +22,6 @@ class WebHook < ActiveRecord::Base
default_value_for :issues_events, false default_value_for :issues_events, false
default_value_for :merge_requests_events, false default_value_for :merge_requests_events, false
attr_accessible :url
# HTTParty timeout # HTTParty timeout
default_timeout 10 default_timeout 10
......
module Issues module Issues
class UpdateService < Issues::BaseService class UpdateService < Issues::BaseService
def execute(issue) def execute(issue)
state = params.delete('state_event') || params.delete(:state_event) state = params[:state_event]
case state case state
when 'reopen' when 'reopen'
...@@ -10,7 +10,7 @@ module Issues ...@@ -10,7 +10,7 @@ module Issues
Issues::CloseService.new(project, current_user, {}).execute(issue) Issues::CloseService.new(project, current_user, {}).execute(issue)
end end
if params.present? && issue.update_attributes(params) if params.present? && issue.update_attributes(params.except(:state_event))
issue.reset_events_cache issue.reset_events_cache
if issue.previous_changes.include?('milestone_id') if issue.previous_changes.include?('milestone_id')
......
...@@ -7,10 +7,10 @@ module MergeRequests ...@@ -7,10 +7,10 @@ module MergeRequests
def execute(merge_request) def execute(merge_request)
# We dont allow change of source/target projects # We dont allow change of source/target projects
# after merge request was created # after merge request was created
params.delete(:source_project_id) params.except!(:source_project_id)
params.delete(:target_project_id) params.except!(:target_project_id)
state = params.delete('state_event') || params.delete(:state_event) state = params[:state_event]
case state case state
when 'reopen' when 'reopen'
...@@ -19,7 +19,7 @@ module MergeRequests ...@@ -19,7 +19,7 @@ module MergeRequests
MergeRequests::CloseService.new(project, current_user, {}).execute(merge_request) MergeRequests::CloseService.new(project, current_user, {}).execute(merge_request)
end end
if params.present? && merge_request.update_attributes(params) if params.present? && merge_request.update_attributes(params.except(:state_event))
merge_request.reset_events_cache merge_request.reset_events_cache
if merge_request.previous_changes.include?('milestone_id') if merge_request.previous_changes.include?('milestone_id')
......
module Milestones module Milestones
class UpdateService < Milestones::BaseService class UpdateService < Milestones::BaseService
def execute(milestone) def execute(milestone)
state = params.delete('state_event') || params.delete(:state_event) state = params[:state_event]
case state case state
when 'activate' when 'activate'
...@@ -11,7 +11,7 @@ module Milestones ...@@ -11,7 +11,7 @@ module Milestones
end end
if params.present? if params.present?
milestone.update_attributes(params) milestone.update_attributes(params.except(:state_event))
end end
milestone milestone
......
...@@ -5,27 +5,13 @@ module Projects ...@@ -5,27 +5,13 @@ module Projects
end end
def execute def execute
# get namespace id @project = Project.new(params)
namespace_id = params.delete(:namespace_id)
# check that user is allowed to set specified visibility_level # Reset visibility levet if is not allowed to set it
unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
params.delete(:visibility_level) @project.visibility_level = default_features.visibility_level
end end
# Load default feature settings
default_features = Gitlab.config.gitlab.default_projects_features
default_opts = {
issues_enabled: default_features.issues,
wiki_enabled: default_features.wiki,
snippets_enabled: default_features.snippets,
merge_requests_enabled: default_features.merge_requests,
visibility_level: default_features.visibility_level
}.stringify_keys
@project = Project.new(default_opts.merge(params))
# Parametrize path for project # Parametrize path for project
# #
# Ex. # Ex.
...@@ -33,13 +19,14 @@ module Projects ...@@ -33,13 +19,14 @@ module Projects
# #
@project.path = @project.name.dup.parameterize unless @project.path.present? @project.path = @project.name.dup.parameterize unless @project.path.present?
# get namespace id
namespace_id = params[:namespace_id]
if namespace_id if namespace_id
# Find matching namespace and check if it allowed # Find matching namespace and check if it allowed
# for current user if namespace_id passed. # for current user if namespace_id passed.
if allowed_namespace?(current_user, namespace_id) unless allowed_namespace?(current_user, namespace_id)
@project.namespace_id = namespace_id @project.namespace_id = nil
else
deny_namespace deny_namespace
return @project return @project
end end
......
...@@ -12,7 +12,7 @@ module Projects ...@@ -12,7 +12,7 @@ module Projects
class TransferError < StandardError; end class TransferError < StandardError; end
def execute def execute
namespace_id = params.delete(:namespace_id) namespace_id = params[:namespace_id]
namespace = Namespace.find_by(id: namespace_id) namespace = Namespace.find_by(id: namespace_id)
if allowed_transfer?(current_user, project, namespace) if allowed_transfer?(current_user, project, namespace)
......
module Projects module Projects
class UpdateService < BaseService class UpdateService < BaseService
def execute(role = :default) def execute
params[:project].delete(:namespace_id)
# check that user is allowed to set specified visibility_level # check that user is allowed to set specified visibility_level
unless can?(current_user, :change_visibility_level, project) && Gitlab::VisibilityLevel.allowed_for?(current_user, params[:project][:visibility_level]) unless can?(current_user, :change_visibility_level, project) && Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
params[:project].delete(:visibility_level) params[:visibility_level] = project.visibility_level
end end
new_branch = params[:project].delete(:default_branch) new_branch = params[:default_branch]
if project.repository.exists? && new_branch && new_branch != project.default_branch if project.repository.exists? && new_branch && new_branch != project.default_branch
project.change_head(new_branch) project.change_head(new_branch)
end end
if project.update_attributes(params[:project], as: role) if project.update_attributes(params.except(:default_branch))
if project.previous_changes.include?('namespace_id')
project.send_move_instructions
end
if project.previous_changes.include?('path') if project.previous_changes.include?('path')
project.rename_repo project.rename_repo
end end
......
...@@ -41,12 +41,6 @@ module Gitlab ...@@ -41,12 +41,6 @@ module Gitlab
# like if you have constraints or database-specific column types # like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql # config.active_record.schema_format = :sql
# Enforce whitelist mode for mass assignment.
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
config.active_record.whitelist_attributes = true
# Enable the asset pipeline # Enable the asset pipeline
config.assets.enabled = true config.assets.enabled = true
config.assets.paths << Emoji.images_path config.assets.paths << Emoji.images_path
......
...@@ -19,9 +19,6 @@ Gitlab::Application.configure do ...@@ -19,9 +19,6 @@ Gitlab::Application.configure do
# Only use best-standards-support built into browsers # Only use best-standards-support built into browsers
config.action_dispatch.best_standards_support = :builtin config.action_dispatch.best_standards_support = :builtin
# Raise exception on mass assignment protection for Active Record models
config.active_record.mass_assignment_sanitizer = :strict
# Do not compress assets # Do not compress assets
config.assets.compress = false config.assets.compress = false
......
...@@ -26,9 +26,6 @@ Gitlab::Application.configure do ...@@ -26,9 +26,6 @@ Gitlab::Application.configure do
# ActionMailer::Base.deliveries array. # ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test config.action_mailer.delivery_method = :test
# Raise exception on mass assignment protection for Active Record models
# config.active_record.mass_assignment_sanitizer = :strict
# Print deprecation notices to the stderr # Print deprecation notices to the stderr
config.active_support.deprecation = :stderr config.active_support.deprecation = :stderr
......
...@@ -150,6 +150,6 @@ Settings['extra'] ||= Settingslogic.new({}) ...@@ -150,6 +150,6 @@ Settings['extra'] ||= Settingslogic.new({})
# #
if Rails.env.test? if Rails.env.test?
Settings.gitlab['default_projects_limit'] = 42 Settings.gitlab['default_projects_limit'] = 42
Settings.gitlab['default_can_create_group'] = false Settings.gitlab['default_can_create_group'] = true
Settings.gitlab['default_can_create_team'] = false Settings.gitlab['default_can_create_team'] = false
end end
...@@ -10,7 +10,7 @@ module SharedProject ...@@ -10,7 +10,7 @@ module SharedProject
# Create a specific project called "Shop" # Create a specific project called "Shop"
And 'I own project "Shop"' do And 'I own project "Shop"' do
@project = Project.find_by(name: "Shop") @project = Project.find_by(name: "Shop")
@project ||= create(:project, name: "Shop", namespace: @user.namespace) @project ||= create(:project, name: "Shop", namespace: @user.namespace, snippets_enabled: true)
@project.team << [@user, :master] @project.team << [@user, :master]
end end
......
...@@ -98,10 +98,14 @@ module API ...@@ -98,10 +98,14 @@ module API
def attributes_for_keys(keys) def attributes_for_keys(keys)
attrs = {} attrs = {}
keys.each do |key| keys.each do |key|
attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false) if params[key].present? or (params.has_key?(key) and params[key] == false)
attrs[key] = params[key]
end
end end
attrs
ActionController::Parameters.new(attrs).permit!
end end
# error helpers # error helpers
......
...@@ -59,7 +59,7 @@ module API ...@@ -59,7 +59,7 @@ module API
authenticated_as_admin! authenticated_as_admin!
required_attributes! [:email, :password, :name, :username] required_attributes! [:email, :password, :name, :username]
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
user = User.build_user(attrs, as: :admin) user = User.build_user(attrs)
admin = attrs.delete(:admin) admin = attrs.delete(:admin)
user.admin = admin unless admin.nil? user.admin = admin unless admin.nil?
if user.save if user.save
...@@ -96,7 +96,7 @@ module API ...@@ -96,7 +96,7 @@ module API
admin = attrs.delete(:admin) admin = attrs.delete(:admin)
user.admin = admin unless admin.nil? user.admin = admin unless admin.nil?
if user.update_attributes(attrs, as: :admin) if user.update_attributes(attrs)
present user, with: Entities::UserFull present user, with: Entities::UserFull
else else
not_found! not_found!
......
module Gitlab::ConfigHelper
def gitlab_config_features
Gitlab.config.gitlab.default_projects_features
end
def gitlab_config
Gitlab.config.gitlab
end
end
...@@ -27,7 +27,7 @@ module Gitlab ...@@ -27,7 +27,7 @@ module Gitlab
password_confirmation: password, password_confirmation: password,
} }
user = model.build_user(opts, as: :admin) user = model.build_user(opts)
user.skip_confirmation! user.skip_confirmation!
# Services like twitter and github does not return email via oauth # Services like twitter and github does not return email via oauth
......
...@@ -32,6 +32,7 @@ FactoryGirl.define do ...@@ -32,6 +32,7 @@ FactoryGirl.define do
path { name.downcase.gsub(/\s/, '_') } path { name.downcase.gsub(/\s/, '_') }
namespace namespace
creator creator
snippets_enabled true
trait :public do trait :public do
visibility_level Gitlab::VisibilityLevel::PUBLIC visibility_level Gitlab::VisibilityLevel::PUBLIC
......
...@@ -26,7 +26,6 @@ describe GitlabCiService do ...@@ -26,7 +26,6 @@ describe GitlabCiService do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe 'commits methods' do describe 'commits methods' do
......
...@@ -25,8 +25,6 @@ describe Issue do ...@@ -25,8 +25,6 @@ describe Issue do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe 'modules' do describe 'modules' do
......
...@@ -20,8 +20,6 @@ describe Key do ...@@ -20,8 +20,6 @@ describe Key do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
it { should_not allow_mass_assignment_of(:user_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -28,8 +28,6 @@ describe MergeRequest do ...@@ -28,8 +28,6 @@ describe MergeRequest do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Respond to" do describe "Respond to" do
......
...@@ -22,7 +22,6 @@ describe Milestone do ...@@ -22,7 +22,6 @@ describe Milestone do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -26,8 +26,6 @@ describe Namespace do ...@@ -26,8 +26,6 @@ describe Namespace do
it { should validate_presence_of :owner } it { should validate_presence_of :owner }
describe "Mass assignment" do describe "Mass assignment" do
it { should allow_mass_assignment_of(:name) }
it { should allow_mass_assignment_of(:path) }
end end
describe "Respond to" do describe "Respond to" do
......
...@@ -27,8 +27,6 @@ describe Note do ...@@ -27,8 +27,6 @@ describe Note do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author) }
it { should_not allow_mass_assignment_of(:author_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -23,7 +23,6 @@ describe ProjectSnippet do ...@@ -23,7 +23,6 @@ describe ProjectSnippet do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -48,8 +48,6 @@ describe Project do ...@@ -48,8 +48,6 @@ describe Project do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:namespace_id) }
it { should_not allow_mass_assignment_of(:creator_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -17,7 +17,6 @@ describe ProtectedBranch do ...@@ -17,7 +17,6 @@ describe ProtectedBranch do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe 'Validation' do describe 'Validation' do
......
...@@ -27,7 +27,6 @@ describe Service do ...@@ -27,7 +27,6 @@ describe Service do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Test Button" do describe "Test Button" do
......
...@@ -24,7 +24,6 @@ describe Snippet do ...@@ -24,7 +24,6 @@ describe Snippet do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -65,8 +65,6 @@ describe User do ...@@ -65,8 +65,6 @@ describe User do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:projects_limit) }
it { should allow_mass_assignment_of(:projects_limit).as(:admin) }
end end
describe 'validations' do describe 'validations' do
...@@ -243,18 +241,8 @@ describe User do ...@@ -243,18 +241,8 @@ describe User do
it { user.first_name.should == 'John' } it { user.first_name.should == 'John' }
end end
describe 'without defaults' do
let(:user) { User.new }
it "should not apply defaults to user" do
user.projects_limit.should == 10
user.can_create_group.should be_true
user.theme_id.should == Gitlab::Theme::BASIC
end
end
context 'as admin' do
describe 'with defaults' do describe 'with defaults' do
let(:user) { User.build_user({}, as: :admin) } let(:user) { User.new }
it "should apply defaults to user" do it "should apply defaults to user" do
user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
...@@ -264,42 +252,16 @@ describe User do ...@@ -264,42 +252,16 @@ describe User do
end end
describe 'with default overrides' do describe 'with default overrides' do
let(:user) { User.build_user({projects_limit: 123, can_create_group: true, can_create_team: true, theme_id: Gitlab::Theme::BASIC}, as: :admin) } let(:user) { User.new(projects_limit: 123, can_create_group: false, can_create_team: true, theme_id: Gitlab::Theme::BASIC) }
it "should apply defaults to user" do it "should apply defaults to user" do
Gitlab.config.gitlab.default_projects_limit.should_not == 123
Gitlab.config.gitlab.default_can_create_group.should_not be_true
Gitlab.config.gitlab.default_theme.should_not == Gitlab::Theme::BASIC
user.projects_limit.should == 123 user.projects_limit.should == 123
user.can_create_group.should be_true user.can_create_group.should be_false
user.theme_id.should == Gitlab::Theme::BASIC user.theme_id.should == Gitlab::Theme::BASIC
end end
end end
end end
context 'as user' do
describe 'with defaults' do
let(:user) { User.build_user }
it "should apply defaults to user" do
user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group
user.theme_id.should == Gitlab.config.gitlab.default_theme
end
end
describe 'with default overrides' do
let(:user) { User.build_user(projects_limit: 123, can_create_group: true, theme_id: Gitlab::Theme::BASIC) }
it "should apply defaults to user" do
user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group
user.theme_id.should == Gitlab.config.gitlab.default_theme
end
end
end
end
describe 'search' do describe 'search' do
let(:user1) { create(:user, username: 'James', email: 'james@testing.com') } let(:user1) { create(:user, username: 'James', email: 'james@testing.com') }
let(:user2) { create(:user, username: 'jameson', email: 'jameson@example.com') } let(:user2) { create(:user, username: 'jameson', email: 'jameson@example.com') }
......
...@@ -20,7 +20,6 @@ describe UsersGroup do ...@@ -20,7 +20,6 @@ describe UsersGroup do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:group_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -20,7 +20,6 @@ describe UsersProject do ...@@ -20,7 +20,6 @@ describe UsersProject do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Validation" do describe "Validation" do
......
...@@ -23,7 +23,6 @@ describe ProjectHook do ...@@ -23,7 +23,6 @@ describe ProjectHook do
end end
describe "Mass assignment" do describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end end
describe "Validations" do describe "Validations" do
......
...@@ -97,19 +97,6 @@ describe API::API, api: true do ...@@ -97,19 +97,6 @@ describe API::API, api: true do
response.status.should == 201 response.status.should == 201
end end
it "creating a user should respect default project limit" do
limit = 123456
Gitlab.config.gitlab.stub(:default_projects_limit).and_return(limit)
attr = attributes_for(:user )
expect {
post api("/users", admin), attr
}.to change { User.count }.by(1)
user = User.find_by(username: attr[:username])
user.projects_limit.should == limit
user.theme_id.should == Gitlab::Theme::MARS
Gitlab.config.gitlab.unstub(:default_projects_limit)
end
it "should not create user with invalid email" do it "should not create user with invalid email" do
post api("/users", admin), { email: "invalid email", password: 'password' } post api("/users", admin), { email: "invalid email", password: 'password' }
response.status.should == 400 response.status.should == 400
......
...@@ -11,7 +11,6 @@ describe Notes::CreateService do ...@@ -11,7 +11,6 @@ describe Notes::CreateService do
project.team << [user, :master] project.team << [user, :master]
opts = { opts = {
note: 'Awesome comment', note: 'Awesome comment',
description: 'please fix',
noteable_type: 'Issue', noteable_type: 'Issue',
noteable_id: issue.id noteable_id: issue.id
} }
......
...@@ -55,95 +55,6 @@ describe Projects::CreateService do ...@@ -55,95 +55,6 @@ describe Projects::CreateService do
it { File.exists?(@path).should be_false } it { File.exists?(@path).should be_false }
end end
end end
context 'respect configured visibility setting' do
before(:each) do
@settings = double("settings")
@settings.stub(:issues) { true }
@settings.stub(:merge_requests) { true }
@settings.stub(:wiki) { true }
@settings.stub(:snippets) { true }
Gitlab.config.gitlab.stub(restricted_visibility_levels: [])
Gitlab.config.gitlab.stub(:default_projects_features).and_return(@settings)
end
context 'should be public when setting is public' do
before do
@settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC }
@project = create_project(@user, @opts)
end
it { @project.public?.should be_true }
end
context 'should be private when setting is private' do
before do
@settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE }
@project = create_project(@user, @opts)
end
it { @project.private?.should be_true }
end
context 'should be internal when setting is internal' do
before do
@settings.stub(:visibility_level) { Gitlab::VisibilityLevel::INTERNAL }
@project = create_project(@user, @opts)
end
it { @project.internal?.should be_true }
end
end
context 'respect configured visibility restrictions setting' do
before(:each) do
@settings = double("settings")
@settings.stub(:issues) { true }
@settings.stub(:merge_requests) { true }
@settings.stub(:wiki) { true }
@settings.stub(:snippets) { true }
@settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE }
@restrictions = [ Gitlab::VisibilityLevel::PUBLIC ]
Gitlab.config.gitlab.stub(restricted_visibility_levels: @restrictions)
Gitlab.config.gitlab.stub(:default_projects_features).and_return(@settings)
end
context 'should be private when option is public' do
before do
@opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
@project = create_project(@user, @opts)
end
it { @project.private?.should be_true }
end
context 'should be public when option is public for admin' do
before do
@opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
@project = create_project(@admin, @opts)
end
it { @project.public?.should be_true }
end
context 'should be private when option is private' do
before do
@opts.merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
@project = create_project(@user, @opts)
end
it { @project.private?.should be_true }
end
context 'should be internal when option is internal' do
before do
@opts.merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
@project = create_project(@user, @opts)
end
it { @project.internal?.should be_true }
end
end
end end
def create_project(user, opts) def create_project(user, opts)
......
...@@ -6,14 +6,14 @@ describe Projects::UpdateService do ...@@ -6,14 +6,14 @@ describe Projects::UpdateService do
@user = create :user @user = create :user
@admin = create :user, admin: true @admin = create :user, admin: true
@project = create :project, creator_id: @user.id, namespace: @user.namespace @project = create :project, creator_id: @user.id, namespace: @user.namespace
@opts = { project: {} } @opts = {}
end end
context 'should be private when updated to private' do context 'should be private when updated to private' do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -25,7 +25,7 @@ describe Projects::UpdateService do ...@@ -25,7 +25,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -37,7 +37,7 @@ describe Projects::UpdateService do ...@@ -37,7 +37,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -56,7 +56,7 @@ describe Projects::UpdateService do ...@@ -56,7 +56,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -68,7 +68,7 @@ describe Projects::UpdateService do ...@@ -68,7 +68,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -80,7 +80,7 @@ describe Projects::UpdateService do ...@@ -80,7 +80,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
update_project(@project, @user, @opts) update_project(@project, @user, @opts)
end end
...@@ -92,7 +92,7 @@ describe Projects::UpdateService do ...@@ -92,7 +92,7 @@ describe Projects::UpdateService do
before do before do
@created_private = @project.private? @created_private = @project.private?
@opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
update_project(@project, @admin, @opts) update_project(@project, @admin, @opts)
end end
......
...@@ -11,7 +11,7 @@ def common_mentionable_setup ...@@ -11,7 +11,7 @@ def common_mentionable_setup
let(:mentioned_issue) { create :issue, project: mproject } let(:mentioned_issue) { create :issue, project: mproject }
let(:other_issue) { create :issue, project: mproject } let(:other_issue) { create :issue, project: mproject }
let(:mentioned_mr) { create :merge_request, source_project: mproject, source_branch: 'different' } let(:mentioned_mr) { create :merge_request, :simple, source_project: mproject }
let(:mentioned_commit) { double('commit', sha: '1234567890abcdef').as_null_object } let(:mentioned_commit) { double('commit', sha: '1234567890abcdef').as_null_object }
# Override to add known commits to the repository stub. # Override to add known commits to the repository stub.
...@@ -29,11 +29,7 @@ def common_mentionable_setup ...@@ -29,11 +29,7 @@ def common_mentionable_setup
# unrecognized commits. # unrecognized commits.
commitmap = { '123456' => mentioned_commit } commitmap = { '123456' => mentioned_commit }
extra_commits.each { |c| commitmap[c.sha[0..5]] = c } extra_commits.each { |c| commitmap[c.sha[0..5]] = c }
mproject.repository.stub(:commit) { |sha| commitmap[sha] }
repo = double('repository')
repo.stub(:commit) { |sha| commitmap[sha] }
mproject.stub(repository: repo)
set_mentionable_text.call(ref_string) set_mentionable_text.call(ref_string)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment