Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0b817a6f
Commit
0b817a6f
authored
Dec 17, 2019
by
mo khan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix whitespace indentation
parent
7e6135e8
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
61 additions
and
61 deletions
+61
-61
ee/app/controllers/projects/dependencies_controller.rb
ee/app/controllers/projects/dependencies_controller.rb
+61
-61
No files found.
ee/app/controllers/projects/dependencies_controller.rb
View file @
0b817a6f
# frozen_string_literal: true
# frozen_string_literal: true
module
Projects
module
Projects
class
DependenciesController
<
Projects
::
ApplicationController
class
DependenciesController
<
Projects
::
ApplicationController
before_action
:authorize_read_dependency_list!
before_action
:authorize_read_dependency_list!
def
index
def
index
respond_to
do
|
format
|
respond_to
do
|
format
|
format
.
html
do
format
.
html
do
render
status: :ok
render
status: :ok
end
end
format
.
json
do
format
.
json
do
::
Gitlab
::
UsageCounters
::
DependencyList
.
increment
(
project
.
id
)
::
Gitlab
::
UsageCounters
::
DependencyList
.
increment
(
project
.
id
)
render
json:
serializer
.
represent
(
dependencies
,
build:
report_service
.
build
)
render
json:
serializer
.
represent
(
dependencies
,
build:
report_service
.
build
)
end
end
end
end
end
end
private
private
def
can_access_vulnerable?
def
can_access_vulnerable?
return
true
unless
query_params
[
:filter
]
==
'vulnerable'
return
true
unless
query_params
[
:filter
]
==
'vulnerable'
can?
(
current_user
,
:read_vulnerability
,
project
)
can?
(
current_user
,
:read_vulnerability
,
project
)
end
end
def
can_collect_dependencies?
def
can_collect_dependencies?
report_service
.
able_to_fetch?
&&
can_access_vulnerable?
report_service
.
able_to_fetch?
&&
can_access_vulnerable?
end
end
def
collect_dependencies
def
collect_dependencies
found_dependencies
=
can_collect_dependencies?
?
service
.
execute
:
[]
found_dependencies
=
can_collect_dependencies?
?
service
.
execute
:
[]
::
Gitlab
::
ItemsCollection
.
new
(
found_dependencies
)
::
Gitlab
::
ItemsCollection
.
new
(
found_dependencies
)
end
end
def
authorize_read_dependency_list!
def
authorize_read_dependency_list!
return
if
can?
(
current_user
,
:read_dependencies
,
project
)
return
if
can?
(
current_user
,
:read_dependencies
,
project
)
respond_to
do
|
format
|
respond_to
do
|
format
|
format
.
html
do
format
.
html
do
render_404
render_404
end
end
format
.
json
do
format
.
json
do
render_403
render_403
end
end
end
end
end
end
def
dependencies
def
dependencies
@dependencies
||=
collect_dependencies
@dependencies
||=
collect_dependencies
end
end
def
match_disallowed
(
param
,
value
)
def
match_disallowed
(
param
,
value
)
param
==
:sort_by
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
SORT_BY_VALUES
)
||
param
==
:sort_by
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
SORT_BY_VALUES
)
||
param
==
:sort
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
SORT_VALUES
)
||
param
==
:sort
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
SORT_VALUES
)
||
param
==
:filter
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
FILTER_VALUES
)
param
==
:filter
&&
!
value
.
in?
(
::
Security
::
DependencyListService
::
FILTER_VALUES
)
end
end
def
pipeline
def
pipeline
@pipeline
||=
report_service
.
pipeline
@pipeline
||=
report_service
.
pipeline
end
end
def
query_params
def
query_params
return
@permitted_params
if
@permitted_params
return
@permitted_params
if
@permitted_params
@permitted_params
=
params
.
permit
(
:sort
,
:sort_by
,
:filter
).
delete_if
do
|
key
,
value
|
@permitted_params
=
params
.
permit
(
:sort
,
:sort_by
,
:filter
).
delete_if
do
|
key
,
value
|
match_disallowed
(
key
,
value
)
match_disallowed
(
key
,
value
)
end
end
end
end
def
report_service
def
report_service
@report_service
||=
::
Security
::
ReportFetchService
.
new
(
project
,
::
Ci
::
JobArtifact
.
dependency_list_reports
)
@report_service
||=
::
Security
::
ReportFetchService
.
new
(
project
,
::
Ci
::
JobArtifact
.
dependency_list_reports
)
end
end
def
serializer
def
serializer
serializer
=
::
DependencyListSerializer
.
new
(
project:
project
,
user:
current_user
)
serializer
=
::
DependencyListSerializer
.
new
(
project:
project
,
user:
current_user
)
serializer
=
serializer
.
with_pagination
(
request
,
response
)
if
params
[
:page
]
serializer
=
serializer
.
with_pagination
(
request
,
response
)
if
params
[
:page
]
serializer
serializer
end
end
def
service
def
service
::
Security
::
DependencyListService
.
new
(
pipeline:
pipeline
,
params:
query_params
)
::
Security
::
DependencyListService
.
new
(
pipeline:
pipeline
,
params:
query_params
)
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
