Commit 82d7b5a0 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents db13e73b d133bf84
...@@ -97,6 +97,11 @@ export default class FilteredSearchDropdownManager { ...@@ -97,6 +97,11 @@ export default class FilteredSearchDropdownManager {
gl: DropdownNonUser, gl: DropdownNonUser,
element: this.container.querySelector('#js-dropdown-wip'), element: this.container.querySelector('#js-dropdown-wip'),
}, },
confidential: {
reference: null,
gl: DropdownNonUser,
element: this.container.querySelector('#js-dropdown-confidential'),
},
status: { status: {
reference: null, reference: null,
gl: NullDropdown, gl: NullDropdown,
......
...@@ -72,6 +72,23 @@ export default class FilteredSearchTokenKeys { ...@@ -72,6 +72,23 @@ export default class FilteredSearchTokenKeys {
); );
} }
addExtraTokensForIssues() {
const confidentialToken = {
key: 'confidential',
type: 'string',
param: '',
symbol: '',
icon: 'eye-slash',
tag: 'Yes or No',
lowercaseValueOnSubmit: true,
uppercaseTokenName: false,
capitalizeTokenValue: true,
};
this.tokenKeys.push(confidentialToken);
this.tokenKeysWithAlternative.push(confidentialToken);
}
addExtraTokensForMergeRequests() { addExtraTokensForMergeRequests() {
const wipToken = { const wipToken = {
key: 'wip', key: 'wip',
......
...@@ -4,6 +4,8 @@ import { FILTERED_SEARCH } from '~/pages/constants'; ...@@ -4,6 +4,8 @@ import { FILTERED_SEARCH } from '~/pages/constants';
import IssuesFilteredSearchTokenKeysEE from 'ee/filtered_search/issues_filtered_search_token_keys'; import IssuesFilteredSearchTokenKeysEE from 'ee/filtered_search/issues_filtered_search_token_keys';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
IssuableFilteredSearchTokenKeys.addExtraTokensForIssues();
initFilteredSearch({ initFilteredSearch({
page: FILTERED_SEARCH.ISSUES, page: FILTERED_SEARCH.ISSUES,
isGroupDecendent: true, isGroupDecendent: true,
......
...@@ -9,6 +9,8 @@ import { ISSUABLE_INDEX } from '~/pages/projects/constants'; ...@@ -9,6 +9,8 @@ import { ISSUABLE_INDEX } from '~/pages/projects/constants';
import IssuesFilteredSearchTokenKeysEE from 'ee/filtered_search/issues_filtered_search_token_keys'; import IssuesFilteredSearchTokenKeysEE from 'ee/filtered_search/issues_filtered_search_token_keys';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
IssuableFilteredSearchTokenKeys.addExtraTokensForIssues();
initFilteredSearch({ initFilteredSearch({
page: FILTERED_SEARCH.ISSUES, page: FILTERED_SEARCH.ISSUES,
filteredSearchTokenKeys: IssuesFilteredSearchTokenKeysEE, filteredSearchTokenKeys: IssuesFilteredSearchTokenKeysEE,
......
...@@ -11,7 +11,7 @@ export const requestReleases = ({ commit }) => commit(types.REQUEST_RELEASES); ...@@ -11,7 +11,7 @@ export const requestReleases = ({ commit }) => commit(types.REQUEST_RELEASES);
/** /**
* Fetches the main endpoint. * Fetches the main endpoint.
* Will dispatch requestNamespace action before starting the request. * Will dispatch requestNamespace action before starting the request.
* Will dispatch receiveNamespaceSuccess if the request is successfull * Will dispatch receiveNamespaceSuccess if the request is successful
* Will dispatch receiveNamesapceError if the request returns an error * Will dispatch receiveNamesapceError if the request returns an error
* *
* @param {String} projectId * @param {String} projectId
......
...@@ -24,7 +24,7 @@ class Clusters::ClustersController < Clusters::BaseController ...@@ -24,7 +24,7 @@ class Clusters::ClustersController < Clusters::BaseController
# Note: We are paginating through an array here but this should OK as: # Note: We are paginating through an array here but this should OK as:
# #
# In CE, we can have a maximum group nesting depth of 21, so including # In CE, we can have a maximum group nesting depth of 21, so including
# project cluster, we can have max 22 clusters for a group hierachy. # project cluster, we can have max 22 clusters for a group hierarchy.
# In EE (Premium) we can have any number, as multiple clusters are # In EE (Premium) we can have any number, as multiple clusters are
# supported, but the number of clusters are fairly low currently. # supported, but the number of clusters are fairly low currently.
# #
......
...@@ -91,6 +91,7 @@ module IssuableCollections ...@@ -91,6 +91,7 @@ module IssuableCollections
options = { options = {
scope: params[:scope], scope: params[:scope],
state: params[:state], state: params[:state],
confidential: Gitlab::Utils.to_boolean(params[:confidential]),
sort: set_sort_order sort: set_sort_order
} }
......
...@@ -123,7 +123,7 @@ module LfsRequest ...@@ -123,7 +123,7 @@ module LfsRequest
(authentication_abilities || []).include?(capability) (authentication_abilities || []).include?(capability)
end end
# Overriden in EE # Overridden in EE
def limit_exceeded? def limit_exceeded?
false false
end end
......
...@@ -134,7 +134,7 @@ class GroupDescendantsFinder ...@@ -134,7 +134,7 @@ class GroupDescendantsFinder
def subgroups def subgroups
return Group.none unless Group.supports_nested_objects? return Group.none unless Group.supports_nested_objects?
# When filtering subgroups, we want to find all matches withing the tree of # When filtering subgroups, we want to find all matches within the tree of
# descendants to show to the user # descendants to show to the user
groups = if params[:filter] groups = if params[:filter]
subgroups_matching_filter subgroups_matching_filter
......
...@@ -69,7 +69,16 @@ class IssuesFinder < IssuableFinder ...@@ -69,7 +69,16 @@ class IssuesFinder < IssuableFinder
end end
def filter_items(items) def filter_items(items)
by_due_date(super) issues = super
issues = by_due_date(issues)
issues = by_confidential(issues)
issues
end
def by_confidential(items)
return items if params[:confidential].nil?
params[:confidential] ? items.confidential_only : items.public_only
end end
def by_due_date(items) def by_due_date(items)
......
...@@ -13,7 +13,7 @@ module CountHelper ...@@ -13,7 +13,7 @@ module CountHelper
# memberships, and deducting 1 for each root of the fork network. # memberships, and deducting 1 for each root of the fork network.
# This might be inacurate as the root of the fork network might have been deleted. # This might be inacurate as the root of the fork network might have been deleted.
# #
# This makes querying this information a lot more effecient and it should be # This makes querying this information a lot more efficient and it should be
# accurate enough for the instance wide statistics # accurate enough for the instance wide statistics
def approximate_fork_count_with_delimiters(count_data) def approximate_fork_count_with_delimiters(count_data)
fork_network_count = count_data[ForkNetwork] fork_network_count = count_data[ForkNetwork]
......
...@@ -18,7 +18,7 @@ module Ci ...@@ -18,7 +18,7 @@ module Ci
FailedToPersistDataError = Class.new(StandardError) FailedToPersistDataError = Class.new(StandardError)
# Note: The ordering of this enum is related to the precedence of persist store. # Note: The ordering of this enum is related to the precedence of persist store.
# The bottom item takes the higest precedence, and the top item takes the lowest precedence. # The bottom item takes the highest precedence, and the top item takes the lowest precedence.
enum data_store: { enum data_store: {
redis: 1, redis: 1,
database: 2, database: 2,
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# it is difficult to accomplish it. # it is difficult to accomplish it.
# #
# This module defines a format to use `delete_all` and delete associated external data. # This module defines a format to use `delete_all` and delete associated external data.
# Here is an exmaple # Here is an example
# #
# Situation # Situation
# - `Project` has many `Ci::BuildTraceChunk` through `Ci::Build` # - `Project` has many `Ci::BuildTraceChunk` through `Ci::Build`
......
...@@ -4,7 +4,7 @@ module IidRoutes ...@@ -4,7 +4,7 @@ module IidRoutes
## ##
# This automagically enforces all related routes to use `iid` instead of `id` # This automagically enforces all related routes to use `iid` instead of `id`
# If you want to use `iid` for some routes and `id` for other routes, this module should not to be included, # If you want to use `iid` for some routes and `id` for other routes, this module should not to be included,
# instead you should define `iid` or `id` explictly at each route generators. e.g. pipeline_path(project.id, pipeline.iid) # instead you should define `iid` or `id` explicitly at each route generators. e.g. pipeline_path(project.id, pipeline.iid)
def to_param def to_param
iid.to_s iid.to_s
end end
......
...@@ -66,6 +66,7 @@ class Issue < ActiveRecord::Base ...@@ -66,6 +66,7 @@ class Issue < ActiveRecord::Base
scope :preload_associations, -> { preload(:labels, project: :namespace) } scope :preload_associations, -> { preload(:labels, project: :namespace) }
scope :public_only, -> { where(confidential: false) } scope :public_only, -> { where(confidential: false) }
scope :confidential_only, -> { where(confidential: true) }
after_save :expire_etag_cache after_save :expire_etag_cache
after_save :ensure_metrics, unless: :imported? after_save :ensure_metrics, unless: :imported?
......
...@@ -153,7 +153,7 @@ class NotificationRecipient ...@@ -153,7 +153,7 @@ class NotificationRecipient
user.global_notification_setting user.global_notification_setting
end end
# Returns the notificaton_setting of the lowest group in hierarchy with non global level # Returns the notification_setting of the lowest group in hierarchy with non global level
def closest_non_global_group_notification_settting def closest_non_global_group_notification_settting
return unless @group return unless @group
return if indexed_group_notification_settings.empty? return if indexed_group_notification_settings.empty?
......
...@@ -248,10 +248,10 @@ class Project < ActiveRecord::Base ...@@ -248,10 +248,10 @@ class Project < ActiveRecord::Base
has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
has_many :commit_statuses has_many :commit_statuses
# The relation :all_pipelines is intented to be used when we want to get the # The relation :all_pipelines is intended to be used when we want to get the
# whole list of pipelines associated to the project # whole list of pipelines associated to the project
has_many :all_pipelines, class_name: 'Ci::Pipeline', inverse_of: :project has_many :all_pipelines, class_name: 'Ci::Pipeline', inverse_of: :project
# The relation :ci_pipelines is intented to be used when we want to get only # The relation :ci_pipelines is intended to be used when we want to get only
# those pipeline which are directly related to CI. There are # those pipeline which are directly related to CI. There are
# other pipelines, like webide ones, that we won't retrieve # other pipelines, like webide ones, that we won't retrieve
# if we use this relation. # if we use this relation.
...@@ -1206,7 +1206,7 @@ class Project < ActiveRecord::Base ...@@ -1206,7 +1206,7 @@ class Project < ActiveRecord::Base
"#{web_url}.git" "#{web_url}.git"
end end
# Is overriden in EE # Is overridden in EE
def lfs_http_url_to_repo(_) def lfs_http_url_to_repo(_)
http_url_to_repo http_url_to_repo
end end
......
...@@ -112,10 +112,10 @@ module Ci ...@@ -112,10 +112,10 @@ module Ci
def extra_options(options = {}) def extra_options(options = {})
# In Ruby 2.4, even when options is empty, f(**options) doesn't work when f # In Ruby 2.4, even when options is empty, f(**options) doesn't work when f
# doesn't have any parameters. We reproduce the Ruby 2.5 behavior by # doesn't have any parameters. We reproduce the Ruby 2.5 behavior by
# checking explicitely that no arguments are given. # checking explicitly that no arguments are given.
raise ArgumentError if options.any? raise ArgumentError if options.any?
{} # overriden in EE {} # overridden in EE
end end
end end
end end
......
...@@ -38,11 +38,11 @@ module Ci ...@@ -38,11 +38,11 @@ module Ci
end end
def create_pipeline_from_job(job) def create_pipeline_from_job(job)
# overriden in EE # overridden in EE
end end
def job_from_token def job_from_token
# overriden in EE # overridden in EE
end end
def variables def variables
......
...@@ -235,7 +235,7 @@ class GitPushService < BaseService ...@@ -235,7 +235,7 @@ class GitPushService < BaseService
private private
def pipeline_options def pipeline_options
{} # to be overriden in EE {} # to be overridden in EE
end end
end end
......
...@@ -61,7 +61,7 @@ class GitTagPushService < BaseService ...@@ -61,7 +61,7 @@ class GitTagPushService < BaseService
end end
def pipeline_options def pipeline_options
{} # to be overriden in EE {} # to be overridden in EE
end end
end end
......
...@@ -33,7 +33,7 @@ module Groups ...@@ -33,7 +33,7 @@ module Groups
private private
def after_build_hook(group, params) def after_build_hook(group, params)
# overriden in EE # overridden in EE
end end
def create_chat_team? def create_chat_team?
......
...@@ -31,7 +31,7 @@ module Groups ...@@ -31,7 +31,7 @@ module Groups
private private
def before_assignment_hook(group, params) def before_assignment_hook(group, params)
# overriden in EE # overridden in EE
end end
def after_update def after_update
......
...@@ -360,7 +360,7 @@ module SystemNoteService ...@@ -360,7 +360,7 @@ module SystemNoteService
# author - User performing the change # author - User performing the change
# branch_type - 'source' or 'target' # branch_type - 'source' or 'target'
# old_branch - old branch name # old_branch - old branch name
# new_branch - new branch nmae # new_branch - new branch name
# #
# Example Note text: # Example Note text:
# #
......
...@@ -128,6 +128,14 @@ ...@@ -128,6 +128,14 @@
%li.filter-dropdown-item{ data: { value: 'no', capitalize: true } } %li.filter-dropdown-item{ data: { value: 'no', capitalize: true } }
%button.btn.btn-link{ type: 'button' } %button.btn.btn-link{ type: 'button' }
= _('No') = _('No')
#js-dropdown-confidential.filtered-search-input-dropdown-menu.dropdown-menu
%ul.filter-dropdown{ data: { dropdown: true } }
%li.filter-dropdown-item{ data: { value: 'yes', capitalize: true } }
%button.btn.btn-link{ type: 'button' }
= _('Yes')
%li.filter-dropdown-item{ data: { value: 'no', capitalize: true } }
%button.btn.btn-link{ type: 'button' }
= _('No')
= render_if_exists 'shared/issuable/filter_weight', type: type = render_if_exists 'shared/issuable/filter_weight', type: type
......
---
title: 'API: Bulk update for issues and MRs'
merge_request: 25201
author: Robert Schilling
type: added
---
title: Ability to filter confidential issues
merge_request: 24960
author: Robert Schilling
type: added
---
title: Fix 404s when C++ .gitignore template selected
merge_request: 25416
author:
type: fixed
...@@ -32,6 +32,7 @@ GET /issues?author_id=5 ...@@ -32,6 +32,7 @@ GET /issues?author_id=5
GET /issues?assignee_id=5 GET /issues?assignee_id=5
GET /issues?my_reaction_emoji=star GET /issues?my_reaction_emoji=star
GET /issues?search=foo&in=title GET /issues?search=foo&in=title
GET /issues?confidential=true
``` ```
| Attribute | Type | Required | Description | | Attribute | Type | Required | Description |
...@@ -53,6 +54,7 @@ GET /issues?search=foo&in=title ...@@ -53,6 +54,7 @@ GET /issues?search=foo&in=title
| `created_before` | datetime | no | Return issues created on or before the given time | | `created_before` | datetime | no | Return issues created on or before the given time |
| `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time |
| `updated_before` | datetime | no | Return issues updated on or before the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time |
| `confidential ` | Boolean | no | Filter confidential or public issues. |
```bash ```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/issues curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/issues
...@@ -150,6 +152,7 @@ GET /groups/:id/issues?search=issue+title+or+description ...@@ -150,6 +152,7 @@ GET /groups/:id/issues?search=issue+title+or+description
GET /groups/:id/issues?author_id=5 GET /groups/:id/issues?author_id=5
GET /groups/:id/issues?assignee_id=5 GET /groups/:id/issues?assignee_id=5
GET /groups/:id/issues?my_reaction_emoji=star GET /groups/:id/issues?my_reaction_emoji=star
GET /groups/:id/issues?confidential=true
``` ```
| Attribute | Type | Required | Description | | Attribute | Type | Required | Description |
...@@ -171,6 +174,7 @@ GET /groups/:id/issues?my_reaction_emoji=star ...@@ -171,6 +174,7 @@ GET /groups/:id/issues?my_reaction_emoji=star
| `created_before` | datetime | no | Return issues created on or before the given time | | `created_before` | datetime | no | Return issues created on or before the given time |
| `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time |
| `updated_before` | datetime | no | Return issues updated on or before the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time |
| `confidential ` | Boolean | no | Filter confidential or public issues. |
```bash ```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/4/issues curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/4/issues
...@@ -268,6 +272,7 @@ GET /projects/:id/issues?search=issue+title+or+description ...@@ -268,6 +272,7 @@ GET /projects/:id/issues?search=issue+title+or+description
GET /projects/:id/issues?author_id=5 GET /projects/:id/issues?author_id=5
GET /projects/:id/issues?assignee_id=5 GET /projects/:id/issues?assignee_id=5
GET /projects/:id/issues?my_reaction_emoji=star GET /projects/:id/issues?my_reaction_emoji=star
GET /projects/:id/issues?confidential=true
``` ```
| Attribute | Type | Required | Description | | Attribute | Type | Required | Description |
...@@ -289,6 +294,8 @@ GET /projects/:id/issues?my_reaction_emoji=star ...@@ -289,6 +294,8 @@ GET /projects/:id/issues?my_reaction_emoji=star
| `created_before` | datetime | no | Return issues created on or before the given time | | `created_before` | datetime | no | Return issues created on or before the given time |
| `updated_after` | datetime | no | Return issues updated on or after the given time | | `updated_after` | datetime | no | Return issues updated on or after the given time |
| `updated_before` | datetime | no | Return issues updated on or before the given time | | `updated_before` | datetime | no | Return issues updated on or before the given time |
| `confidential ` | Boolean | no | Filter confidential or public issues. |
```bash ```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues
...@@ -650,6 +657,37 @@ Example response: ...@@ -650,6 +657,37 @@ Example response:
**Note**: The `closed_by` attribute was [introduced in GitLab 10.6][ce-17042]. This value will only be present for issues which were closed after GitLab 10.6 and when the user account that closed the issue still exists. **Note**: The `closed_by` attribute was [introduced in GitLab 10.6][ce-17042]. This value will only be present for issues which were closed after GitLab 10.6 and when the user account that closed the issue still exists.
## Bulk update issues
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21368) in GitLab 11.9.
Update multiple issues using a single API call. Returns the number of successfully updated issues.
```
PUT /projects/:id/issues/bulk_update
```
| Attribute | Type | Required | Description **** |
|----------------|---------|----------|------------------------------------------------------------------------------------------------------------|
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
| `issuable_ids` | Array[integer] | yes | The IDs of issues to be updated. |
| `assignee_ids` | Array[integer] | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. |
| `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.|
| `add_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. |
| `remove_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. |
| `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it. |
| `subscription_event` | string | no | The subscription_event event of an issue. Set `subscribe` to subscribe to the issue and `unsubscribe` to unsubscribe from it. |
```bash
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues/bulk_update?issuable_ids[]=1&issuable_ids[]=2&state_event=close
```
Example response:
```json
{ "message": "2 issues updated" }
```
## Delete an issue ## Delete an issue
Only for admins and project owners. Soft deletes the issue in question. Only for admins and project owners. Soft deletes the issue in question.
......
...@@ -971,6 +971,37 @@ Must include at least one non-required attribute from above. ...@@ -971,6 +971,37 @@ Must include at least one non-required attribute from above.
} }
``` ```
## Bulk update merge requests
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21368) in GitLab 11.9.
Update multiple merge requests using a single API call. Returns the number of successfully updated merge requests.
```
PUT /projects/:id/merge_requests/bulk_update
```
| Attribute | Type | Required | Description **** |
|----------------|---------|----------|------------------------------------------------------------------------------------------------------------|
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
| `issuable_ids` | Array[integer] | yes | The IDs of merge requests to be updated. |
| `assignee_ids` | Array[integer] | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. |
| `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.|
| `add_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. |
| `remove_label_ids` | Array[integer] | no | Comma-separated label IDs to be added. |
| `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it. |
| `subscription_event` | string | no | The subscription_event event of an issue. Set `subscribe` to subscribe to the issue and `unsubscribe` to unsubscribe from it. |
```bash
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/merge_requests/bulk_update?issuable_ids[]=1&issuable_ids[]=2&state_event=close
```
Example response:
```json
{ "message": "2 merge_requests updated" }
```
## Delete a merge request ## Delete a merge request
Only for admins and project owners. Soft deletes the merge request in question. Only for admins and project owners. Soft deletes the merge request in question.
......
...@@ -122,6 +122,7 @@ module API ...@@ -122,6 +122,7 @@ module API
mount ::API::GroupVariables mount ::API::GroupVariables
mount ::API::ImportGithub mount ::API::ImportGithub
mount ::API::Internal mount ::API::Internal
mount ::API::IssuableBulkUpdate
mount ::API::Issues mount ::API::Issues
mount ::API::JobArtifacts mount ::API::JobArtifacts
mount ::API::Jobs mount ::API::Jobs
......
# frozen_string_literal: true
module API
class IssuableBulkUpdate < Grape::API
params do
requires :id, type: String, desc: 'The ID of a project'
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
%w(issue merge_request).each do |issuable|
desc "Updates a list of #{issuable.pluralize}" do
detail 'This feature was introduced in 11.9'
end
params do
requires :issuable_ids, type: Array[Integer], desc: "Array of #{issuable.pluralize} IDs to be updated"
optional :state_event, type: String, values: %w(reopen close), desc: 'Reopens or closes a resource'
optional :milestone_id, type: Integer, desc: 'The milestone ID number'
optional :add_label_ids, type: Array[Integer], desc: 'IDs of labels to be added'
optional :remove_label_ids, type: Array[Integer], desc: 'IDs of labels to be removed'
optional :subscription_event, type: String, values: %w(subscribe unsubscribe),
desc: 'Subscribes or unsubscribes from a resource'
if issuable == 'issue'
optional :assignee_ids, type: Array[Integer], desc: 'List of assignee IDs'
at_least_one_of :state_event, :milestone_id, :add_label_ids, :remove_label_ids,
:subscription_event, :assignee_ids
else
optional :assignee_id, type: Integer, desc: 'ID of the assignee'
at_least_one_of :state_event, :milestone_id, :add_label_ids, :remove_label_ids,
:subscription_event, :assignee_id
end
end
put ":id/#{issuable.pluralize}/bulk_update" do
authorize! :"admin_#{issuable}", user_project
update_params = declared_params(include_missing: false)
result = Issuable::BulkUpdateService.new(user_project, current_user, update_params)
.execute(issuable)
if result[:success]
status 200
quantity = result[:count]
{ message: "#{quantity} #{issuable.pluralize(quantity)} updated" }
else
render_api_error!('Bulk update failed', 400)
end
end
end
end
end
end
...@@ -56,6 +56,7 @@ module API ...@@ -56,6 +56,7 @@ module API
optional :scope, type: String, values: %w[created-by-me assigned-to-me created_by_me assigned_to_me all], optional :scope, type: String, values: %w[created-by-me assigned-to-me created_by_me assigned_to_me all],
desc: 'Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`' desc: 'Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`'
optional :my_reaction_emoji, type: String, desc: 'Return issues reacted by the authenticated user by the given emoji' optional :my_reaction_emoji, type: String, desc: 'Return issues reacted by the authenticated user by the given emoji'
optional :confidential, type: Boolean, desc: 'Filter confidential or public issues'
use :pagination use :pagination
use :issues_params_ee use :issues_params_ee
......
...@@ -36,7 +36,10 @@ module API ...@@ -36,7 +36,10 @@ module API
optional :project, type: String, desc: 'The project name to use when expanding placeholders in the template. Only affects licenses' optional :project, type: String, desc: 'The project name to use when expanding placeholders in the template. Only affects licenses'
optional :fullname, type: String, desc: 'The full name of the copyright holder to use when expanding placeholders in the template. Only affects licenses' optional :fullname, type: String, desc: 'The full name of the copyright holder to use when expanding placeholders in the template. Only affects licenses'
end end
get ':id/templates/:type/:name', requirements: { name: /[\w\.-]+/ } do # The regex is needed to ensure a period (e.g. agpl-3.0)
# isn't confused with a format type. We also need to allow encoded
# values (e.g. C%2B%2B for C++), so allow % and + as well.
get ':id/templates/:type/:name', requirements: { name: /[\w%.+-]+/ } do
template = TemplateFinder template = TemplateFinder
.build(params[:type], user_project, name: params[:name]) .build(params[:type], user_project, name: params[:name])
.execute .execute
......
...@@ -112,7 +112,8 @@ describe IssuableCollections do ...@@ -112,7 +112,8 @@ describe IssuableCollections do
assignee_username: 'user1', assignee_username: 'user1',
author_id: '2', author_id: '2',
author_username: 'user2', author_username: 'user2',
authorized_only: 'true', authorized_only: 'yes',
confidential: true,
due_date: '2017-01-01', due_date: '2017-01-01',
group_id: '3', group_id: '3',
iids: '4', iids: '4',
...@@ -140,6 +141,7 @@ describe IssuableCollections do ...@@ -140,6 +141,7 @@ describe IssuableCollections do
'assignee_username' => 'user1', 'assignee_username' => 'user1',
'author_id' => '2', 'author_id' => '2',
'author_username' => 'user2', 'author_username' => 'user2',
'confidential' => true,
'label_name' => 'foo', 'label_name' => 'foo',
'milestone_title' => 'bar', 'milestone_title' => 'bar',
'my_reaction_emoji' => 'thumbsup', 'my_reaction_emoji' => 'thumbsup',
......
...@@ -66,7 +66,7 @@ describe 'Dropdown hint', :js do ...@@ -66,7 +66,7 @@ describe 'Dropdown hint', :js do
it 'filters with text' do it 'filters with text' do
filtered_search.set('a') filtered_search.set('a')
expect(find(js_dropdown_hint)).to have_selector('.filter-dropdown .filter-dropdown-item', count: 4) expect(find(js_dropdown_hint)).to have_selector('.filter-dropdown .filter-dropdown-item', count: 5)
end end
end end
...@@ -119,6 +119,15 @@ describe 'Dropdown hint', :js do ...@@ -119,6 +119,15 @@ describe 'Dropdown hint', :js do
expect_tokens([{ name: 'my-reaction' }]) expect_tokens([{ name: 'my-reaction' }])
expect_filtered_search_input_empty expect_filtered_search_input_empty
end end
it 'opens the yes-no dropdown when you click on confidential' do
click_hint('confidential')
expect(page).to have_css(js_dropdown_hint, visible: false)
expect(page).to have_css('#js-dropdown-confidential', visible: true)
expect_tokens([{ name: 'confidential' }])
expect_filtered_search_input_empty
end
end end
describe 'selecting from dropdown with some input' do describe 'selecting from dropdown with some input' do
......
...@@ -278,7 +278,7 @@ describe 'GFM autocomplete', :js do ...@@ -278,7 +278,7 @@ describe 'GFM autocomplete', :js do
end end
end end
# This context has jsut one example in each contexts in order to improve spec performance. # This context has just one example in each contexts in order to improve spec performance.
context 'labels', :quarantine do context 'labels', :quarantine do
let!(:backend) { create(:label, project: project, title: 'backend') } let!(:backend) { create(:label, project: project, title: 'backend') }
let!(:bug) { create(:label, project: project, title: 'bug') } let!(:bug) { create(:label, project: project, title: 'bug') }
......
...@@ -77,7 +77,7 @@ describe 'Editing file blob', :js do ...@@ -77,7 +77,7 @@ describe 'Editing file blob', :js do
click_link 'Preview' click_link 'Preview'
wait_for_requests wait_for_requests
# the above generates two seperate lists (not embedded) in CommonMark # the above generates two separate lists (not embedded) in CommonMark
expect(page).to have_content("sublist") expect(page).to have_content("sublist")
expect(page).not_to have_xpath("//ol//li//ul") expect(page).not_to have_xpath("//ol//li//ul")
end end
......
...@@ -170,7 +170,7 @@ describe 'Projects > Wiki > User previews markdown changes', :js do ...@@ -170,7 +170,7 @@ describe 'Projects > Wiki > User previews markdown changes', :js do
fill_in :wiki_content, with: "1. one\n - sublist\n" fill_in :wiki_content, with: "1. one\n - sublist\n"
click_on "Preview" click_on "Preview"
# the above generates two seperate lists (not embedded) in CommonMark # the above generates two separate lists (not embedded) in CommonMark
expect(page).to have_content("sublist") expect(page).to have_content("sublist")
expect(page).not_to have_xpath("//ol//li//ul") expect(page).not_to have_xpath("//ol//li//ul")
end end
......
...@@ -536,6 +536,32 @@ describe IssuesFinder do ...@@ -536,6 +536,32 @@ describe IssuesFinder do
end end
end end
context 'filtering by confidential' do
set(:confidential_issue) { create(:issue, project: project1, confidential: true) }
context 'no filtering' do
it 'returns all issues' do
expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, confidential_issue)
end
end
context 'user filters confidential issues' do
let(:params) { { confidential: true } }
it 'returns only confdential issues' do
expect(issues).to contain_exactly(confidential_issue)
end
end
context 'user filters only public issues' do
let(:params) { { confidential: false } }
it 'returns only confdential issues' do
expect(issues).to contain_exactly(issue1, issue2, issue3, issue4)
end
end
end
context 'when the user is unauthorized' do context 'when the user is unauthorized' do
let(:search_user) { nil } let(:search_user) { nil }
...@@ -602,7 +628,7 @@ describe IssuesFinder do ...@@ -602,7 +628,7 @@ describe IssuesFinder do
it 'returns the number of rows for the default state' do it 'returns the number of rows for the default state' do
finder = described_class.new(user) finder = described_class.new(user)
expect(finder.row_count).to eq(4) expect(finder.row_count).to eq(5)
end end
it 'returns the number of rows for a given state' do it 'returns the number of rows for a given state' do
......
...@@ -765,6 +765,15 @@ describe Issue do ...@@ -765,6 +765,15 @@ describe Issue do
end end
end end
describe '.confidential_only' do
it 'only returns confidential_only issues' do
create(:issue)
confidential_issue = create(:issue, confidential: true)
expect(described_class.confidential_only).to eq([confidential_issue])
end
end
it_behaves_like 'throttled touch' do it_behaves_like 'throttled touch' do
subject { create(:issue, updated_at: 1.hour.ago) } subject { create(:issue, updated_at: 1.hour.ago) }
end end
......
# frozen_string_literal: true
require 'spec_helper'
describe API::IssuableBulkUpdate do
set(:project) { create(:project) }
set(:user) { project.creator }
shared_examples "PUT /projects/:id/:issuable/bulk_update" do |issuable|
def bulk_update(issuable, issuables, params, update_user = user)
put api("/projects/#{project.id}/#{issuable.pluralize}/bulk_update", update_user),
params: { issuable_ids: Array(issuables).map(&:id) }.merge(params)
end
context 'with not enough permissions' do
it 'returns 403 for guest users' do
guest = create(:user)
project.add_guest(guest)
bulk_update(issuable, issuables, { state_event: 'close' }, guest)
expect(response).to have_gitlab_http_status(403)
end
end
context 'when modifying the state' do
it "closes #{issuable}" do
bulk_update(issuable, issuables, { state_event: 'close' })
expect(response).to have_gitlab_http_status(200)
expect(json_response['message']).to eq("#{issuables.count} #{issuable.pluralize(issuables.count)} updated")
expect(project.public_send(issuable.pluralize).opened).to be_empty
expect(project.public_send(issuable.pluralize).closed).not_to be_empty
end
it "opens #{issuable}" do
closed_issuables = create_list("closed_#{issuable}".to_sym, 2)
bulk_update(issuable, closed_issuables, { state_event: 'reopen' })
expect(response).to have_gitlab_http_status(200)
expect(project.public_send(issuable.pluralize).closed).to be_empty
end
end
context 'when modifying the milestone' do
let(:milestone) { create(:milestone, project: project) }
it "adds a milestone #{issuable}" do
bulk_update(issuable, issuables, { milestone_id: milestone.id })
expect(response).to have_gitlab_http_status(200)
issuables.each do |issuable|
expect(issuable.reload.milestone).to eq(milestone)
end
end
it 'removes a milestone' do
issuables.first.milestone = milestone
milestone_issuable = issuables.first
bulk_update(issuable, [milestone_issuable], { milestone_id: 0 })
expect(response).to have_gitlab_http_status(200)
expect(milestone_issuable.reload.milestone).to eq(nil)
end
end
context 'when modifying the subscription state' do
it "subscribes to #{issuable}" do
bulk_update(issuable, issuables, { subscription_event: 'subscribe' })
expect(response).to have_gitlab_http_status(200)
expect(issuables).to all(be_subscribed(user, project))
end
it 'unsubscribes from issues' do
issuables.each do |issuable|
issuable.subscriptions.create(user: user, project: project, subscribed: true)
end
bulk_update(issuable, issuables, { subscription_event: 'unsubscribe' })
expect(response).to have_gitlab_http_status(200)
issuables.each do |issuable|
expect(issuable).not_to be_subscribed(user, project)
end
end
end
context 'when modifying the assignee' do
it 'adds assignee to issues' do
params = issuable == 'issue' ? { assignee_ids: [user.id] } : { assignee_id: user.id }
bulk_update(issuable, issuables, params)
expect(response).to have_gitlab_http_status(200)
issuables.each do |issuable|
expect(issuable.reload.assignees).to eq([user])
end
end
it 'removes assignee' do
assigned_issuable = issuables.first
if issuable == 'issue'
params = { assignee_ids: 0 }
assigned_issuable.assignees << user
else
params = { assignee_id: 0 }
assigned_issuable.update_attribute(:assignee, user)
end
bulk_update(issuable, [assigned_issuable], params)
expect(assigned_issuable.reload.assignees).to eq([])
end
end
context 'when modifying labels' do
let(:bug) { create(:label, project: project) }
let(:regression) { create(:label, project: project) }
let(:feature) { create(:label, project: project) }
it 'adds new labels' do
bulk_update(issuable, issuables, { add_label_ids: [bug.id, regression.id, feature.id] })
issuables.each do |issusable|
expect(issusable.reload.label_ids).to contain_exactly(bug.id, regression.id, feature.id)
end
end
it 'removes labels' do
labled_issuable = issuables.first
labled_issuable.labels << bug
labled_issuable.labels << regression
labled_issuable.labels << feature
bulk_update(issuable, [labled_issuable], { remove_label_ids: [bug.id, regression.id] })
expect(labled_issuable.reload.label_ids).to contain_exactly(feature.id)
end
end
end
it_behaves_like 'PUT /projects/:id/:issuable/bulk_update', 'issue' do
let(:issuables) { create_list(:issue, 2, project: project) }
end
it_behaves_like 'PUT /projects/:id/:issuable/bulk_update', 'merge_request' do
let(:merge_request_1) { create(:merge_request, source_project: project) }
let(:merge_request_2) { create(:merge_request, :simple, source_project: project) }
let(:issuables) { [merge_request_1, merge_request_2] }
end
end
...@@ -187,6 +187,18 @@ describe API::Issues do ...@@ -187,6 +187,18 @@ describe API::Issues do
expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id]) expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id])
end end
it 'returns only confidential issues' do
get api('/issues', user), params: { confidential: true, scope: 'all' }
expect_paginated_array_response(confidential_issue.id)
end
it 'returns only public issues' do
get api('/issues', user), params: { confidential: false }
expect_paginated_array_response([issue.id, closed_issue.id])
end
it 'returns issues reacted by the authenticated user' do it 'returns issues reacted by the authenticated user' do
issue2 = create(:issue, project: project, author: user, assignees: [user]) issue2 = create(:issue, project: project, author: user, assignees: [user])
create(:award_emoji, awardable: issue2, user: user2, name: 'star') create(:award_emoji, awardable: issue2, user: user2, name: 'star')
...@@ -561,6 +573,18 @@ describe API::Issues do ...@@ -561,6 +573,18 @@ describe API::Issues do
expect_paginated_array_response([group_confidential_issue.id, group_issue.id]) expect_paginated_array_response([group_confidential_issue.id, group_issue.id])
end end
it 'returns only confidential issues' do
get api(base_url, user), params: { confidential: true }
expect_paginated_array_response(group_confidential_issue.id)
end
it 'returns only public issues' do
get api(base_url, user), params: { confidential: false }
expect_paginated_array_response([group_closed_issue.id, group_issue.id])
end
it 'returns an array of labeled group issues' do it 'returns an array of labeled group issues' do
get api(base_url, user), params: { labels: group_label.title } get api(base_url, user), params: { labels: group_label.title }
...@@ -786,6 +810,18 @@ describe API::Issues do ...@@ -786,6 +810,18 @@ describe API::Issues do
expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id]) expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id])
end end
it 'returns only confidential issues' do
get api("#{base_url}/issues", author), params: { confidential: true }
expect_paginated_array_response(confidential_issue.id)
end
it 'returns only public issues' do
get api("#{base_url}/issues", author), params: { confidential: false }
expect_paginated_array_response([issue.id, closed_issue.id])
end
it 'returns project confidential issues for assignee' do it 'returns project confidential issues for assignee' do
get api("#{base_url}/issues", assignee) get api("#{base_url}/issues", assignee)
......
...@@ -92,6 +92,22 @@ describe API::ProjectTemplates do ...@@ -92,6 +92,22 @@ describe API::ProjectTemplates do
expect(json_response['name']).to eq('Actionscript') expect(json_response['name']).to eq('Actionscript')
end end
it 'returns C++ gitignore' do
get api("/projects/#{public_project.id}/templates/gitignores/C++")
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/template')
expect(json_response['name']).to eq('C++')
end
it 'returns C++ gitignore for URL-encoded names' do
get api("/projects/#{public_project.id}/templates/gitignores/C%2B%2B")
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/template')
expect(json_response['name']).to eq('C++')
end
it 'returns a specific gitlab_ci_yml' do it 'returns a specific gitlab_ci_yml' do
get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls/Android") get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls/Android")
...@@ -125,6 +141,18 @@ describe API::ProjectTemplates do ...@@ -125,6 +141,18 @@ describe API::ProjectTemplates do
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/license') expect(response).to match_response_schema('public_api/v4/license')
end end
shared_examples 'path traversal attempt' do |template_type|
it 'rejects invalid filenames' do
get api("/projects/#{public_project.id}/templates/#{template_type}/%2e%2e%2fPython%2ea")
expect(response).to have_gitlab_http_status(500)
end
end
TemplateFinder::VENDORED_TEMPLATES.each do |template_type, _|
it_behaves_like 'path traversal attempt', template_type
end
end end
describe 'GET /projects/:id/templates/licenses/:key' do describe 'GET /projects/:id/templates/licenses/:key' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment