Commit 9950838e authored by Joseph Snyder's avatar Joseph Snyder

Add setting to not display code diffs in MR review emails

Add a setting which will prevent the emails sent from a code review as
part of the merge request from containing the diff of code.
This should prevent sensitive code snippets from being sent as a part of the email.

Changelog: added
parent d088bff9
...@@ -199,6 +199,7 @@ export default { ...@@ -199,6 +199,7 @@ export default {
requestAccessEnabled: true, requestAccessEnabled: true,
highlightChangesClass: false, highlightChangesClass: false,
emailsDisabled: false, emailsDisabled: false,
hideDiffsInEmail: false,
cveIdRequestEnabled: true, cveIdRequestEnabled: true,
featureAccessLevelEveryone, featureAccessLevelEveryone,
featureAccessLevelMembers, featureAccessLevelMembers,
...@@ -760,6 +761,22 @@ export default { ...@@ -760,6 +761,22 @@ export default {
s__('ProjectSettings|Override user notification preferences for all project members.') s__('ProjectSettings|Override user notification preferences for all project members.')
}}</span> }}</span>
</project-setting-row> </project-setting-row>
<project-setting-row class="mb-3">
<input
:value="hideDiffsInEmail"
type="hidden"
name="project[project_setting_attributes][hide_diffs_in_email]"
/>
<gl-form-checkbox
v-model="hideDiffsInEmail"
name="project[project_setting_attributes][hide_diffs_in_email]"
>
{{ s__('ProjectSettings|Stop displaying diffs in MR emails') }}
<template #help>{{
s__('ProjectSettings|Disable the inclusion of code diffs in an MR review .')
}}</template>
</gl-form-checkbox>
</project-setting-row>
<project-setting-row class="mb-3"> <project-setting-row class="mb-3">
<input <input
:value="showDefaultAwardEmojis" :value="showDefaultAwardEmojis"
......
...@@ -419,6 +419,7 @@ class ProjectsController < Projects::ApplicationController ...@@ -419,6 +419,7 @@ class ProjectsController < Projects::ApplicationController
%i[ %i[
show_default_award_emojis show_default_award_emojis
squash_option squash_option
hide_diffs_in_email
mr_default_target_self mr_default_target_self
warn_about_potentially_unwanted_characters warn_about_potentially_unwanted_characters
] ]
......
...@@ -586,6 +586,7 @@ module ProjectsHelper ...@@ -586,6 +586,7 @@ module ProjectsHelper
metricsDashboardAccessLevel: feature.metrics_dashboard_access_level, metricsDashboardAccessLevel: feature.metrics_dashboard_access_level,
operationsAccessLevel: feature.operations_access_level, operationsAccessLevel: feature.operations_access_level,
showDefaultAwardEmojis: project.show_default_award_emojis?, showDefaultAwardEmojis: project.show_default_award_emojis?,
hideDiffsInEmail: project.hide_diffs_in_email?,
warnAboutPotentiallyUnwantedCharacters: project.warn_about_potentially_unwanted_characters?, warnAboutPotentiallyUnwantedCharacters: project.warn_about_potentially_unwanted_characters?,
securityAndComplianceAccessLevel: project.security_and_compliance_access_level, securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
containerRegistryAccessLevel: feature.container_registry_access_level containerRegistryAccessLevel: feature.container_registry_access_level
......
...@@ -433,6 +433,7 @@ class Project < ApplicationRecord ...@@ -433,6 +433,7 @@ class Project < ApplicationRecord
alias_method :container_registry_enabled, :container_registry_enabled? alias_method :container_registry_enabled, :container_registry_enabled?
delegate :show_default_award_emojis, :show_default_award_emojis=, :show_default_award_emojis?, delegate :show_default_award_emojis, :show_default_award_emojis=, :show_default_award_emojis?,
:warn_about_potentially_unwanted_characters, :warn_about_potentially_unwanted_characters=, :warn_about_potentially_unwanted_characters?, :warn_about_potentially_unwanted_characters, :warn_about_potentially_unwanted_characters=, :warn_about_potentially_unwanted_characters?,
:hide_diffs_in_email, :hide_diffs_in_email=, :hide_diffs_in_email?,
to: :project_setting, allow_nil: true to: :project_setting, allow_nil: true
delegate :scheduled?, :started?, :in_progress?, :failed?, :finished?, delegate :scheduled?, :started?, :in_progress?, :failed?, :finished?,
prefix: :import, to: :import_state, allow_nil: true prefix: :import, to: :import_state, allow_nil: true
......
...@@ -229,6 +229,7 @@ class ProjectPolicy < BasePolicy ...@@ -229,6 +229,7 @@ class ProjectPolicy < BasePolicy
enable :set_note_created_at enable :set_note_created_at
enable :set_emails_disabled enable :set_emails_disabled
enable :set_show_default_award_emojis enable :set_show_default_award_emojis
enable :set_hide_diffs_in_email
enable :set_warn_about_potentially_unwanted_characters enable :set_warn_about_potentially_unwanted_characters
end end
......
...@@ -20,8 +20,7 @@ ...@@ -20,8 +20,7 @@
discussion on #{link_to(discussion.file_path, target_url)} discussion on #{link_to(discussion.file_path, target_url)}
- else - else
= link_to 'discussion', target_url = link_to 'discussion', target_url
- if discussion&.diff_discussion? && discussion.on_text? && !@project.hide_diffs_in_email?
- if discussion&.diff_discussion? && discussion.on_text?
= content_for :head do = content_for :head do
= stylesheet_link_tag 'mailers/highlighted_diff_email' = stylesheet_link_tag 'mailers/highlighted_diff_email'
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
<% end -%> <% end -%>
<% if discussion&.diff_discussion? && discussion.on_text? -%> <% if discussion&.diff_discussion? && discussion.on_text? && !@project.hide_diffs_in_email? -%>
<% discussion.truncated_diff_lines(highlight: false, diff_limit: diff_limit).each do |line| -%> <% discussion.truncated_diff_lines(highlight: false, diff_limit: diff_limit).each do |line| -%>
<%= "> #{line.text}\n" -%> <%= "> #{line.text}\n" -%>
<% end -%> <% end -%>
......
# frozen_string_literal: true
class AddHideDiffsInEmailToProjectSettings < Gitlab::Database::Migration[1.0]
enable_lock_retries!
def change
add_column :project_settings, :hide_diffs_in_email, :boolean, default: false, null: false
end
end
7b2e3f15dcc364fbb6cc0c2f2b7923dd717fdd0294a8158a139b689f4a940c64
\ No newline at end of file
...@@ -18695,6 +18695,7 @@ CREATE TABLE project_settings ( ...@@ -18695,6 +18695,7 @@ CREATE TABLE project_settings (
merge_commit_template text, merge_commit_template text,
has_shimo boolean DEFAULT false NOT NULL, has_shimo boolean DEFAULT false NOT NULL,
squash_commit_template text, squash_commit_template text,
hide_diffs_in_email boolean DEFAULT false NOT NULL,
CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)), CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)),
CONSTRAINT check_b09644994b CHECK ((char_length(squash_commit_template) <= 500)), CONSTRAINT check_b09644994b CHECK ((char_length(squash_commit_template) <= 500)),
CONSTRAINT check_bde223416c CHECK ((show_default_award_emojis IS NOT NULL)), CONSTRAINT check_bde223416c CHECK ((show_default_award_emojis IS NOT NULL)),
...@@ -28201,6 +28201,9 @@ msgstr "" ...@@ -28201,6 +28201,9 @@ msgstr ""
msgid "ProjectSettings|Disable email notifications" msgid "ProjectSettings|Disable email notifications"
msgstr "" msgstr ""
msgid "ProjectSettings|Disable the inclusion of code diffs in an MR review ."
msgstr ""
msgid "ProjectSettings|Do not allow" msgid "ProjectSettings|Do not allow"
msgstr "" msgstr ""
...@@ -28405,6 +28408,9 @@ msgstr "" ...@@ -28405,6 +28408,9 @@ msgstr ""
msgid "ProjectSettings|Squashing is never performed and the checkbox is hidden." msgid "ProjectSettings|Squashing is never performed and the checkbox is hidden."
msgstr "" msgstr ""
msgid "ProjectSettings|Stop displaying diffs in MR emails"
msgstr ""
msgid "ProjectSettings|Submit changes to be merged upstream." msgid "ProjectSettings|Submit changes to be merged upstream."
msgstr "" msgstr ""
......
...@@ -85,6 +85,36 @@ RSpec.describe 'Projects settings' do ...@@ -85,6 +85,36 @@ RSpec.describe 'Projects settings' do
end end
end end
context 'hide diffs in emails', :js do
it 'does not hide diffs by default' do
visit edit_project_path(project)
hide_diffs_in_email_input = find('input[name="project[project_setting_attributes][hide_diffs_in_email]"]', visible: :hidden)
expect(hide_diffs_in_email_input.value).to eq('false')
end
it 'hides diffs in emails when toggled on' do
visit edit_project_path(project)
hide_diffs_in_email_input = find('input[name="project[project_setting_attributes][hide_diffs_in_email]"]', visible: :hidden)
hide_diffs_in_email_checkbox = find('input[name="project[project_setting_attributes][hide_diffs_in_email]"][type=checkbox]')
expect(hide_diffs_in_email_input.value).to eq('false')
hide_diffs_in_email_checkbox.click
expect(hide_diffs_in_email_input.value).to eq('true')
page.within('.sharing-permissions') do
find('[data-testid="project-features-save-button"]').click
end
wait_for_requests
expect(hide_diffs_in_email_input.value).to eq('true')
end
end
def expect_toggle_state(state) def expect_toggle_state(state)
is_collapsed = state == :collapsed is_collapsed = state == :collapsed
......
...@@ -28,6 +28,7 @@ const defaultProps = { ...@@ -28,6 +28,7 @@ const defaultProps = {
emailsDisabled: false, emailsDisabled: false,
packagesEnabled: true, packagesEnabled: true,
showDefaultAwardEmojis: true, showDefaultAwardEmojis: true,
hideDiffsInEmail: false,
warnAboutPotentiallyUnwantedCharacters: true, warnAboutPotentiallyUnwantedCharacters: true,
}, },
isGitlabCom: true, isGitlabCom: true,
...@@ -101,6 +102,9 @@ describe('Settings Panel', () => { ...@@ -101,6 +102,9 @@ describe('Settings Panel', () => {
const findEmailSettings = () => wrapper.find({ ref: 'email-settings' }); const findEmailSettings = () => wrapper.find({ ref: 'email-settings' });
const findShowDefaultAwardEmojis = () => const findShowDefaultAwardEmojis = () =>
wrapper.find('input[name="project[project_setting_attributes][show_default_award_emojis]"]'); wrapper.find('input[name="project[project_setting_attributes][show_default_award_emojis]"]');
const findHideDiffsInEmail = () =>
wrapper.find('input[name="project[project_setting_attributes][hide_diffs_in_email]"]');
const findWarnAboutPuc = () => const findWarnAboutPuc = () =>
wrapper.find( wrapper.find(
'input[name="project[project_setting_attributes][warn_about_potentially_unwanted_characters]"]', 'input[name="project[project_setting_attributes][warn_about_potentially_unwanted_characters]"]',
...@@ -585,6 +589,13 @@ describe('Settings Panel', () => { ...@@ -585,6 +589,13 @@ describe('Settings Panel', () => {
expect(findShowDefaultAwardEmojis().exists()).toBe(true); expect(findShowDefaultAwardEmojis().exists()).toBe(true);
}); });
}); });
describe('Hide diffs in email', () => {
it('should show the "Hide Diffs in email" input', () => {
wrapper = mountComponent();
expect(findHideDiffsInEmail().exists()).toBe(true);
});
});
describe('Warn about potentially unwanted characters', () => { describe('Warn about potentially unwanted characters', () => {
it('should have a "Warn about Potentially Unwanted Characters" input', () => { it('should have a "Warn about Potentially Unwanted Characters" input', () => {
......
...@@ -964,6 +964,7 @@ RSpec.describe ProjectsHelper do ...@@ -964,6 +964,7 @@ RSpec.describe ProjectsHelper do
metricsDashboardAccessLevel: project.project_feature.metrics_dashboard_access_level, metricsDashboardAccessLevel: project.project_feature.metrics_dashboard_access_level,
operationsAccessLevel: project.project_feature.operations_access_level, operationsAccessLevel: project.project_feature.operations_access_level,
showDefaultAwardEmojis: project.show_default_award_emojis?, showDefaultAwardEmojis: project.show_default_award_emojis?,
hideDiffsInEmail: project.hide_diffs_in_email?,
securityAndComplianceAccessLevel: project.security_and_compliance_access_level, securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
containerRegistryAccessLevel: project.project_feature.container_registry_access_level containerRegistryAccessLevel: project.project_feature.container_registry_access_level
) )
......
...@@ -145,6 +145,7 @@ project_setting: ...@@ -145,6 +145,7 @@ project_setting:
- project_id - project_id
- push_rule_id - push_rule_id
- show_default_award_emojis - show_default_award_emojis
- hide_diffs_in_email
- updated_at - updated_at
- cve_id_request_enabled - cve_id_request_enabled
- mr_default_target_self - mr_default_target_self
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment