Commit c0f35d7e authored by Rubén Dávila's avatar Rubén Dávila

Implement LFS File Locking API

All the endpoints required for Git LFS 2.3.4 have been implemented,
for more info please visit: https://github.com/git-lfs/git-lfs/blob/v2.3.4/docs/api/locking.md

Pagination has not been added given it's optional and Kaminari doesn't
support cursor based pagination yet.
parent 82e856ff
......@@ -10,6 +10,8 @@
module LfsRequest
extend ActiveSupport::Concern
CONTENT_TYPE = 'application/vnd.git-lfs+json'.freeze
included do
prepend EE::LfsRequest
before_action :require_lfs_enabled!
......@@ -51,7 +53,7 @@ module LfsRequest
message: 'Access forbidden. Check your access level.',
documentation_url: help_url
},
content_type: "application/vnd.git-lfs+json",
content_type: CONTENT_TYPE,
status: 403
)
end
......@@ -62,7 +64,7 @@ module LfsRequest
message: 'Not found.',
documentation_url: help_url
},
content_type: "application/vnd.git-lfs+json",
content_type: CONTENT_TYPE,
status: 404
)
end
......
......@@ -103,7 +103,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController
json: {
message: lfs_read_only_message
},
content_type: 'application/vnd.git-lfs+json',
content_type: LfsRequest::CONTENT_TYPE,
status: 403
)
end
......
class Projects::LfsLocksApiController < Projects::GitHttpClientController
include LfsRequest
def create
@result = Lfs::LockFileService.new(project, user, params).execute
render_json(@result[:lock])
end
def unlock
@result = Lfs::UnlockFileService.new(project, user, params).execute
render_json(@result[:lock])
end
def index
@result = Lfs::LocksFinderService.new(project, user, params).execute
render_json(@result[:locks])
end
def verify
@result = Lfs::LocksFinderService.new(project, user, {}).execute
ours, theirs = split_by_owner(@result[:locks])
render_json({ ours: ours, theirs: theirs }, false)
end
private
def render_json(data, process = true)
render json: build_payload(data, process),
content_type: LfsRequest::CONTENT_TYPE,
status: @result[:http_status]
end
def build_payload(data, process)
serialized_data = process ? LfsFileLockSerializer.new.represent(data) : data
if @result[:status] == :success
serialized_data
else
# When the locking failed due to an existent Lock the existent record
# is returned in `@result[:lock]`
error_payload(@result[:message], @result[:lock] ? serialized_data : {})
end
end
def error_payload(message, custom_attrs = {})
custom_attrs.merge({
message: message,
documentation_url: help_url
})
end
def split_by_owner(locks)
groups = locks.partition { |lock| lock.user_id == user.id }
groups.map! do |records|
LfsFileLockSerializer.new.represent(records, root: false)
end
end
def download_request?
%w(index).include?(params[:action])
end
def upload_request?
%w(create unlock verify).include?(params[:action])
end
end
class LfsFileLock < ActiveRecord::Base
belongs_to :project
belongs_to :user
validates :project_id, :user_id, :path, presence: true
validates :path, uniqueness: { scope: [:project_id] }
def can_be_unlocked_by?(current_user, forced = false)
return true if current_user.id == user_id
forced && current_user.can?(:admin_project, project)
end
end
......@@ -184,6 +184,7 @@ class Project < ActiveRecord::Base
has_many :releases
has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
has_many :lfs_objects, through: :lfs_objects_projects
has_many :lfs_file_locks
has_many :project_group_links
has_many :invited_groups, through: :project_group_links, source: :group
has_many :pages_domains
......
class LfsFileLockEntity < Grape::Entity
root 'locks', 'lock'
expose :path
expose(:id) { |entity| entity.id.to_s }
expose(:created_at, as: :locked_at) { |entity| entity.created_at.to_s(:iso8601) }
expose :owner do
expose(:name) { |entity| entity.user&.name }
end
end
class LfsFileLockSerializer < BaseSerializer
entity LfsFileLockEntity
end
module Lfs
class LockFileService < BaseService
def execute
if current_lock
error('already created lock', 409, current_lock)
else
create_lock!
end
rescue => ex
error(ex.message, 500)
end
private
def current_lock
@current_lock ||= project.lfs_file_locks.find_by(path: params[:path])
end
def create_lock!
lock = project.lfs_file_locks.create!(user: current_user,
path: params[:path])
success(http_status: 201, lock: lock)
end
def error(message, http_status, lock = nil)
{
status: :error,
message: message,
http_status: http_status,
lock: lock
}
end
end
end
module Lfs
class LocksFinderService < BaseService
def execute
success(locks: find_locks)
rescue => ex
error(ex.message, 500)
end
private
def find_locks
options = params.slice(:id, :path).compact.symbolize_keys
project.lfs_file_locks.where(options)
end
end
end
module Lfs
class UnlockFileService < BaseService
def execute
@lock = project.lfs_file_locks.find_by(id: params[:id])
return error('Lock not found', 404) unless @lock
unlock_file
rescue => ex
error(ex.message, 500)
end
private
def unlock_file
forced = params[:force] == true
if @lock.can_be_unlocked_by?(current_user, forced)
@lock.destroy!
success(lock: @lock, http_status: :ok)
elsif forced
error('You must have master access to force delete a lock', 403)
else
error("#{@lock.path} is locked by GitLab User #{current_user.id}", 403)
end
end
end
end
......@@ -14,4 +14,4 @@ Mime::Type.register "video/webm", :webm
Mime::Type.register "video/ogg", :ogv
Mime::Type.unregister :json
Mime::Type.register 'application/json', :json, %w(application/vnd.git-lfs+json application/json)
Mime::Type.register 'application/json', :json, [LfsRequest::CONTENT_TYPE, 'application/json']
......@@ -16,6 +16,13 @@ scope(path: '*namespace_id/:project_id',
get '/*oid', action: :deprecated
end
scope(path: 'info/lfs') do
resources :lfs_locks, controller: :lfs_locks_api, path: 'locks' do
post :unlock, on: :member
post :verify, on: :collection
end
end
# GitLab LFS object storage
scope(path: 'gitlab-lfs/objects/*oid', controller: :lfs_storage, constraints: { oid: /[a-f0-9]{64}/ }) do
get '/', action: :download
......
class CreateLfsFileLocks < ActiveRecord::Migration
DOWNTIME = false
def change
create_table :lfs_file_locks do |t|
t.references :project, null: false, index: true, foreign_key: { on_delete: :cascade }
t.references :user, null: false, index: true, foreign_key: { on_delete: :cascade }
t.string :path
t.datetime :created_at, null: false
end
end
end
......@@ -1302,6 +1302,16 @@ ActiveRecord::Schema.define(version: 20180204200836) do
t.string "filter"
end
create_table "lfs_file_locks", force: :cascade do |t|
t.integer "project_id", null: false
t.integer "user_id", null: false
t.string "path"
t.datetime "created_at", null: false
end
add_index "lfs_file_locks", ["project_id"], name: "index_lfs_file_locks_on_project_id", using: :btree
add_index "lfs_file_locks", ["user_id"], name: "index_lfs_file_locks_on_user_id", using: :btree
create_table "lfs_objects", force: :cascade do |t|
t.string "oid", null: false
t.integer "size", limit: 8, null: false
......@@ -2552,6 +2562,8 @@ ActiveRecord::Schema.define(version: 20180204200836) do
add_foreign_key "label_priorities", "projects", on_delete: :cascade
add_foreign_key "labels", "namespaces", column: "group_id", on_delete: :cascade
add_foreign_key "labels", "projects", name: "fk_7de4989a69", on_delete: :cascade
add_foreign_key "lfs_file_locks", "projects", on_delete: :cascade
add_foreign_key "lfs_file_locks", "users", on_delete: :cascade
add_foreign_key "lists", "boards", name: "fk_0d3f677137", on_delete: :cascade
add_foreign_key "lists", "labels", name: "fk_7a5553d60f", on_delete: :cascade
add_foreign_key "members", "users", name: "fk_2e88fb7ce9", on_delete: :cascade
......
......@@ -17,7 +17,7 @@ module EE
message: ::Gitlab::RepositorySizeError.new(project).push_error(@exceeded_limit), # rubocop:disable Gitlab/ModuleWithInstanceVariables
documentation_url: help_url
},
content_type: "application/vnd.git-lfs+json",
content_type: ::LfsRequest::CONTENT_TYPE,
status: 406
)
end
......
......@@ -27,6 +27,8 @@ project_tree:
- :releases
- project_members:
- :user
- lfs_file_locks:
- :user
- merge_requests:
- notes:
- :author
......
FactoryBot.define do
factory :lfs_file_lock do
user
project
path 'README.md'
end
end
......@@ -305,6 +305,7 @@ project:
- fork_network_member
- fork_network
- custom_attributes
- lfs_file_locks
award_emoji:
- awardable
- user
......@@ -322,3 +323,5 @@ issue_assignees:
epic_issues:
- issue
- epic
lfs_file_locks:
- user
......@@ -550,3 +550,9 @@ ProjectCustomAttribute:
- project_id
- key
- value
LfsFileLock:
- id
- path
- user_id
- project_id
- created_at
require 'rails_helper'
describe LfsFileLock do
set(:lfs_file_lock) { create(:lfs_file_lock) }
subject { lfs_file_lock }
it { is_expected.to belong_to(:project) }
it { is_expected.to belong_to(:user) }
it { is_expected.to validate_presence_of(:project_id) }
it { is_expected.to validate_presence_of(:user_id) }
it { is_expected.to validate_presence_of(:path) }
it { is_expected.to validate_uniqueness_of(:path).scoped_to(:project_id) }
describe '#can_be_unlocked_by?' do
let(:developer) { create(:user) }
let(:master) { create(:user) }
before do
project = lfs_file_lock.project
project.add_developer(developer)
project.add_master(master)
end
context "when it's forced" do
it 'can be unlocked by the author' do
user = lfs_file_lock.user
expect(lfs_file_lock.can_be_unlocked_by?(user, true)).to eq(true)
end
it 'can be unlocked by a master' do
expect(lfs_file_lock.can_be_unlocked_by?(master, true)).to eq(true)
end
it "can't be unlocked by other user" do
expect(lfs_file_lock.can_be_unlocked_by?(developer, true)).to eq(false)
end
end
context "when it isn't forced" do
it 'can be unlocked by the author' do
user = lfs_file_lock.user
expect(lfs_file_lock.can_be_unlocked_by?(user)).to eq(true)
end
it "can't be unlocked by a master" do
expect(lfs_file_lock.can_be_unlocked_by?(master)).to eq(false)
end
it "can't be unlocked by other user" do
expect(lfs_file_lock.can_be_unlocked_by?(developer)).to eq(false)
end
end
end
end
......@@ -81,6 +81,7 @@ describe Project do
it { is_expected.to have_many(:members_and_requesters) }
it { is_expected.to have_many(:clusters) }
it { is_expected.to have_many(:custom_attributes).class_name('ProjectCustomAttribute') }
it { is_expected.to have_many(:lfs_file_locks) }
context 'after initialized' do
it "has a project_feature" do
......
......@@ -1302,7 +1302,7 @@ describe 'Git LFS API and storage' do
end
def post_lfs_json(url, body = nil, headers = nil)
post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => 'application/vnd.git-lfs+json'))
post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
end
def json_response
......
require 'spec_helper'
describe 'Git LFS File Locking API' do
include WorkhorseHelpers
let(:project) { create(:project) }
let(:master) { create(:user) }
let(:developer) { create(:user) }
let(:guest) { create(:user) }
let(:path) { 'README.md' }
let(:headers) do
{
'Authorization' => authorization
}.compact
end
shared_examples 'unauthorized request' do
context 'when user is not authorized' do
let(:authorization) { authorize_user(guest) }
it 'returns a forbidden 403 response' do
post_lfs_json url, body, headers
expect(response).to have_gitlab_http_status(403)
end
end
end
before do
allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
project.add_developer(master)
project.add_developer(developer)
project.add_guest(guest)
end
describe 'Create File Lock endpoint' do
let(:url) { "#{project.http_url_to_repo}/info/lfs/locks" }
let(:authorization) { authorize_user(developer) }
let(:body) { { path: path } }
include_examples 'unauthorized request'
context 'with an existent lock' do
before do
lock_file('README.md', developer)
end
it 'responds with 409' do
post_lfs_json url, body, headers
expect(response).to have_gitlab_http_status(409)
expect(json_response.keys).to match_array(%w(lock message documentation_url))
expect(json_response['message']).to match(/already created lock/)
end
end
context 'without an existent lock' do
it 'responds with 201' do
post_lfs_json url, body, headers
expect(response).to have_gitlab_http_status(201)
expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
end
end
end
describe 'Listing File Locks endpoint' do
let(:url) { "#{project.http_url_to_repo}/info/lfs/locks" }
let(:authorization) { authorize_user(developer) }
include_examples 'unauthorized request'
it 'responds with 200' do
lock_file('README.md', developer)
lock_file('README', developer)
do_get url, nil, headers
expect(response).to have_gitlab_http_status(200)
expect(json_response['locks'].size).to eq(2)
expect(json_response['locks'].first.keys).to match_array(%w(id path locked_at owner))
end
end
describe 'List File Locks for verification endpoint' do
let(:url) { "#{project.http_url_to_repo}/info/lfs/locks/verify" }
let(:authorization) { authorize_user(developer) }
include_examples 'unauthorized request'
it 'responds with 200' do
lock_file('README.md', master)
lock_file('README', developer)
post_lfs_json url, nil, headers
expect(response).to have_gitlab_http_status(200)
expect(json_response['ours'].size).to eq(1)
expect(json_response['ours'].first['path']).to eq('README')
expect(json_response['theirs'].size).to eq(1)
expect(json_response['theirs'].first['path']).to eq('README.md')
end
end
describe 'Delete File Lock endpoint' do
let!(:lock) { lock_file('README.md', developer) }
let(:url) { "#{project.http_url_to_repo}/info/lfs/locks/#{lock[:id]}/unlock" }
let(:authorization) { authorize_user(developer) }
include_examples 'unauthorized request'
context 'with an existent lock' do
it 'responds with 200' do
post_lfs_json url, nil, headers
expect(response).to have_gitlab_http_status(200)
expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
end
end
end
def lock_file(path, author)
result = Lfs::LockFileService.new(project, author, { path: path }).execute
result[:lock]
end
def authorize_user(user)
ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.password)
end
def post_lfs_json(url, body = nil, headers = nil)
post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
end
def do_get(url, params = nil, headers = nil)
get(url, (params || {}), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
end
def json_response
@json_response ||= JSON.parse(response.body)
end
end
require 'spec_helper'
describe LfsFileLockEntity do
let(:user) { create(:user) }
let(:resource) { create(:lfs_file_lock, user: user) }
let(:request) { double('request', current_user: user) }
subject { described_class.new(resource, request: request).as_json }
it 'exposes basic attrs of the lock' do
expect(subject).to include(:id, :path, :locked_at)
end
it 'exposes the owner info' do
expect(subject).to include(:owner)
expect(subject[:owner][:name]).to eq(user.name)
end
end
require 'spec_helper'
describe Lfs::LockFileService do
let(:project) { create(:project) }
let(:user) { create(:user) }
subject { described_class.new(project, user, params) }
describe '#execute' do
let(:params) { { path: 'README.md' } }
context 'with an existent lock' do
let!(:lock) { create(:lfs_file_lock, project: project) }
it "doesn't succeed" do
expect(subject.execute[:status]).to eq(:error)
end
it "doesn't create the Lock" do
expect do
subject.execute
end.not_to change { LfsFileLock.count }
end
end
context 'without an existent lock' do
it "succeeds" do
expect(subject.execute[:status]).to eq(:success)
end
it "creates the Lock" do
expect do
subject.execute
end.to change { LfsFileLock.count }.by(1)
end
end
context 'when an error is raised' do
it "doesn't succeed" do
allow_any_instance_of(described_class).to receive(:create_lock!).and_raise(StandardError)
expect(subject.execute[:status]).to eq(:error)
end
end
end
end
require 'spec_helper'
describe Lfs::LocksFinderService do
let(:project) { create(:project) }
let(:user) { create(:user) }
let(:params) { Hash.new }
subject { described_class.new(project, user, params) }
shared_examples 'no results' do
it 'returns an empty list' do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:locks]).to be_blank
end
end
describe '#execute' do
let!(:lock_1) { create(:lfs_file_lock, project: project) }
let!(:lock_2) { create(:lfs_file_lock, project: project, path: 'README') }
context 'find by id' do
context 'with results' do
let(:params) do
{ id: lock_1.id }
end
it 'returns the record' do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:locks].size).to eq(1)
expect(result[:locks].first).to eq(lock_1)
end
end
context 'without results' do
let(:params) do
{ id: 123 }
end
include_examples 'no results'
end
end
context 'find by path' do
context 'with results' do
let(:params) do
{ path: lock_1.path }
end
it 'returns the record' do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:locks].size).to eq(1)
expect(result[:locks].first).to eq(lock_1)
end
end
context 'without results' do
let(:params) do
{ path: 'not-found' }
end
include_examples 'no results'
end
end
context 'find all' do
context 'with results' do
it 'returns all the records' do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:locks].size).to eq(2)
end
end
context 'without results' do
before do
LfsFileLock.delete_all
end
include_examples 'no results'
end
end
context 'when an error is raised' do
it "doesn't succeed" do
allow_any_instance_of(described_class).to receive(:find_locks).and_raise(StandardError)
result = subject.execute
expect(result[:status]).to eq(:error)
expect(result[:locks]).to be_blank
end
end
end
end
require 'spec_helper'
describe Lfs::UnlockFileService do
let(:project) { create(:project) }
let(:user) { create(:user) }
let!(:lock) { create(:lfs_file_lock, user: user, project: project) }
subject { described_class.new(project, user, params) }
describe '#execute' do
context 'when lock does not exists' do
let(:params) { { id: 123 } }
it "doesn't succeed" do
result = subject.execute
expect(result[:status]).to eq(:error)
expect(result[:http_status]).to eq(404)
end
end
context 'when unlocked by the author' do
let(:params) { { id: lock.id } }
it "succeeds" do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:lock]).to be_present
end
end
context 'when unlocked by a different user' do
let(:user) { create(:user) }
it "doesn't succeed" do
result = subject.execute
expect(result[:status]).to eq(:error)
expect(result[:message]).to match(/is locked by GitLab User #{user.id}/)
expect(result[:http_status]).to eq(403)
end
end
context 'when forced' do
let(:developer) { create(:user) }
let(:master) { create(:user) }
before do
project.add_developer(developer)
project.add_master(master)
end
context 'by a regular user' do
let(:user) { developer }
let(:params) do
{ id: lock.id,
force: true }
end
it "doesn't succeed" do
result = subject.execute
expect(result[:status]).to eq(:error)
expect(result[:message]).to match(/You must have master access/)
expect(result[:http_status]).to eq(403)
end
end
context 'by a master user' do
let(:user) { developer }
let(:params) do
{ id: lock.id,
force: true }
end
it "succeeds" do
result = subject.execute
expect(result[:status]).to eq(:success)
expect(result[:lock]).to be_present
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment