From 3fbc34c0eee82b964cfc9544cc47b5e50f0e012b Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 5 Nov 2024 09:23:14 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .gitlab/ci/rules.gitlab-ci.yml | 4 - .../gitlab/documentation_links/link.yml | 1 - .../merge_requests/creations/new/index.js | 20 +- .../projects/merge_requests/edit/index.js | 6 +- .../merge_requests/init_markdown_editor.js | 11 + app/controllers/search_controller.rb | 35 +-- .../groups/deploy_tokens/revoke_service.rb | 2 + config/routes.rb | 1 + db/docs/zoekt_indices.yml | 3 +- db/docs/zoekt_repositories.yml | 3 +- doc/api/branches.md | 5 + doc/ci/pipelines/index.md | 9 + .../internal_api/gitlab_subscriptions.md | 206 ++++++++++-------- doc/user/project/merge_requests/manage.md | 5 + doc/user/project/repository/branches/index.md | 5 + doc/user/search/index.md | 21 ++ locale/gitlab.pot | 6 - .../gitlab_migration_members_spec.rb | 4 +- spec/controllers/search_controller_spec.rb | 39 +++- .../search/user_searches_for_code_spec.rb | 2 +- .../search/user_searches_for_issues_spec.rb | 2 +- .../search/user_searches_for_projects_spec.rb | 2 +- spec/lib/gitlab/database/sharding_key_spec.rb | 4 +- .../deploy_tokens/revoke_service_spec.rb | 19 ++ 24 files changed, 260 insertions(+), 155 deletions(-) create mode 100644 app/assets/javascripts/pages/projects/merge_requests/init_markdown_editor.js diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 61032c33764..4fb71cce30f 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -2683,8 +2683,6 @@ when: never - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/' when: never - # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - - <<: *if-default-branch-refs - <<: *if-default-refs changes: *dependency-patterns @@ -2694,8 +2692,6 @@ when: never - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/' when: never - # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - - <<: *if-default-branch-refs - <<: *if-default-refs changes: *python-patterns diff --git a/.rubocop_todo/gitlab/documentation_links/link.yml b/.rubocop_todo/gitlab/documentation_links/link.yml index b8b5215c7ab..5b287181d6c 100644 --- a/.rubocop_todo/gitlab/documentation_links/link.yml +++ b/.rubocop_todo/gitlab/documentation_links/link.yml @@ -16,7 +16,6 @@ Gitlab/DocumentationLinks/Link: - 'ee/app/helpers/ee/groups/settings_helper.rb' - 'ee/app/helpers/ee/import_helper.rb' - 'ee/app/helpers/projects/learn_gitlab_helper.rb' - - 'ee/app/helpers/vulnerabilities_helper.rb' - 'ee/lib/ee/gitlab/namespace_storage_size_error_message.rb' - 'ee/lib/gitlab/checks/secrets_check.rb' - 'ee/lib/gitlab/llm/chain/tools/tool.rb' diff --git a/app/assets/javascripts/pages/projects/merge_requests/creations/new/index.js b/app/assets/javascripts/pages/projects/merge_requests/creations/new/index.js index 7075d8ffbfd..6e6fe114fa9 100644 --- a/app/assets/javascripts/pages/projects/merge_requests/creations/new/index.js +++ b/app/assets/javascripts/pages/projects/merge_requests/creations/new/index.js @@ -1,15 +1,12 @@ import Vue from 'vue'; -import { mountMarkdownEditor } from 'ee_else_ce/vue_shared/components/markdown/mount_markdown_editor'; - +import { initMarkdownEditor } from 'ee_else_ce/pages/projects/merge_requests/init_markdown_editor'; import { findTargetBranch } from 'ee_else_ce/pages/projects/merge_requests/creations/new/branch_finder'; -import { parseBoolean } from '~/lib/utils/common_utils'; import initPipelines from '~/commit/pipelines/pipelines_bundle'; import MergeRequest from '~/merge_request'; import CompareApp from '~/merge_requests/components/compare_app.vue'; import { __ } from '~/locale'; -import IssuableTemplateSelectors from '~/issuable/issuable_template_selectors'; const mrNewCompareNode = document.querySelector('.js-merge-request-new-compare'); if (mrNewCompareNode) { @@ -119,23 +116,10 @@ if (mrNewCompareNode) { }); } else { const mrNewSubmitNode = document.querySelector('.js-merge-request-new-submit'); - const { projectId, targetBranch, sourceBranch, canSummarize } = - document.querySelector('.js-markdown-editor').dataset; // eslint-disable-next-line no-new new MergeRequest({ action: mrNewSubmitNode.dataset.mrSubmitAction, }); initPipelines(); - // eslint-disable-next-line no-new - new IssuableTemplateSelectors({ - warnTemplateOverride: true, - editor: mountMarkdownEditor({ - provide: { - projectId, - targetBranch, - sourceBranch, - canSummarizeChanges: parseBoolean(canSummarize ?? false), - }, - }), - }); + initMarkdownEditor(); } diff --git a/app/assets/javascripts/pages/projects/merge_requests/edit/index.js b/app/assets/javascripts/pages/projects/merge_requests/edit/index.js index 79d771ab993..6eed64f9e87 100644 --- a/app/assets/javascripts/pages/projects/merge_requests/edit/index.js +++ b/app/assets/javascripts/pages/projects/merge_requests/edit/index.js @@ -1,4 +1,4 @@ -import { mountMarkdownEditor } from 'ee_else_ce/vue_shared/components/markdown/mount_markdown_editor'; +import { initMarkdownEditor } from 'ee_else_ce/pages/projects/merge_requests/init_markdown_editor'; import { createAlert } from '~/alert'; import axios from '~/lib/utils/axios_utils'; @@ -6,7 +6,6 @@ import { __ } from '~/locale'; import { GitLabDropdown } from '~/deprecated_jquery_dropdown/gl_dropdown'; import initMergeRequest from '~/pages/projects/merge_requests/init_merge_request'; -import IssuableTemplateSelectors from '~/issuable/issuable_template_selectors'; import initCheckFormState from './check_form_state'; import initFormUpdate from './update_form'; @@ -74,5 +73,4 @@ initMergeRequest(); initFormUpdate(); initCheckFormState(); initTargetBranchSelector(); -// eslint-disable-next-line no-new -new IssuableTemplateSelectors({ warnTemplateOverride: true, editor: mountMarkdownEditor() }); +initMarkdownEditor(); diff --git a/app/assets/javascripts/pages/projects/merge_requests/init_markdown_editor.js b/app/assets/javascripts/pages/projects/merge_requests/init_markdown_editor.js new file mode 100644 index 00000000000..d2203622285 --- /dev/null +++ b/app/assets/javascripts/pages/projects/merge_requests/init_markdown_editor.js @@ -0,0 +1,11 @@ +import { mountMarkdownEditor } from 'ee_else_ce/vue_shared/components/markdown/mount_markdown_editor'; +import IssuableTemplateSelectors from '~/issuable/issuable_template_selectors'; + +export function initMarkdownEditor(provide = {}) { + return new IssuableTemplateSelectors({ + warnTemplateOverride: true, + editor: mountMarkdownEditor({ + provide, + }), + }); +} diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index bd136b38d74..dab10c706b2 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -28,11 +28,9 @@ class SearchController < ApplicationController around_action :allow_gitaly_ref_name_caching - before_action :block_all_anonymous_searches, - :block_anonymous_global_searches, - :check_scope_global_search_enabled, - except: :opensearch - skip_before_action :authenticate_user! + skip_before_action :authenticate_user!, unless: :authenticate? + + before_action :check_scope_global_search_enabled, except: :opensearch requires_cross_project_access if: -> do search_term_present = params[:search].present? || params[:term].present? @@ -131,6 +129,15 @@ class SearchController < ApplicationController private + def authenticate? + return false if action_name == 'opensearch' + return true if public_visibility_restricted? + return true if search_service.global_search? && ::Feature.enabled?(:block_anonymous_global_searches, type: :ops) + return true if ::Feature.disabled?(:allow_anonymous_searches, type: :ops) + + false + end + def multi_match?(search_type:, scope:) # rubocop: disable Lint/UnusedMethodArgument -- This is being overridden in EE false end @@ -262,24 +269,6 @@ class SearchController < ApplicationController end end - def block_anonymous_global_searches - return unless search_service.global_search? - return if current_user - return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops) - - store_location_for(:user, request.fullpath) - - redirect_to new_user_session_path, alert: _('You must be logged in to search across all of GitLab') - end - - def block_all_anonymous_searches - return if current_user || ::Feature.enabled?(:allow_anonymous_searches, type: :ops) - - store_location_for(:user, request.fullpath) - - redirect_to new_user_session_path, alert: _('You must be logged in to search') - end - def check_scope_global_search_enabled return unless search_service.global_search? diff --git a/app/services/groups/deploy_tokens/revoke_service.rb b/app/services/groups/deploy_tokens/revoke_service.rb index 0aa88f6190d..06cbdf02f3f 100644 --- a/app/services/groups/deploy_tokens/revoke_service.rb +++ b/app/services/groups/deploy_tokens/revoke_service.rb @@ -8,6 +8,8 @@ module Groups def execute @token = group.deploy_tokens.find(params[:id]) @token.revoke! + + ServiceResponse.success(message: 'Token was revoked') end end end diff --git a/config/routes.rb b/config/routes.rb index 9f75b845c7a..f271732a74a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -182,6 +182,7 @@ InitializerConnections.raise_if_new_database_connection do draw :subscription draw :gitlab_subscriptions draw :phone_verification + draw :arkose scope '/push_from_secondary/:geo_node_id' do draw :git_http diff --git a/db/docs/zoekt_indices.yml b/db/docs/zoekt_indices.yml index 7cc5baa0a5c..0ad0a2f4097 100644 --- a/db/docs/zoekt_indices.yml +++ b/db/docs/zoekt_indices.yml @@ -8,5 +8,4 @@ description: Represents a zoekt index for a root namespace introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138992 milestone: '16.8' gitlab_schema: gitlab_main_cell -sharding_key: - namespace_id: namespaces +exempt_from_sharding: true diff --git a/db/docs/zoekt_repositories.yml b/db/docs/zoekt_repositories.yml index 28db4ff86d5..dedf54eb05a 100644 --- a/db/docs/zoekt_repositories.yml +++ b/db/docs/zoekt_repositories.yml @@ -8,5 +8,4 @@ description: Represents a zoekt repository introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141864 milestone: '16.9' gitlab_schema: gitlab_main_cell -sharding_key: - project_identifier: projects +exempt_from_sharding: true diff --git a/doc/api/branches.md b/doc/api/branches.md index 9c69114b9f7..a032fd74f36 100644 --- a/doc/api/branches.md +++ b/doc/api/branches.md @@ -227,6 +227,11 @@ curl --request DELETE --header "PRIVATE-TOKEN: " \ --url "https://gitlab.example.com/api/v4/projects/5/repository/branches/newbranch" ``` +NOTE: +Deleting a merged branch does not completely erase all data. +Some information persists to maintain project history and to support recovery processes. +For more information, see [Handle sensitive information](../topics/git/undo.md#handle-sensitive-information). + ## Delete merged branches Deletes all branches that are merged into the project's default branch. diff --git a/doc/ci/pipelines/index.md b/doc/ci/pipelines/index.md index 4dffa415104..2bafa30097c 100644 --- a/doc/ci/pipelines/index.md +++ b/doc/ci/pipelines/index.md @@ -478,3 +478,12 @@ project repository. GitLab generates the special ref `refs/pipelines/` durin running pipeline job. This ref can be created even after the associated branch or tag has been deleted. It's therefore useful in some features such as [automatically stopping an environment](../environments/index.md#stopping-an-environment), and [merge trains](../pipelines/merge_trains.md) that might run pipelines after branch deletion. + +## Troubleshooting + +### Pipeline subscriptions continue after user deletion + +When a user [deletes their GitLab.com account](../../user/profile/account/delete_account.md#delete-your-own-account), +the deletion does not occur for seven days. During this period, any [pipeline subscriptions created by that user](#trigger-a-pipeline-when-an-upstream-project-is-rebuilt) +continue to run with the user's original permissions. To prevent unauthorized pipeline executions, +immediately update pipeline subscription settings for the deleted user. diff --git a/doc/development/internal_api/gitlab_subscriptions.md b/doc/development/internal_api/gitlab_subscriptions.md index 0bab89c83eb..15b2156d0b5 100644 --- a/doc/development/internal_api/gitlab_subscriptions.md +++ b/doc/development/internal_api/gitlab_subscriptions.md @@ -445,11 +445,6 @@ Example response: } ``` -## Migrating Endpoints - -These endpoints are going to be [migrated to internal endpoints](https://gitlab.com/gitlab-org/gitlab/-/issues/463741). After that, they will be -deprecated and then [removed in a future milestone](https://gitlab.com/gitlab-org/gitlab/-/issues/473625). - ### Add-On Purchases This API is used by CustomersDot to manage add-on purchases, excluding Compute Minutes @@ -492,7 +487,7 @@ Example request for create/update: curl --request POST \ --header --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " \ --header "Content-Type: application/json" \ ---data '{ "add_on_purchases": { "duo_pro": [{ "quantity": 1, "started_on": "", "expires_on": "", "purchase_xid": "A-S0000001", "trial": false }] } }' \ +--data '{ "add_on_purchases": { "duo_pro": [{ "quantity": 1, "started_on": "", "expires_on": "", "purchase_xid": "C-00123456", "trial": false }] } }' \ "https://gitlab.com/api/v4/internal/gitlab_subscriptions/namespaces/1234/subscription_add_on_purchases" ``` @@ -519,98 +514,24 @@ Example response: "quantity": 1, "started_on": "2024-01-01", "expires_on": "2024-12-31", - "purchase_xid": "A-S0000001", + "purchase_xid": "C-00123456", "trial": false } ] ``` -#### Create a subscription add-on purchase - -Use a POST command to create a subscription add-on purchase. - -```plaintext -POST /namespaces/:id/subscription_add_on_purchase/:add_on_name -``` - -| Attribute | Type | Required | Description | -|:------------|:--------|:---------|:------------| -| `quantity` | integer | yes | Amount of units in the subscription add-on purchase (Example: Number of seats for a Code Suggestions add-on) | -| `started_on` | date | yes | Date the subscription add-on purchase became available | -| `expires_on` | date | yes | Expiration date of the subscription add-on purchase | -| `purchase_xid` | string | yes | Identifier for the subscription add-on purchase (Example: Subscription name for a Code Suggestions add-on) | -| `trial` | boolean | no | Whether the add-on is a trial | - -Example request: - -```shell -curl --request POST --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions?&quantity=10&started_on="2024-06-15"&expires_on="2024-07-15"&purchase_xid="A-S12345678"&trial=true" -``` - -Example response: - -```json -{ - "namespace_id":1234, - "namespace_name":"A Namespace Name", - "add_on":"Code Suggestions", - "quantity":10, - "started_on":"2024-06-15", - "expires_on":"2024-07-15", - "purchase_xid":"A-S12345678", - "trial":true -} -``` - -#### Update a subscription add-on purchase - -Use a PUT command to update an existing subscription add-on purchase. - -```plaintext -PUT /namespaces/:id/subscription_add_on_purchase/:add_on_name -``` - -| Attribute | Type | Required | Description | -|:------------|:--------|:---------|:------------| -| `quantity` | integer | no | Amount of units in the subscription add-on purchase (Example: Number of seats for a Code Suggestions add-on) | -| `started_on` | date | yes | Date the subscription add-on purchase became available | -| `expires_on` | date | yes | Expiration date of the subscription add-on purchase | -| `purchase_xid` | string | no | Identifier for the subscription add-on purchase (Example: Subscription name for a Code Suggestions add-on) | -| `trial` | boolean | no | Whether the add-on is a trial | - -Example request: - -```shell -curl --request PUT --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions?&quantity=15&started_on="2024-06-15"&expires_on="2024-07-15"&purchase_xid="A-S12345678"&trial=true" -``` - -Example response: - -```json -{ - "namespace_id":1234, - "namespace_name":"A Namespace Name", - "add_on":"Code Suggestions", - "quantity":15, - "started_on":"2024-06-15", - "expires_on":"2024-07-15", - "purchase_xid":"A-S12345678", - "trial":true -} -``` - #### Fetch a subscription add-on purchases Use a GET command to view an existing subscription add-on purchase. ```plaintext -GET /namespaces/:id/subscription_add_on_purchase/:add_on_name +GET /internal/gitlab_subscriptions/namespaces/:id/subscription_add_on_purchases/:add_on_name ``` Example request: ```shell -curl --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions" +curl --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/internal/gitlab_subscriptions/namespaces/1234/subscription_add_on_purchases/code_suggestions" ``` Example response: @@ -623,7 +544,7 @@ Example response: "quantity":15, "started_on":"2024-06-15", "expires_on":"2024-07-15", - "purchase_xid":"A-S12345678", + "purchase_xid":"C-00123456", "trial":true } ``` @@ -708,6 +629,119 @@ Example response: } ``` +## Migrating Endpoints + +These endpoints are going to be [migrated to internal endpoints](https://gitlab.com/gitlab-org/gitlab/-/issues/463741). After that, they will be +deprecated and then [removed in a future milestone](https://gitlab.com/gitlab-org/gitlab/-/issues/473625). + +### Add-On Purchases (being migrated) + +This API is used by CustomersDot to manage add-on purchases, excluding Compute Minutes +and Storage packs. + +#### Create a subscription add-on purchase + +Use a POST command to create a subscription add-on purchase. + +```plaintext +POST /namespaces/:id/subscription_add_on_purchase/:add_on_name +``` + +| Attribute | Type | Required | Description | +|:------------|:--------|:---------|:------------| +| `quantity` | integer | yes | Amount of units in the subscription add-on purchase (Example: Number of seats for a Code Suggestions add-on) | +| `started_on` | date | yes | Date the subscription add-on purchase became available | +| `expires_on` | date | yes | Expiration date of the subscription add-on purchase | +| `purchase_xid` | string | yes | Identifier for the subscription add-on purchase (Example: Subscription name for a Code Suggestions add-on) | +| `trial` | boolean | no | Whether the add-on is a trial | + +Example request: + +```shell +curl --request POST --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions?&quantity=10&started_on="2024-06-15"&expires_on="2024-07-15"&purchase_xid="C-00123456"&trial=true" +``` + +Example response: + +```json +{ + "namespace_id":1234, + "namespace_name":"A Namespace Name", + "add_on":"Code Suggestions", + "quantity":10, + "started_on":"2024-06-15", + "expires_on":"2024-07-15", + "purchase_xid":"C-00123456", + "trial":true +} +``` + +#### Update a subscription add-on purchase + +Use a PUT command to update an existing subscription add-on purchase. + +```plaintext +PUT /namespaces/:id/subscription_add_on_purchase/:add_on_name +``` + +| Attribute | Type | Required | Description | +|:------------|:--------|:---------|:------------| +| `quantity` | integer | no | Amount of units in the subscription add-on purchase (Example: Number of seats for a Code Suggestions add-on) | +| `started_on` | date | yes | Date the subscription add-on purchase became available | +| `expires_on` | date | yes | Expiration date of the subscription add-on purchase | +| `purchase_xid` | string | no | Identifier for the subscription add-on purchase (Example: Subscription name for a Code Suggestions add-on) | +| `trial` | boolean | no | Whether the add-on is a trial | + +Example request: + +```shell +curl --request PUT --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions?&quantity=15&started_on="2024-06-15"&expires_on="2024-07-15"&purchase_xid="C-00123456"&trial=true" +``` + +Example response: + +```json +{ + "namespace_id":1234, + "namespace_name":"A Namespace Name", + "add_on":"Code Suggestions", + "quantity":15, + "started_on":"2024-06-15", + "expires_on":"2024-07-15", + "purchase_xid":"C-00123456", + "trial":true +} +``` + +#### Fetch a subscription add-on purchases + +Use a GET command to view an existing subscription add-on purchase. + +```plaintext +GET /namespaces/:id/subscription_add_on_purchase/:add_on_name +``` + +Example request: + +```shell +curl --header "X-CUSTOMERS-DOT-INTERNAL-TOKEN: " "https://gitlab.com/api/v4/namespaces/1234/subscription_add_on_purchase/code_suggestions" +``` + +Example response: + +```json +{ + "namespace_id":1234, + "namespace_name":"A Namespace Name", + "add_on":"Code Suggestions", + "quantity":15, + "started_on":"2024-06-15", + "expires_on":"2024-07-15", + "purchase_xid":"C-00123456", + "trial":true +} +``` + ### Compute quota provisioning (being migrated) > - [Renamed](https://gitlab.com/groups/gitlab-com/-/epics/2150) from "CI/CD minutes" to "compute quota" and "compute minutes" in GitLab 16.1. @@ -742,7 +776,7 @@ curl --request POST \ { "number_of_minutes": 10000, "expires_at": "2022-01-01", - "purchase_xid": "46952fe69bebc1a4de10b2b4ff439d0c" + "purchase_xid": "C-00123456" } ] }' @@ -756,7 +790,7 @@ Example response: "namespace_id": 123, "expires_at": "2022-01-01", "number_of_minutes": 10000, - "purchase_xid": "46952fe69bebc1a4de10b2b4ff439d0c" + "purchase_xid": "C-00123456" } ] ``` diff --git a/doc/user/project/merge_requests/manage.md b/doc/user/project/merge_requests/manage.md index 036da6418b9..077b4a6932a 100644 --- a/doc/user/project/merge_requests/manage.md +++ b/doc/user/project/merge_requests/manage.md @@ -25,6 +25,11 @@ To delete a merge request: 1. Select **Edit**. 1. Scroll to the bottom of the page, and select **Delete merge request**. +NOTE: +Deleting a merge request does not completely erase all data. +Some information persists to maintain project history and to support recovery processes. +For more information, see [Handle sensitive information](../../../topics/git/undo.md#handle-sensitive-information). + ## Bulk edit merge requests in a project These attributes are editable when bulk editing merge requests: diff --git a/doc/user/project/repository/branches/index.md b/doc/user/project/repository/branches/index.md index dd0d97a43de..49470746b5f 100644 --- a/doc/user/project/repository/branches/index.md +++ b/doc/user/project/repository/branches/index.md @@ -247,6 +247,11 @@ To do this: 1. Select **Delete merged branches**. 1. In the dialog, enter the word `delete` to confirm, then select **Delete merged branches**. +NOTE: +Deleting a merged branch does not completely erase all data. +Some information persists to maintain project history and to support recovery processes. +For more information, see [Handle sensitive information](../../../../topics/git/undo.md#handle-sensitive-information). + ## Configure workflows for target branches DETAILS: diff --git a/doc/user/search/index.md b/doc/user/search/index.md index 953f5c2a89a..89390787f47 100644 --- a/doc/user/search/index.md +++ b/doc/user/search/index.md @@ -34,6 +34,27 @@ To specify a search type, set the `search_type` URL parameter as follows: `search_type` replaces the deprecated `basic_search` parameter. For more information, see [issue 477333](https://gitlab.com/gitlab-org/gitlab/-/issues/477333). +## Restrict search access + +DETAILS: +**Offering:** Self-managed + +Prerequisites: + +- You must have administrator access to the instance. + +By default, requests to `/search` and global search are available for unauthenticated users. + +To restrict `/search` to authenticated users only, do one of the following: + +- [Restrict public visibility](../../administration/settings/visibility_and_access_controls.md#restrict-visibility-levels) + ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171368) in GitLab 17.6). +- Disable the `ops` feature flag `allow_anonymous_searches` + ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138975) in GitLab 16.7). + +To restrict global search to authenticated users only, +enable the `ops` feature flag `block_anonymous_global_searches`. + ## Global search scopes DETAILS: diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 643f16a8a86..517ebf28700 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -63844,12 +63844,6 @@ msgstr "" msgid "You must be authenticated to access this path." msgstr "" -msgid "You must be logged in to search" -msgstr "" - -msgid "You must be logged in to search across all of GitLab" -msgstr "" - msgid "You must confirm your email within %{cut_off_days} days of signing up. If you do not confirm your email in this timeframe, your account will be deleted and you will need to sign up for GitLab again." msgstr "" diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb index f0bedc9f0a4..3e34695b424 100644 --- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb +++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb @@ -25,7 +25,7 @@ module QA end it( - 'member retains indirect membership in imported project', + 'member retains indirect membership in imported project', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/354416' ) do expect_project_import_finished_successfully @@ -43,7 +43,7 @@ module QA end it( - 'member retains direct membership in imported project', + 'member retains direct membership in imported project', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/354417' ) do expect_project_import_finished_successfully diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index d96bd6c53b5..1afa1609b54 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -262,7 +262,7 @@ RSpec.describe SearchController, feature_category: :global_search do get :show, params: { scope: 'projects', search: '*' } expect(response).to redirect_to new_user_session_path - expect(flash[:alert]).to match(/You must be logged in/) + expect(flash[:alert]).to match(/You need to sign in or sign up before continuing/) end end end @@ -750,6 +750,43 @@ RSpec.describe SearchController, feature_category: :global_search do end context 'unauthorized user' do + describe 'redirecting' do + using RSpec::Parameterized::TableSyntax + + where(:restricted_visibility_levels, :allow_anonymous_searches, :block_anonymous_global_searches, :redirect) do + [Gitlab::VisibilityLevel::PUBLIC] | true | false | true + [Gitlab::VisibilityLevel::PRIVATE] | true | false | false + nil | true | false | false + nil | false | false | true + nil | true | true | true + nil | false | true | true + end + + with_them do + before do + stub_application_setting(restricted_visibility_levels: restricted_visibility_levels) + stub_feature_flags(allow_anonymous_searches: allow_anonymous_searches) + stub_feature_flags(block_anonymous_global_searches: block_anonymous_global_searches) + end + + it 'redirects to the sign in/sign up page when it should' do + get :show, params: { search: 'hello', scope: 'projects' } + + if redirect + expect(response).to redirect_to(new_user_session_path) + else + expect(response).not_to redirect_to(new_user_session_path) + end + end + + it 'does not redirect for the opensearch endpoint' do + get :opensearch + + expect(response).not_to redirect_to(new_user_session_path) + end + end + end + describe 'search rate limits' do using RSpec::Parameterized::TableSyntax diff --git a/spec/features/search/user_searches_for_code_spec.rb b/spec/features/search/user_searches_for_code_spec.rb index fc1d6da4075..ec30cfc6b16 100644 --- a/spec/features/search/user_searches_for_code_spec.rb +++ b/spec/features/search/user_searches_for_code_spec.rb @@ -134,7 +134,7 @@ RSpec.describe 'User searches for code', :js, :disable_rate_limiter, feature_cat it 'is redirected to login page' do visit(search_path) - expect(page).to have_content('You must be logged in to search across all of GitLab') + expect(page).to have_content('You need to sign in or sign up before continuing.') end end end diff --git a/spec/features/search/user_searches_for_issues_spec.rb b/spec/features/search/user_searches_for_issues_spec.rb index 3563107d9be..dc67f16f476 100644 --- a/spec/features/search/user_searches_for_issues_spec.rb +++ b/spec/features/search/user_searches_for_issues_spec.rb @@ -139,7 +139,7 @@ RSpec.describe 'User searches for issues', :js, :clean_gitlab_redis_rate_limitin it 'is redirected to login page' do visit(search_path) - expect(page).to have_content('You must be logged in to search across all of GitLab') + expect(page).to have_content('You need to sign in or sign up before continuing.') end end end diff --git a/spec/features/search/user_searches_for_projects_spec.rb b/spec/features/search/user_searches_for_projects_spec.rb index 8d94ed2a08e..b1d8ce69823 100644 --- a/spec/features/search/user_searches_for_projects_spec.rb +++ b/spec/features/search/user_searches_for_projects_spec.rb @@ -49,7 +49,7 @@ RSpec.describe 'User searches for projects', :js, :disable_rate_limiter, feature context 'when block_anonymous_global_searches is enabled' do it 'is redirected to login page' do visit(search_path) - expect(page).to have_content('You must be logged in to search across all of GitLab') + expect(page).to have_content('You need to sign in or sign up before continuing.') end end end diff --git a/spec/lib/gitlab/database/sharding_key_spec.rb b/spec/lib/gitlab/database/sharding_key_spec.rb index e13a2660f60..4e4d1dc6f75 100644 --- a/spec/lib/gitlab/database/sharding_key_spec.rb +++ b/spec/lib/gitlab/database/sharding_key_spec.rb @@ -70,8 +70,6 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do 'p_catalog_resource_sync_events.project_id', 'project_data_transfers.project_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/439201 'value_stream_dashboard_counts.namespace_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/439555 - 'zoekt_indices.namespace_id', - 'zoekt_repositories.project_identifier', 'zoekt_tasks.project_identifier', 'project_audit_events.project_id', 'group_audit_events.group_id', @@ -271,7 +269,7 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do tables_exempted_from_sharding.each do |entry| # See https://gitlab.com/gitlab-org/gitlab/-/issues/471182 - tables_to_be_fixed = %w[geo_nodes zoekt_nodes] + tables_to_be_fixed = %w[geo_nodes] pending 'These tables need to be fixed' if entry.table_name.in?(tables_to_be_fixed) fks = referenced_foreign_keys(entry.table_name).to_a diff --git a/spec/services/groups/deploy_tokens/revoke_service_spec.rb b/spec/services/groups/deploy_tokens/revoke_service_spec.rb index c302dd14e3b..fbd3924d2da 100644 --- a/spec/services/groups/deploy_tokens/revoke_service_spec.rb +++ b/spec/services/groups/deploy_tokens/revoke_service_spec.rb @@ -17,6 +17,11 @@ RSpec.describe Groups::DeployTokens::RevokeService, feature_category: :deploymen expect { subject }.to change { deploy_token.reload.revoked }.to eq(true) end + it 'returns a successful ServiceResponse' do + expect(subject).to be_kind_of(ServiceResponse) + expect(subject.success?).to be_truthy + end + context 'invalid token id' do let(:deploy_token_params) { { token_id: non_existing_record_id } } @@ -24,5 +29,19 @@ RSpec.describe Groups::DeployTokens::RevokeService, feature_category: :deploymen expect { subject }.to raise_error(ActiveRecord::RecordNotFound) end end + + context 'with raising revoke!' do + before do + allow(deploy_token).to receive(:revoke!) { raise ActiveRecord::RecordNotSaved } + + tokens = instance_double(ActiveRecord::Relation) + allow(tokens).to receive(:find).with(deploy_token.id).and_return(deploy_token) + allow(entity).to receive(:deploy_tokens).and_return(tokens) + end + + it 'raises error' do + expect { subject }.to raise_error(ActiveRecord::RecordNotSaved) + end + end end end