Replace issue access checks with use of IssuableFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
## Which fixes are in this MR?
⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
✅ - Permissions check tested
### Issue lookup with access check
Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells).
- [x] 🚦 app/finders/notes_finder.rb:15 [`visible_to_user`]
- [x] 🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`]
- [x] ✅ app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`]
- [x] ✅ lib/api/issues.rb:112 [`visible_to_user`]
- CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone
- [x] ✅ lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too?
- [x] ✅ lib/gitlab/search_results.rb:53 [`visible_to_user`]
### Previous discussions
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87
See merge request !2031
Refresh project authorizations using a Redis lease
This MR changes `User#refresh_authorized_projects` so it uses a Redis lease instead of relying on serializable transactions. See the commit message(s) for more details.
See merge request !7733
When I proposed using serializable transactions I was hoping we would be
able to refresh data of individual users concurrently. Unfortunately
upon closer inspection it was revealed this was not the case. This could
result in a lot of queries failing due to serialization errors,
overloading the database in the process (given enough workers trying to
update the target table).
To work around this we're now using a Redis lease that is cancelled upon
completion. This ensures we can update the data of different users
concurrently without overloading the database.
The code will try to obtain the lease until it succeeds, waiting at
least 1 second between retries. This is necessary as we may otherwise
end up _not_ updating the data which is not an option.
Fix undefined error in CI linter
## What does this MR do?
This MR fixes undefined error in CI linter.
## Does this MR meet the acceptance criteria?
- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [x] Tests added for this feature/bug
## What are the relevant issue numbers?
Closes#24759
See merge request !7650
This moves the logic of detecting special repository files (e.g. a
README or a Koding configuration file) to a single class:
Gitlab::FileDetector. Moving this logic into a single place allows this
to be re-used more easily.
This commit also changes Repository#gitlab_ci_yaml so that its cached
similar to other data (e.g. the Koding configuration file).
Make job script a required configuration entry
## What does this MR do?
This MR makes a job script a required configuration entry.
## Does this MR meet the acceptance criteria?
- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
## What are the relevant issue numbers?
Closes#24575
See merge request !7566
add parsing support for incoming html email
## What does this MR do?
Fixes#18388 by adding support for parsing HTML email
## Are there points in the code the reviewer needs to double check?
The new class, Gitlab::Email::HTMLParser, which needs to translate the HTML content to text and also delete replies, as they are not necessarily in the correct format to be caught by EmailReplyParser. The solution I found that should work for any HTML-formatted email is to remove all `<table>` and `<blockquote>` tags. Actual `<table>` elements (to be interpreted by markdown) should already be encoded with e.g. `<table>` - the only failure mode is if there is an *actual* HTML table in the content itself, which we wouldn't be able to support easily anyways.
The gem `html2text` traverses the HTML tree and outputs text - and markdown in the case of HTML links or images.
See merge request !7397
Allow registering users where the username contains dots (.)
## What does this MR do?
- Allow registering users whose usernames contains dots `.`
- This can currently be done by registering with a username containing no dots, and then editing the username to have dots in the user's profile settings.
## Does this MR meet the acceptance criteria?
- [#24276/!7500] Unable to register names with dot
- [x] Implementation
- [x] Tests
- [x] Added
- [x] [Passing](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7500/builds)
- [x] Meta
- [x] CHANGELOG entry created
- [x] Documentation created/updated
- [x] API support added
- [x] Branch has no merge conflicts with `master`
- [x] Squashed related commits together
- [x] Review
- [x] Endboss
- [x] Use `Gitlab::Regex::NAMESPACE_REGEX_STR` instead of a hardcoded pattern
- [x] Define `NAMESPACE_REGEX_STR` in terms of `NAMESPACE_REGEX_STR_JS`
- [ ] Wait for merge
## What are the relevant issue numbers?
- Closes#24276
See merge request !7500
Javascript does not support the negative lookbehind assertion (?<!) used
in the Ruby regex (to disallow usernames ending in `.git` or `.atom`.
Getting the client side code to fully support this format is
non-trivial, since we'd either have to heavily complicate the
regex used, or modify the frontend code to support more complex
validation schemes (it currently uses HTML5 validations).
The pragmatic choice is to create a
`Gitlab::Regex::NAMESPACE_REGEX_STR_SIMPLE` regex to serve as a
Javascript-compatible version of `NAMESPACE_REGEX_STR`.
The client-side code will not display an error for usernames ending in
`.git` and `.atom`, but these will be caught by the server-side
validation.
Kamil Trzciński
Douwe Maan
Yorick Peterse
Z.J. van de Weg
Valery Sizov
Lin Jen-Shin
Sean McGivern
Dmitriy Zaporozhets
Rémy Coutable
James Lopez
Grzegorz Bizon
Tomasz Maczukin
Ahmad Sherif
Timothy Andrew
Andrew Smith