gitlab-org--gitlab-foss/lib/gitlab/project_search_results.rb

139 lines
3.5 KiB
Ruby
Raw Normal View History

module Gitlab
class ProjectSearchResults < SearchResults
attr_reader :project, :repository_ref
2018-01-31 09:59:59 -05:00
def initialize(current_user, project, query, repository_ref = nil, per_page: 20)
@current_user = current_user
@project = project
2016-11-10 12:27:09 -05:00
@repository_ref = repository_ref.presence || project.default_branch
@query = query
2018-01-31 09:59:59 -05:00
@per_page = per_page
end
def objects(scope, page = nil)
case scope
when 'notes'
notes.page(page).per(per_page)
when 'blobs'
Kaminari.paginate_array(blobs).page(page).per(per_page)
2014-09-05 06:33:05 -04:00
when 'wiki_blobs'
Kaminari.paginate_array(wiki_blobs).page(page).per(per_page)
when 'commits'
Kaminari.paginate_array(commits).page(page).per(per_page)
else
super(scope, page, false)
end
end
def blobs_count
@blobs_count ||= blobs.count
end
def notes_count
@notes_count ||= notes.count
end
2014-09-05 06:33:05 -04:00
def wiki_blobs_count
@wiki_blobs_count ||= wiki_blobs.count
end
def commits_count
@commits_count ||= commits.count
end
def self.parse_search_result(result, project = nil)
2016-11-10 12:27:09 -05:00
ref = nil
filename = nil
basename = nil
data = ""
2016-11-10 12:27:09 -05:00
startline = 0
result.strip.each_line.each_with_index do |line, index|
prefix ||= line.match(/^(?<ref>[^:]*):(?<filename>.*)\x00(?<startline>\d+)\x00/)&.tap do |matches|
ref = matches[:ref]
filename = matches[:filename]
startline = matches[:startline]
2016-11-10 12:27:09 -05:00
startline = startline.to_i - index
extname = Regexp.escape(File.extname(filename))
basename = filename.sub(/#{extname}$/, '')
end
data << line.sub(prefix.to_s, '')
2016-11-10 12:27:09 -05:00
end
2017-04-03 13:31:52 -04:00
FoundBlob.new(
2016-11-10 12:27:09 -05:00
filename: filename,
basename: basename,
ref: ref,
startline: startline,
data: data,
project_id: project ? project.id : nil
2016-11-10 12:27:09 -05:00
)
end
def single_commit_result?
commits_count == 1 && total_result_count == 1
end
def total_result_count
issues_count + merge_requests_count + milestones_count + notes_count + blobs_count + wiki_blobs_count + commits_count
end
private
def blobs
return [] unless Ability.allowed?(@current_user, :download_code, @project)
2017-05-12 03:16:33 -04:00
@blobs ||= Gitlab::FileFinder.new(project, repository_ref).find(query)
end
2014-09-05 06:33:05 -04:00
def wiki_blobs
return [] unless Ability.allowed?(@current_user, :read_wiki, @project)
2016-11-08 07:21:19 -05:00
@wiki_blobs ||= begin
if project.wiki_enabled? && query.present?
project_wiki = ProjectWiki.new(project)
2016-11-08 07:21:19 -05:00
unless project_wiki.empty?
project_wiki.search_files(query)
else
[]
end
else
[]
end
2014-09-05 06:33:05 -04:00
end
end
def notes
Merge branch 'jej-note-search-uses-finder' into 'security' Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Note lookup without access check - [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check - [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder` - [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`] - [x] :white_check_mark: lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
2016-12-08 20:56:31 -05:00
@notes ||= NotesFinder.new(project, @current_user, search: query).execute.user.order('updated_at DESC')
end
def commits
@commits ||= find_commits(query)
end
def find_commits(query)
return [] unless Ability.allowed?(@current_user, :download_code, @project)
commits = find_commits_by_message(query)
commit_by_sha = find_commit_by_sha(query)
commits |= [commit_by_sha] if commit_by_sha
commits
end
def find_commits_by_message(query)
project.repository.find_commits_by_message(query)
end
def find_commit_by_sha(query)
key = query.strip
project.repository.commit(key) if Commit.valid_hash?(key)
end
def project_ids_relation
project
end
end
end