gitlab-org--gitlab-foss/app/controllers/projects/milestones_controller.rb

# frozen_string_literal: true

class Projects::MilestonesController < Projects::ApplicationController
  include Gitlab::Utils::StrongMemoize
  include MilestoneActions

  before_action :check_issuables_available!
  before_action :milestone, only: [:edit, :update, :destroy, :show, :issues, :merge_requests, :participants, :labels, :promote]

  # Allow read any milestone
  before_action :authorize_read_milestone!

  # Allow admin milestone
  before_action :authorize_admin_milestone!, except: [:index, :show, :issues, :merge_requests, :participants, :labels]

  # Allow to promote milestone
  before_action :authorize_promote_milestone!, only: :promote

  respond_to :html

  feature_category :issue_tracking

  def index
    @sort = params[:sort] || 'due_date_asc'
    @milestones = milestones.sort_by_attribute(@sort)

    respond_to do |format|
      format.html do
        # We need to show group milestones in the JSON response
        # so that people can filter by and assign group milestones,
        # but we don't need to show them on the project milestones page itself.
        @milestones = @milestones.for_projects
        @milestones = @milestones.page(params[:page])
      end
      format.json do
        render json: @milestones.to_json(only: [:id, :title], methods: :name)
      end
    end
  end

  def new
    @milestone = @project.milestones.new
    respond_with(@milestone)
  end

  def edit
    respond_with(@milestone)
  end

  def show
    respond_to do |format|
      format.html
    end
  end

  def create
    @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute

    if @milestone.valid?
      redirect_to project_milestone_path(@project, @milestone)
    else
      render "new"
    end
  end

  def update
    @milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone)

    respond_to do |format|
      format.js
      format.html do
        if @milestone.valid?
          redirect_to project_milestone_path(@project, @milestone)
        else
          render :edit
        end
      end
    end
  end

  def promote
    promoted_milestone = Milestones::PromoteService.new(project, current_user).execute(milestone)
    flash[:notice] = flash_notice_for(promoted_milestone, project_group)

    respond_to do |format|
      format.html do
        redirect_to project_milestones_path(project)
      end
      format.json do
        render json: { url: project_milestones_path(project) }
      end
    end
  rescue Milestones::PromoteService::PromoteMilestoneError => error
    redirect_to milestone, alert: error.message
  end

  def flash_notice_for(milestone, group)
    ''.html_safe + "#{milestone.title} promoted to " + view_context.link_to('<u>group milestone</u>'.html_safe, group_milestone_path(group, milestone.iid)) + '.'
  end

  def destroy
    return access_denied! unless can?(current_user, :admin_milestone, @project)

    Milestones::DestroyService.new(project, current_user).execute(milestone)

    respond_to do |format|
      format.html { redirect_to namespace_project_milestones_path, status: :see_other }
      format.js { head :ok }
    end
  end

  protected

  def project_group
    strong_memoize(:project_group) do
      project.group
    end
  end

  def milestones
    strong_memoize(:milestones) do
      MilestonesFinder.new(search_params).execute
    end
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def milestone
    @milestone ||= @project.milestones.find_by!(iid: params[:id])
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def authorize_admin_milestone!
    return render_404 unless can?(current_user, :admin_milestone, @project)
  end

  def authorize_promote_milestone!
    return render_404 unless can?(current_user, :admin_milestone, project_group)
  end

  def milestone_params
    params.require(:milestone).permit(:title, :description, :start_date, :due_date, :state_event)
  end

  def search_params
    if request.format.json? && project_group && can?(current_user, :read_group, project_group)
      groups = project_group.self_and_ancestors.select(:id)
    end

    params.permit(:state, :search_title).merge(project_ids: @project.id, group_ids: groups)
  end
end
Enable even more frozen string in app/controllers Enables frozen string for some vestigial files as well as the following: * app/controllers/projects/*/.rb * app/controllers/sherlock/*/.rb * app/controllers/snippets/*/.rb * app/controllers/users/*/.rb Partially addresses #47424. 2018-09-26 03:45:43 +00:00			`# frozen_string_literal: true`

Move projects controllers/views in Projects module 2013-06-23 16:47:22 +00:00			`class Projects::MilestonesController < Projects::ApplicationController`
Include all ancestors milestones in json list & autocomplete 2018-06-01 07:52:55 +00:00			`include Gitlab::Utils::StrongMemoize`
Load milestone tabs asynchronously 2017-04-25 14:25:20 +00:00			`include MilestoneActions`

Use the new check_project_feature_available! method in project controllers 2017-06-20 11:13:04 +00:00			`before_action :check_issuables_available!`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 18:10:26 +00:00			`before_action :milestone, only: [:edit, :update, :destroy, :show, :issues, :merge_requests, :participants, :labels, :promote]`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`# Allow read any milestone`
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 12:03:37 +00:00			`before_action :authorize_read_milestone!`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`# Allow admin milestone`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 18:10:26 +00:00			`before_action :authorize_admin_milestone!, except: [:index, :show, :issues, :merge_requests, :participants, :labels]`
Merge branch 'security-issue_51301' into 'master' [master] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2598 2018-11-28 18:38:24 +00:00
			`# Allow to promote milestone`
			`before_action :authorize_promote_milestone!, only: :promote`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`respond_to :html`

Add latest changes from gitlab-org/gitlab@master 2020-10-08 18:08:32 +00:00			`feature_category :issue_tracking`

Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`def index`
Add dropdown sort to project milestones 2017-03-24 00:39:12 +00:00			`@sort = params[:sort] \|\| 'due_date_asc'`
[Rails5] Rename `sort` methods to `sort_by_attribute` 2018-04-04 09:19:47 +00:00			`@milestones = milestones.sort_by_attribute(@sort)`
Add dropdown sort to project milestones 2017-03-24 00:39:12 +00:00
Fixed issue with labels dropdown getting wrong labels 2016-03-16 18:08:35 +00:00			`respond_to do \|format\|`
Updated controller with before_action Fixed other issues based on feedback 2016-03-17 09:09:06 +00:00			`format.html do`
Native group milestones 2017-07-07 15:08:49 +00:00			`# We need to show group milestones in the JSON response`
			`# so that people can filter by and assign group milestones,`
			`# but we don't need to show them on the project milestones page itself.`
			`@milestones = @milestones.for_projects`
Use the configured Kaminari "per page" default 2016-03-19 21:37:54 +00:00			`@milestones = @milestones.page(params[:page])`
Updated controller with before_action Fixed other issues based on feedback 2016-03-17 09:09:06 +00:00			`end`
Fixed issue with labels dropdown getting wrong labels 2016-03-16 18:08:35 +00:00			`format.json do`
Add latest changes from gitlab-org/gitlab@master 2020-05-28 12:08:10 +00:00			`render json: @milestones.to_json(only: [:id, :title], methods: :name)`
Fixed issue with labels dropdown getting wrong labels 2016-03-16 18:08:35 +00:00			`end`
			`end`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`end`

			`def new`
			`@milestone = @project.milestones.new`
			`respond_with(@milestone)`
			`end`

			`def edit`
			`respond_with(@milestone)`
			`end`

			`def show`
Drop JSON response in Project Milestone along with avoiding error 2017-06-17 06:40:12 +00:00			`respond_to do \|format\|`
			`format.html`
			`end`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`end`

			`def create`
Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00			`@milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
Native group milestones 2017-07-07 15:08:49 +00:00			`if @milestone.valid?`
Create and use project path helpers that only need a project, no namespace 2017-06-29 17:06:35 +00:00			`redirect_to project_milestone_path(@project, @milestone)`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`else`
			`render "new"`
			`end`
			`end`

			`def update`
Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00			`@milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone)`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`respond_to do \|format\|`
			`format.js`
Context refactoring. Move Issues list, Search logic to context 2012-10-09 19:09:46 +00:00			`format.html do`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`if @milestone.valid?`
Create and use project path helpers that only need a project, no namespace 2017-06-29 17:06:35 +00:00			`redirect_to project_milestone_path(@project, @milestone)`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`else`
			`render :edit`
			`end`
			`end`
			`end`
			`end`

Allow promoting project milestones to group milestones 2017-10-31 15:03:52 +00:00			`def promote`
Fix promoting labels and milestones copy text 2018-03-13 16:36:13 +00:00			`promoted_milestone = Milestones::PromoteService.new(project, current_user).execute(milestone)`
Merge branch 'security-issue_51301' into 'master' [master] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2598 2018-11-28 18:38:24 +00:00			`flash[:notice] = flash_notice_for(promoted_milestone, project_group)`
Escapes milestone and label names when promoting them 2018-07-16 10:49:01 +00:00
used respond_to formats for persisting flash messages instead 2018-03-01 22:09:25 +00:00			`respond_to do \|format\|`
			`format.html do`
			`redirect_to project_milestones_path(project)`
			`end`
			`format.json do`
			`render json: { url: project_milestones_path(project) }`
			`end`
			`end`
Allow promoting project milestones to group milestones 2017-10-31 15:03:52 +00:00			`rescue Milestones::PromoteService::PromoteMilestoneError => error`
			`redirect_to milestone, alert: error.message`
			`end`

Escapes milestone and label names when promoting them 2018-07-16 10:49:01 +00:00			`def flash_notice_for(milestone, group)`
Enable even more frozen string in app/controllers Enables frozen string for some vestigial files as well as the following: * app/controllers/projects/*/.rb * app/controllers/sherlock/*/.rb * app/controllers/snippets/*/.rb * app/controllers/users/*/.rb Partially addresses #47424. 2018-09-26 03:45:43 +00:00			`''.html_safe + "#{milestone.title} promoted to " + view_context.link_to('<u>group milestone</u>'.html_safe, group_milestone_path(group, milestone.iid)) + '.'`
Escapes milestone and label names when promoting them 2018-07-16 10:49:01 +00:00			`end`

Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`def destroy`
Add support for destroying project milestones Closes https://github.com/gitlabhq/gitlabhq/issues/1504 2015-07-14 22:20:38 +00:00			`return access_denied! unless can?(current_user, :admin_milestone, @project)`

Create a "destroyed Milestone" event and keep Milestone events around in the DB for posterity. Also fix issue where destroying a Milestone would cause odd, transient messages like "created milestone" or "imported milestone". Add "in" preposition when creating and destroying milestones Closes #2382 2015-08-31 04:51:34 +00:00			`Milestones::DestroyService.new(project, current_user).execute(milestone)`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`respond_to do \|format\|`
Updates from `rubocop -a` 2018-07-02 10:43:06 +00:00			`format.html { redirect_to namespace_project_milestones_path, status: :see_other }`
Change deprecated usage of rendering without response body `render nothing: true` has been deprecated. For more information see [pr](https://github.com/rails/rails/pull/20336) 2016-03-16 01:16:25 +00:00			`format.js { head :ok }`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`end`
			`end`

			`protected`

Merge branch 'security-issue_51301' into 'master' [master] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2598 2018-11-28 18:38:24 +00:00			`def project_group`
			`strong_memoize(:project_group) do`
			`project.group`
			`end`
			`end`

Native group milestones 2017-07-07 15:08:49 +00:00			`def milestones`
Include all ancestors milestones in json list & autocomplete 2018-06-01 07:52:55 +00:00			`strong_memoize(:milestones) do`
Native group milestones 2017-07-07 15:08:49 +00:00			`MilestonesFinder.new(search_params).execute`
			`end`
			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: disable CodeReuse/ActiveRecord`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`def milestone`
Remove deprecated finders 2014-01-19 18:55:59 +00:00			`@milestone \|\|= @project.milestones.find_by!(iid: params[:id])`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: enable CodeReuse/ActiveRecord`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00
			`def authorize_admin_milestone!`
			`return render_404 unless can?(current_user, :admin_milestone, @project)`
			`end`

Merge branch 'security-issue_51301' into 'master' [master] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2598 2018-11-28 18:38:24 +00:00			`def authorize_promote_milestone!`
			`return render_404 unless can?(current_user, :admin_milestone, project_group)`
			`end`

Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00			`def milestone_params`
Add a starting date to milestones 2016-11-15 17:48:30 +00:00			`params.require(:milestone).permit(:title, :description, :start_date, :due_date, :state_event)`
Project hook, milestone, snippet strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:51:11 +00:00			`end`
Merge branch 'milestones-finder-order-fix' into 'security-10-3' Remove order param from the MilestoneFinder See merge request gitlab/gitlabhq!2259 (cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d) 155881e7 Remove order param from the MilestoneFinder 2018-01-05 17:53:31 +00:00
			`def search_params`
Merge branch 'security-issue_51301' into 'master' [master] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2598 2018-11-28 18:38:24 +00:00			`if request.format.json? && project_group && can?(current_user, :read_group, project_group)`
Fix MilestonesFinder to pass relations to scope Instead of querying relations into ids we just pass them to the model scope because the scope supports it now. Also changes other calls to `Milestone.for_projects_and_groups` 2019-01-11 14:58:18 +00:00			`groups = project_group.self_and_ancestors.select(:id)`
Merge branch 'milestones-finder-order-fix' into 'security-10-3' Remove order param from the MilestoneFinder See merge request gitlab/gitlabhq!2259 (cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d) 155881e7 Remove order param from the MilestoneFinder 2018-01-05 17:53:31 +00:00			`end`

Adds milestone search Adds to search ILIKE search for milestones title in: - Milestones dashboard - Group milestones page - Project milestones page 2019-01-17 14:35:23 +00:00			`params.permit(:state, :search_title).merge(project_ids: @project.id, group_ids: groups)`
Merge branch 'milestones-finder-order-fix' into 'security-10-3' Remove order param from the MilestoneFinder See merge request gitlab/gitlabhq!2259 (cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d) 155881e7 Remove order param from the MilestoneFinder 2018-01-05 17:53:31 +00:00			`end`
Milestone basic scaffold 2012-04-08 21:28:58 +00:00			`end`