kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch '31157-respect-project-features-in-wiki-search' into 'security'

Browse source 
Respect project features in wiki and blob search

See merge request !2089
This commit is contained in:
Douwe Maan 2017-04-24 15:09:29 +00:00 committed by Bob Van Landuyt
parent d9ec830a83
commit 61a81a3ac2
3 changed files with 80 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
changelogs/unreleased/31157-respect-project-features-in-wiki-search.yml Normal file
View file

@ -0,0 +1,4 @@
---
title: Enforce project features when searching blobs and wikis
merge_request:
author:

4
lib/gitlab/project_search_results.rb
View file

@ -82,6 +82,8 @@ module Gitlab
private private
def blobs def blobs
return [] unless Ability.allowed?(@current_user, :download_code, @project)
@blobs ||= begin @blobs ||= begin
blobs = project.repository.search_files_by_content(query, repository_ref).first(100) blobs = project.repository.search_files_by_content(query, repository_ref).first(100)
found_file_names = Set.new found_file_names = Set.new
@ -102,6 +104,8 @@ module Gitlab
end end
def wiki_blobs def wiki_blobs
return [] unless Ability.allowed?(@current_user, :read_wiki, @project)
@wiki_blobs ||= begin @wiki_blobs ||= begin
if project.wiki_enabled? && query.present? if project.wiki_enabled? && query.present?
project_wiki = ProjectWiki.new(project) project_wiki = ProjectWiki.new(project)

75
spec/lib/gitlab/project_search_results_spec.rb
View file

@ -22,8 +22,37 @@ describe Gitlab::ProjectSearchResults, lib: true do
end end
describe 'blob search' do describe 'blob search' do
let(:project) { create(:project, :repository) } let(:project) { create(:project, :public, :repository) }
let(:results) { described_class.new(user, project, 'files').objects('blobs') }
subject(:results) { described_class.new(user, project, 'files').objects('blobs') }
context 'when repository is disabled' do
let(:project) { create(:project, :public, :repository, :repository_disabled) }
it 'hides blobs from members' do
project.add_reporter(user)
is_expected.to be_empty
end
it 'hides blobs from non-members' do
is_expected.to be_empty
end
end
context 'when repository is internal' do
let(:project) { create(:project, :public, :repository, :repository_private) }
it 'finds blobs for members' do
project.add_reporter(user)
is_expected.not_to be_empty
end
it 'hides blobs from non-members' do
is_expected.to be_empty
end
end
it 'finds by name' do it 'finds by name' do
expect(results).to include(["files/images/wm.svg", nil]) expect(results).to include(["files/images/wm.svg", nil])
@ -70,6 +99,46 @@ describe Gitlab::ProjectSearchResults, lib: true do
end end
end end
describe 'wiki search' do
let(:project) { create(:project, :public) }
let(:wiki) { build(:project_wiki, project: project) }
let!(:wiki_page) { wiki.create_page('Title', 'Content') }
subject(:results) { described_class.new(user, project, 'Content').objects('wiki_blobs') }
context 'when wiki is disabled' do
let(:project) { create(:project, :public, :wiki_disabled) }
it 'hides wiki blobs from members' do
project.add_reporter(user)
is_expected.to be_empty
end
it 'hides wiki blobs from non-members' do
is_expected.to be_empty
end
end
context 'when wiki is internal' do
let(:project) { create(:project, :public, :wiki_private) }
it 'finds wiki blobs for members' do
project.add_reporter(user)
is_expected.not_to be_empty
end
it 'hides wiki blobs from non-members' do
is_expected.to be_empty
end
end
it 'finds by content' do
expect(results).to include("master:Title.md:1:Content\n")
end
end
it 'does not list issues on private projects' do it 'does not list issues on private projects' do
issue = create(:issue, project: project) issue = create(:issue, project: project)
@ -79,7 +148,6 @@ describe Gitlab::ProjectSearchResults, lib: true do
end end
describe 'confidential issues' do describe 'confidential issues' do
let(:project) { create(:empty_project) }
let(:query) { 'issue' } let(:query) { 'issue' }
let(:author) { create(:user) } let(:author) { create(:user) }
let(:assignee) { create(:user) } let(:assignee) { create(:user) }
@ -277,6 +345,7 @@ describe Gitlab::ProjectSearchResults, lib: true do
context 'by commit hash' do context 'by commit hash' do
let(:project) { create(:project, :public, :repository) } let(:project) { create(:project, :public, :repository) }
let(:commit) { project.repository.commit('0b4bc9a') } let(:commit) { project.repository.commit('0b4bc9a') }
commit_hashes = { short: '0b4bc9a', full: '0b4bc9a49b562e85de7cc9e834518ea6828729b9' } commit_hashes = { short: '0b4bc9a', full: '0b4bc9a49b562e85de7cc9e834518ea6828729b9' }
commit_hashes.each do |type, commit_hash| commit_hashes.each do |type, commit_hash|