Commit graph

9 commits

Author SHA1 Message Date
Yorick Peterse
8a72f5c427
Added FromUnion to easily select from a UNION
This commit adds the module `FromUnion`, which provides the class method
`from_union`. This simplifies the process of selecting data from the
result of a UNION, and reduces the likelihood of making mistakes. As a
result, instead of this:

    union = Gitlab::SQL::Union.new([foo, bar])

    Foo.from("(#{union.to_sql}) #{Foo.table_name}")

We can now write this instead:

    Foo.from_union([foo, bar])

This commit also includes some changes to make this new setup work
properly. For example, a bug in Rails 4
(https://github.com/rails/rails/issues/24193) would break the use of
`from("sub-query-here").includes(:relation)` in certain cases. There was
also a CI query which appeared to repeat a lot of conditions from an
outer query on an inner query, which isn't necessary.

Finally, we include a RuboCop cop to ensure developers use this new
module, instead of using Gitlab::SQL::Union directly.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/51307
2018-09-17 12:39:43 +02:00
Bob Van Landuyt
f3f1df1476 Add a cop for FinderMethods
This notifies developers when calling `find(_by!)` chained on
`execute`. And suggests using the methods from `FinderMethods`. These
will perform the correct authorization checks on the resource when it
is found.
2018-06-20 18:13:13 +02:00
Yorick Peterse
6f292eaa69
Revert the addition of goldiloader
This reverts the addition of the "goldiloader" Gem and all use of it.
While this Gem is very promising it's causing a variety of problems on
GitLab.com due to it eager-loading too much data in places where we
don't expect/can handle this. At least for the time being this means we
have to go back to manually fixing N+1 query problems, but at least
those should not cause a negative impact on availability.
2018-04-18 15:51:39 +02:00
Sean McGivern
4ef3e3491e Add cop for has_many :through without disabled autoloading
Goldiloader is great, but has several issues with has_many :through relations:

* https://github.com/salsify/goldiloader/issues/12
* https://github.com/salsify/goldiloader/issues/14
* https://github.com/salsify/goldiloader/issues/18

Rather than try to figure out which applies in each case, we should just do the
drudge work of manually disabling autoloading for all relations of this type. We
can always use regular preloading for specific cases, but this way we avoid
generating invalid queries through Goldiloader's magic.
2018-04-09 12:47:04 +01:00
Douwe Maan
95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
2018-03-21 14:39:21 +00:00
Lin Jen-Shin
d6c69373e5 Make sure it's not offending to use local ||= val 2018-01-13 00:24:12 +08:00
Lin Jen-Shin
4f00a05152 Introduce PredicateMemoization cop and fix offenses
with StrongMemoize
2018-01-12 17:54:55 +08:00
Rémy Coutable
a2d39b8010 Use gitlab-styles
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-12-22 08:34:44 -06:00
Lin Jen-Shin
07d3d44775 Move ModuleWithInstanceVariables to Gitlab namespace
And use .rubocop.yml to exclude paths we don't care,
rather than using the cop itself to exclude.
2017-11-22 17:06:57 +08:00