6d37fe952b
Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ⚠️ - Potentially untested 💣 - No test coverage 🚥 - Test coverage of some sort exists (a test failed when error raised) 🚦 - Test coverage of return value (a test failed when nil used) ✅ - Permissions check tested - [x] ✅ app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] ✅ app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030
72 lines
2.6 KiB
Ruby
72 lines
2.6 KiB
Ruby
class Projects::CycleAnalyticsController < Projects::ApplicationController
|
|
include ActionView::Helpers::DateHelper
|
|
include ActionView::Helpers::TextHelper
|
|
include CycleAnalyticsParams
|
|
|
|
before_action :authorize_read_cycle_analytics!
|
|
|
|
def show
|
|
@cycle_analytics = ::CycleAnalytics.new(@project, current_user, from: start_date(cycle_analytics_params))
|
|
|
|
stats_values, cycle_analytics_json = generate_cycle_analytics_data
|
|
|
|
@cycle_analytics_no_data = stats_values.blank?
|
|
|
|
respond_to do |format|
|
|
format.html
|
|
format.json { render json: cycle_analytics_json }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def cycle_analytics_params
|
|
return {} unless params[:cycle_analytics].present?
|
|
|
|
{ start_date: params[:cycle_analytics][:start_date] }
|
|
end
|
|
|
|
def generate_cycle_analytics_data
|
|
stats_values = []
|
|
|
|
cycle_analytics_view_data = [[:issue, "Issue", "Related Issues", "Time before an issue gets scheduled"],
|
|
[:plan, "Plan", "Related Commits", "Time before an issue starts implementation"],
|
|
[:code, "Code", "Related Merge Requests", "Time spent coding"],
|
|
[:test, "Test", "Relative Builds Trigger by Commits", "The time taken to build and test the application"],
|
|
[:review, "Review", "Relative Merged Requests", "The time taken to review the code"],
|
|
[:staging, "Staging", "Relative Deployed Builds", "The time taken in staging"],
|
|
[:production, "Production", "Related Issues", "The total time taken from idea to production"]]
|
|
|
|
stats = cycle_analytics_view_data.reduce([]) do |stats, (stage_method, stage_text, stage_legend, stage_description)|
|
|
value = @cycle_analytics.send(stage_method).presence
|
|
|
|
stats_values << value.abs if value
|
|
|
|
stats << {
|
|
title: stage_text,
|
|
description: stage_description,
|
|
legend: stage_legend,
|
|
value: value && !value.zero? ? distance_of_time_in_words(value) : nil
|
|
}
|
|
|
|
stats
|
|
end
|
|
|
|
issues = @cycle_analytics.summary.new_issues
|
|
commits = @cycle_analytics.summary.commits
|
|
deploys = @cycle_analytics.summary.deploys
|
|
|
|
summary = [
|
|
{ title: "New Issue".pluralize(issues), value: issues },
|
|
{ title: "Commit".pluralize(commits), value: commits },
|
|
{ title: "Deploy".pluralize(deploys), value: deploys }
|
|
]
|
|
|
|
cycle_analytics_hash = { summary: summary,
|
|
stats: stats,
|
|
permissions: @cycle_analytics.permissions(user: current_user)
|
|
}
|
|
|
|
[stats_values, cycle_analytics_hash]
|
|
end
|
|
end
|