Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
084b7edb
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
084b7edb
编写于
12月 19, 2018
作者:
G
Grzegorz Bizon
提交者:
Yorick Peterse
1月 31, 2019
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Do not expose trigger token when user should not see it
上级
9f67b886
变更
8
显示空白变更内容
内联
并排
Showing
8 changed file
with
68 addition
and
13 deletion
+68
-13
app/controllers/projects/triggers_controller.rb
app/controllers/projects/triggers_controller.rb
+3
-4
app/models/ci/trigger.rb
app/models/ci/trigger.rb
+1
-0
app/presenters/ci/trigger_presenter.rb
app/presenters/ci/trigger_presenter.rb
+19
-0
app/views/projects/triggers/_trigger.html.haml
app/views/projects/triggers/_trigger.html.haml
+1
-1
lib/api/entities.rb
lib/api/entities.rb
+4
-1
lib/api/helpers/presentable.rb
lib/api/helpers/presentable.rb
+29
-0
lib/api/triggers.rb
lib/api/triggers.rb
+2
-2
spec/requests/api/triggers_spec.rb
spec/requests/api/triggers_spec.rb
+9
-5
未找到文件。
app/controllers/projects/triggers_controller.rb
浏览文件 @
084b7edb
...
@@ -66,12 +66,11 @@ class Projects::TriggersController < Projects::ApplicationController
...
@@ -66,12 +66,11 @@ class Projects::TriggersController < Projects::ApplicationController
end
end
def
trigger
def
trigger
@trigger
||=
project
.
triggers
.
find
(
params
[
:id
])
||
render_404
@trigger
||=
project
.
triggers
.
find
(
params
[
:id
])
.
present
(
current_user:
current_user
)
end
end
def
trigger_params
def
trigger_params
params
.
require
(
:trigger
).
permit
(
params
.
require
(
:trigger
).
permit
(
:description
)
:description
)
end
end
end
end
app/models/ci/trigger.rb
浏览文件 @
084b7edb
...
@@ -4,6 +4,7 @@ module Ci
...
@@ -4,6 +4,7 @@ module Ci
class
Trigger
<
ActiveRecord
::
Base
class
Trigger
<
ActiveRecord
::
Base
extend
Gitlab
::
Ci
::
Model
extend
Gitlab
::
Ci
::
Model
include
IgnorableColumn
include
IgnorableColumn
include
Presentable
ignore_column
:deleted_at
ignore_column
:deleted_at
...
...
app/presenters/ci/trigger_presenter.rb
0 → 100644
浏览文件 @
084b7edb
# frozen_string_literal: true
module
Ci
class
TriggerPresenter
<
Gitlab
::
View
::
Presenter
::
Delegated
presents
:trigger
def
has_token_exposed?
can?
(
current_user
,
:admin_trigger
,
trigger
)
end
def
token
if
has_token_exposed?
trigger
.
token
else
trigger
.
short_token
end
end
end
end
app/views/projects/triggers/_trigger.html.haml
浏览文件 @
084b7edb
%tr
%tr
%td
%td
-
if
can?
(
current_user
,
:admin_trigger
,
trigger
)
-
if
trigger
.
has_token_exposed?
%span
=
trigger
.
token
%span
=
trigger
.
token
=
clipboard_button
(
text:
trigger
.
token
,
title:
"Copy trigger token to clipboard"
)
=
clipboard_button
(
text:
trigger
.
token
,
title:
"Copy trigger token to clipboard"
)
-
else
-
else
...
...
lib/api/entities.rb
浏览文件 @
084b7edb
...
@@ -1223,8 +1223,11 @@ module API
...
@@ -1223,8 +1223,11 @@ module API
end
end
class
Trigger
<
Grape
::
Entity
class
Trigger
<
Grape
::
Entity
include
::
API
::
Helpers
::
Presentable
expose
:id
expose
:id
expose
:token
,
:description
expose
:token
expose
:description
expose
:created_at
,
:updated_at
,
:last_used
expose
:created_at
,
:updated_at
,
:last_used
expose
:owner
,
using:
Entities
::
UserBasic
expose
:owner
,
using:
Entities
::
UserBasic
end
end
...
...
lib/api/helpers/presentable.rb
0 → 100644
浏览文件 @
084b7edb
# frozen_string_literal: true
module
API
module
Helpers
##
# This module makes it possible to use `app/presenters` with
# Grape Entities. It instantiates model presenter and passes
# options defined in the API endpoint to the presenter itself.
#
# present object, with: Entities::Something,
# current_user: current_user,
# another_option: 'my options'
#
# Example above will make `current_user` and `another_option`
# values available in the subclass of `Gitlab::View::Presenter`
# thorough a separate method in the presenter.
#
# The model class needs to have `::Presentable` module mixed in
# if you want to use `API::Helpers::Presentable`.
#
module
Presentable
extend
ActiveSupport
::
Concern
def
initialize
(
object
,
options
=
{})
super
(
object
.
present
(
options
),
options
)
end
end
end
end
lib/api/triggers.rb
浏览文件 @
084b7edb
...
@@ -51,7 +51,7 @@ module API
...
@@ -51,7 +51,7 @@ module API
triggers
=
user_project
.
triggers
.
includes
(
:trigger_requests
)
triggers
=
user_project
.
triggers
.
includes
(
:trigger_requests
)
present
paginate
(
triggers
),
with:
Entities
::
Trigger
present
paginate
(
triggers
),
with:
Entities
::
Trigger
,
current_user:
current_user
end
end
# rubocop: enable CodeReuse/ActiveRecord
# rubocop: enable CodeReuse/ActiveRecord
...
@@ -68,7 +68,7 @@ module API
...
@@ -68,7 +68,7 @@ module API
trigger
=
user_project
.
triggers
.
find
(
params
.
delete
(
:trigger_id
))
trigger
=
user_project
.
triggers
.
find
(
params
.
delete
(
:trigger_id
))
break
not_found!
(
'Trigger'
)
unless
trigger
break
not_found!
(
'Trigger'
)
unless
trigger
present
trigger
,
with:
Entities
::
Trigger
present
trigger
,
with:
Entities
::
Trigger
,
current_user:
current_user
end
end
desc
'Create a trigger'
do
desc
'Create a trigger'
do
...
...
spec/requests/api/triggers_spec.rb
浏览文件 @
084b7edb
require
'spec_helper'
require
'spec_helper'
describe
API
::
Triggers
do
describe
API
::
Triggers
do
let
(
:user
)
{
create
(
:user
)
}
set
(
:user
)
{
create
(
:user
)
}
let
(
:user2
)
{
create
(
:user
)
}
set
(
:user2
)
{
create
(
:user
)
}
let!
(
:trigger_token
)
{
'secure_token'
}
let!
(
:trigger_token
)
{
'secure_token'
}
let!
(
:trigger_token_2
)
{
'secure_token_2'
}
let!
(
:trigger_token_2
)
{
'secure_token_2'
}
let!
(
:project
)
{
create
(
:project
,
:repository
,
creator:
user
)
}
let!
(
:project
)
{
create
(
:project
,
:repository
,
creator:
user
)
}
...
@@ -132,14 +133,17 @@ describe API::Triggers do
...
@@ -132,14 +133,17 @@ describe API::Triggers do
end
end
describe
'GET /projects/:id/triggers'
do
describe
'GET /projects/:id/triggers'
do
context
'authenticated user w
ith valid permission
s'
do
context
'authenticated user w
ho can access trigger
s'
do
it
'returns
list of triggers
'
do
it
'returns
a list of triggers with tokens exposed correctly
'
do
get
api
(
"/projects/
#{
project
.
id
}
/triggers"
,
user
)
get
api
(
"/projects/
#{
project
.
id
}
/triggers"
,
user
)
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
response
).
to
include_pagination_headers
expect
(
response
).
to
include_pagination_headers
expect
(
json_response
).
to
be_a
(
Array
)
expect
(
json_response
).
to
be_a
(
Array
)
expect
(
json_response
[
0
]).
to
have_key
(
'token'
)
expect
(
json_response
.
size
).
to
eq
2
expect
(
json_response
.
dig
(
0
,
'token'
)).
to
eq
trigger_token
expect
(
json_response
.
dig
(
1
,
'token'
)).
to
eq
trigger_token_2
[
0
..
3
]
end
end
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录