Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of abf.rosalinux.ru:abf/rosa-build

This commit is contained in:
Alexander Machehin 2015-06-02 22:32:47 +05:00
parent 635bc92d8e 8558bc6e4b
commit 320863e26d
124 changed files with 1297 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -6,8 +6,6 @@ gem 'activeadmin', github: 'activeadmin'
gem 'pg'
gem 'schema_plus', '~> 1.5'
########
gem 'protected_attributes'
########
gem 'devise'
gem 'omniauth'
gem 'omniauth-facebook'

33
Gemfile.lock
View File

@ -10,9 +10,9 @@ GIT
GIT
remote: git://github.com/activeadmin/activeadmin.git
revision: e27ccba8a7ea1f7f3085748decec1f6911f6d5d2
revision: 9c46b14ea0d9b3aaaa3d7520555c9959d06ce7f3
specs:
activeadmin (1.0.0.pre)
activeadmin (1.0.0.pre1)
arbre (~> 1.0, >= 1.0.2)
bourbon
coffee-rails
@ -104,7 +104,7 @@ GEM
bootstrap-sass (3.3.3)
autoprefixer-rails (>= 5.0.0.1)
sass (>= 3.2.19)
bourbon (4.2.1)
bourbon (4.2.3)
sass (~> 3.4)
thor
builder (3.2.2)
@ -130,10 +130,10 @@ GEM
coffee-rails (4.1.0)
coffee-script (>= 2.2.0)
railties (>= 4.0.0, < 5.0)
coffee-script (2.3.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.9.1)
coffee-script-source (1.9.1.1)
compass (1.0.3)
chunky_png (~> 1.2)
compass-core (~> 1.0.2)
@ -170,7 +170,7 @@ GEM
erubis (2.7.0)
escape_utils (1.0.1)
eventmachine (1.0.5)
execjs (2.3.0)
execjs (2.5.2)
expression_parser (0.9.0)
factory_girl (4.5.0)
activesupport (>= 3.0.0)
@ -184,7 +184,7 @@ GEM
railties (>= 3.2, < 5.0)
formtastic (3.1.3)
actionpack (>= 3.2.13)
formtastic_i18n (0.1.1)
formtastic_i18n (0.4.1)
friendly_id (5.1.0)
activerecord (>= 4.0.0)
gemoji (2.1.0)
@ -244,7 +244,7 @@ GEM
jquery-rails (3.1.2)
railties (>= 3.0, < 5.0)
thor (>= 0.14, < 2.0)
jquery-ui-rails (5.0.3)
jquery-ui-rails (5.0.5)
railties (>= 3.2.16)
js-routes (1.0.0)
railties (>= 3.2)
@ -280,7 +280,7 @@ GEM
railties (>= 3.0.0, < 5.0.0)
mime-types (1.25.1)
mini_portile (0.6.2)
minitest (5.6.0)
minitest (5.6.1)
mock_redis (0.14.0)
momentjs-rails (2.9.0)
railties (>= 3.1)
@ -339,11 +339,9 @@ GEM
cocaine (~> 0.5.3)
mime-types
pg (0.18.1)
polyamorous (1.1.0)
polyamorous (1.2.0)
activerecord (>= 3.0)
posix-spawn (0.3.10)
protected_attributes (1.0.9)
activemodel (>= 4.0.1, < 5.0)
puma (2.11.1)
rack (>= 1.1, < 2.0)
pundit (0.3.0)
@ -351,7 +349,7 @@ GEM
pygments.rb (0.6.2)
posix-spawn (~> 0.3.6)
yajl-ruby (~> 1.2.0)
rack (1.5.2)
rack (1.5.3)
rack-contrib (1.2.0)
rack (>= 0.9.1)
rack-mini-profiler (0.9.3)
@ -385,12 +383,12 @@ GEM
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (10.4.2)
ransack (1.6.3)
ransack (1.6.6)
actionpack (>= 3.0)
activerecord (>= 3.0)
activesupport (>= 3.0)
i18n
polyamorous (~> 1.1)
polyamorous (~> 1.2)
rb-fsevent (0.9.4)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
@ -471,7 +469,7 @@ GEM
safe_yaml (1.0.4)
sanitize (2.1.0)
nokogiri (>= 1.4.4)
sass (3.4.13)
sass (3.4.14)
sass-rails (5.0.1)
railties (>= 4.0.0, < 5.0)
sass (~> 3.1)
@ -514,7 +512,7 @@ GEM
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.2.4)
sprockets-rails (2.3.1)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
@ -636,7 +634,6 @@ DEPENDENCIES
paperclip
perform_later!
pg
protected_attributes
puma
pundit
rack-mini-profiler

1
app/admin/build_scripts.rb
View File

@ -1,4 +1,5 @@
ActiveAdmin.register BuildScript do
permit_params :project_name, :treeish, :commit, :sha1, :status
menu priority: 4

1
app/admin/flash_notifies.rb
View File

@ -1,4 +1,5 @@
ActiveAdmin.register FlashNotify do
permit_params :body_ru, :body_en, :status, :published
menu parent: 'Misc'

1
app/admin/node_instructions.rb
View File

@ -1,4 +1,5 @@
ActiveAdmin.register NodeInstruction do
permit_params :instruction, :user_id, :output, :status
menu priority: 3

680
app/assets/stylesheets/BootstrapXL.css Normal file
View File

@ -0,0 +1,680 @@
/*
* https://github.com/lu4/BootstrapXL/blob/7c64e2ea5ee1f72ed3db9892c091d5a0380c4518/BootstrapXL.css
*
* CSS file with Bootstrap grid classes for screens bigger than 1600px. Just add this file after the Bootstrap CSS file and you will be able to use col-xl, col-xl-push, hidden-xl, etc.
*
* Author: Marc van Nieuwenhuijzen
* Company: WebVakman
* Site: WebVakman.nl
*
*/
.visible-xs,
.visible-xs-block,
.visible-xs-inline,
.visible-xs-inline-block,
.visible-sm,
.visible-sm-block,
.visible-sm-inline,
.visible-sm-inline-block,
.visible-md,
.visible-md-block,
.visible-md-inline,
.visible-md-inline-block,
.visible-lg,
.visible-lg-block,
.visible-lg-inline,
.visible-lg-inline-block,
.visible-xl,
.visible-xl-block,
.visible-xl-inline,
.visible-xl-inline-block,
.visible-xx,
.visible-xx-block,
.visible-xx-inline,
.visible-xx-inline-block {
display: none !important;
}
@media (max-width: 768px) {
.visible-xs {
display: block !important;
}
table.visible-xs {
display: table;
}
tr.visible-xs {
display: table-row !important;
}
th.visible-xs, td.visible-xs {
display: table-cell !important;
}
.visible-xs-block {
display: block !important;
}
.visible-xs-inline {
display: inline !important;
}
.visible-xs-inline-block {
display: inline-block !important;
}
.hidden-xs {
display: none !important;
}
}
@media (min-width: 768px) and (max-width: 991px) {
.visible-sm {
display: block !important;
}
table.visible-sm {
display: table;
}
tr.visible-sm {
display: table-row !important;
}
th.visible-sm, td.visible-sm {
display: table-cell !important;
}
.visible-sm-block {
display: block !important;
}
.visible-sm-inline {
display: inline !important;
}
.visible-sm-inline-block {
display: inline-block !important;
}
.hidden-sm {
display: none !important;
}
}
@media (min-width: 992px) and (max-width: 1199px) {
.visible-md {
display: block !important;
}
table.visible-md {
display: table;
}
tr.visible-md {
display: table-row !important;
}
th.visible-md, td.visible-md {
display: table-cell !important;
}
.visible-md-block {
display: block !important;
}
.visible-md-inline {
display: inline !important;
}
.visible-md-inline-block {
display: inline-block !important;
}
.hidden-md {
display: none !important;
}
}
@media (min-width: 1200px) {
.col-lg-3 {
width: 25%;
}
.visible-lg {
display: block !important;
}
table.visible-lg {
display: table;
}
tr.visible-lg {
display: table-row !important;
}
th.visible-lg, td.visible-lg {
display: table-cell !important;
}
.visible-lg-block {
display: block !important;
}
.visible-lg-inline {
display: inline !important;
}
.visible-lg-inline-block {
display: inline-block !important;
}
.hidden-lg {
display: none !important;
}
}
@media (min-width: 1600px) {
.visible-lg {
display: none !important;
}
}
@media (min-width: 1600px) {
.container {
width: 1570px;
}
.col-xl-1, .col-xl-2, .col-xl-3, .col-xl-4, .col-xl-5, .col-xl-6, .col-xl-7, .col-xl-8, .col-xl-9, .col-xl-10, .col-xl-11, .col-xl-12 {
float: left;
}
.col-xl-12 {
width: 100%;
}
.col-xl-11 {
width: 91.66666667%;
}
.col-xl-10 {
width: 83.33333333%;
}
.col-xl-9 {
width: 75%;
}
.col-xl-8 {
width: 66.66666667%;
}
.col-xl-7 {
width: 58.33333333%;
}
.col-xl-6 {
width: 50%;
}
.col-xl-5 {
width: 41.66666667%;
}
.col-xl-4 {
width: 33.33333333%;
}
.col-xl-3 {
width: 25%;
}
.col-xl-2 {
width: 16.66666667%;
}
.col-xl-1 {
width: 8.33333333%;
}
.col-xl-pull-12 {
right: 100%;
}
.col-xl-pull-11 {
right: 91.66666667%;
}
.col-xl-pull-10 {
right: 83.33333333%;
}
.col-xl-pull-9 {
right: 75%;
}
.col-xl-pull-8 {
right: 66.66666667%;
}
.col-xl-pull-7 {
right: 58.33333333%;
}
.col-xl-pull-6 {
right: 50%;
}
.col-xl-pull-5 {
right: 41.66666667%;
}
.col-xl-pull-4 {
right: 33.33333333%;
}
.col-xl-pull-3 {
right: 25%;
}
.col-xl-pull-2 {
right: 16.66666667%;
}
.col-xl-pull-1 {
right: 8.33333333%;
}
.col-xl-pull-0 {
right: auto;
}
.col-xl-push-12 {
left: 100%;
}
.col-xl-push-11 {
left: 91.66666667%;
}
.col-xl-push-10 {
left: 83.33333333%;
}
.col-xl-push-9 {
left: 75%;
}
.col-xl-push-8 {
left: 66.66666667%;
}
.col-xl-push-7 {
left: 58.33333333%;
}
.col-xl-push-6 {
left: 50%;
}
.col-xl-push-5 {
left: 41.66666667%;
}
.col-xl-push-4 {
left: 33.33333333%;
}
.col-xl-push-3 {
left: 25%;
}
.col-xl-push-2 {
left: 16.66666667%;
}
.col-xl-push-1 {
left: 8.33333333%;
}
.col-xl-push-0 {
left: auto;
}
.col-xl-offset-12 {
margin-left: 100%;
}
.col-xl-offset-11 {
margin-left: 91.66666667%;
}
.col-xl-offset-10 {
margin-left: 83.33333333%;
}
.col-xl-offset-9 {
margin-left: 75%;
}
.col-xl-offset-8 {
margin-left: 66.66666667%;
}
.col-xl-offset-7 {
margin-left: 58.33333333%;
}
.col-xl-offset-6 {
margin-left: 50%;
}
.col-xl-offset-5 {
margin-left: 41.66666667%;
}
.col-xl-offset-4 {
margin-left: 33.33333333%;
}
.col-xl-offset-3 {
margin-left: 25%;
}
.col-xl-offset-2 {
margin-left: 16.66666667%;
}
.col-xl-offset-1 {
margin-left: 8.33333333%;
}
.col-xl-offset-0 {
margin-left: 0;
}
.visible-xl {
display: block !important;
}
table.visible-xl {
display: table;
}
tr.visible-xl {
display: table-row !important;
}
th.visible-xl, td.visible-xl {
display: table-cell !important;
}
.visible-xl-block {
display: block !important;
}
.visible-xl-inline {
display: inline !important;
}
.visible-xl-inline-block {
display: inline-block !important;
}
.hidden-xl {
display: none !important;
}
}
@media (min-width: 2048px) {
.visible-xl {
display: none !important;
}
}
@media (min-width: 2048px) {
.container {
width: 1570px;
}
.col-xx-1, .col-xx-2, .col-xx-3, .col-xx-4, .col-xx-5, .col-xx-6, .col-xx-7, .col-xx-8, .col-xx-9, .col-xx-10, .col-xx-11, .col-xx-12 {
float: left;
}
.col-xx-12 {
width: 100%;
}
.col-xx-11 {
width: 91.66666667%;
}
.col-xx-10 {
width: 83.33333333%;
}
.col-xx-9 {
width: 75%;
}
.col-xx-8 {
width: 66.66666667%;
}
.col-xx-7 {
width: 58.33333333%;
}
.col-xx-6 {
width: 50%;
}
.col-xx-5 {
width: 41.66666667%;
}
.col-xx-4 {
width: 33.33333333%;
}
.col-xx-3 {
width: 25%;
}
.col-xx-2 {
width: 16.66666667%;
}
.col-xx-1 {
width: 8.33333333%;
}
.col-xx-pull-12 {
right: 100%;
}
.col-xx-pull-11 {
right: 91.66666667%;
}
.col-xx-pull-10 {
right: 83.33333333%;
}
.col-xx-pull-9 {
right: 75%;
}
.col-xx-pull-8 {
right: 66.66666667%;
}
.col-xx-pull-7 {
right: 58.33333333%;
}
.col-xx-pull-6 {
right: 50%;
}
.col-xx-pull-5 {
right: 41.66666667%;
}
.col-xx-pull-4 {
right: 33.33333333%;
}
.col-xx-pull-3 {
right: 25%;
}
.col-xx-pull-2 {
right: 16.66666667%;
}
.col-xx-pull-1 {
right: 8.33333333%;
}
.col-xx-pull-0 {
right: auto;
}
.col-xx-push-12 {
left: 100%;
}
.col-xx-push-11 {
left: 91.66666667%;
}
.col-xx-push-10 {
left: 83.33333333%;
}
.col-xx-push-9 {
left: 75%;
}
.col-xx-push-8 {
left: 66.66666667%;
}
.col-xx-push-7 {
left: 58.33333333%;
}
.col-xx-push-6 {
left: 50%;
}
.col-xx-push-5 {
left: 41.66666667%;
}
.col-xx-push-4 {
left: 33.33333333%;
}
.col-xx-push-3 {
left: 25%;
}
.col-xx-push-2 {
left: 16.66666667%;
}
.col-xx-push-1 {
left: 8.33333333%;
}
.col-xx-push-0 {
left: auto;
}
.col-xx-offset-12 {
margin-left: 100%;
}
.col-xx-offset-11 {
margin-left: 91.66666667%;
}
.col-xx-offset-10 {
margin-left: 83.33333333%;
}
.col-xx-offset-9 {
margin-left: 75%;
}
.col-xx-offset-8 {
margin-left: 66.66666667%;
}
.col-xx-offset-7 {
margin-left: 58.33333333%;
}
.col-xx-offset-6 {
margin-left: 50%;
}
.col-xx-offset-5 {
margin-left: 41.66666667%;
}
.col-xx-offset-4 {
margin-left: 33.33333333%;
}
.col-xx-offset-3 {
margin-left: 25%;
}
.col-xx-offset-2 {
margin-left: 16.66666667%;
}
.col-xx-offset-1 {
margin-left: 8.33333333%;
}
.col-xx-offset-0 {
margin-left: 0;
}
.visible-xx {
display: block !important;
}
table.visible-xx {
display: table;
}
tr.visible-xx {
display: table-row !important;
}
th.visible-xx, td.visible-xx {
display: table-cell !important;
}
.visible-xx-block {
display: block !important;
}
.visible-xx-inline {
display: inline !important;
}
.visible-xx-inline-block {
display: inline-block !important;
}
.hidden-xx {
display: none !important;
}
}

1
app/assets/stylesheets/new_application.scss
View File

@ -37,6 +37,7 @@ $navbar-inverse-toggle-border-color: #ddd;
@import "bootstrap-sprockets";
@import "bootstrap";
@import "BootstrapXL";
@import "custom_bootstrap";
@import "timeline";
@import "font-awesome";

6
app/controllers/api/v1/advisories_controller.rb
View File

@ -16,7 +16,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
def create
authorize :advisory
if @build_list.can_attach_to_advisory? &&
@build_list.associate_and_create_advisory(params[:advisory]) &&
@build_list.associate_and_create_advisory(advisory_params) &&
@build_list.save
render_json_response @build_list.advisory, 'Advisory has been created successfully'
else
@ -35,6 +35,10 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
protected
def advisory_params
subject_params(Advisory)
end
def load_build_list
@build_list = BuildList.find params[:build_list_id]
authorize @build_list.save_to_platform, :local_admin_manage?

2
app/controllers/api/v1/base_controller.rb
View File

@ -85,7 +85,7 @@ class Api::V1::BaseController < ApplicationController
def update_subject(subject)
authorize subject, :update?
class_name = subject.class.name
if subject.update_attributes(params[class_name.underscore.to_sym] || {})
if subject.update_attributes(subject_params(subject.class, subject))
render_json_response subject, "#{class_name} has been updated successfully"
else
render_validation_error subject, "#{class_name} has not been updated"

14
app/controllers/api/v1/build_lists_controller.rb
View File

@ -33,13 +33,11 @@ class Api::V1::BuildListsController < Api::V1::BaseController
end
def create
bl_params = params[:build_list] || {}
save_to_repository = Repository.where(id: bl_params[:save_to_repository_id]).first
save_to_repository = Repository.find_by(id: build_list_params[:save_to_repository_id])
bl_params[:save_to_platform_id] = save_to_repository.platform_id if save_to_repository
@build_list = current_user.build_lists.new(bl_params)
@build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority
@build_list = current_user.build_lists.new(build_list_params)
@build_list.save_to_platform = save_to_repository.platform if save_to_repository
@build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority
create_subject @build_list
end
@ -79,6 +77,10 @@ class Api::V1::BuildListsController < Api::V1::BaseController
private
def build_list_params
subject_params(BuildList)
end
# Private: before_action hook which loads BuidList.
def load_build_list
@build_list = BuildList.find params[:id]

7
app/controllers/api/v1/groups_controller.rb
View File

@ -28,7 +28,8 @@ class Api::V1::GroupsController < Api::V1::BaseController
end
def create
@group = current_user.own_groups.new params[:group]
@group = current_user.own_groups.new
@group.assign_attributes(group_params)
create_subject @group
end
@ -49,6 +50,10 @@ class Api::V1::GroupsController < Api::V1::BaseController
private
def group_params
subject_params(Group, @group)
end
# Private: before_action hook which loads Group.
def load_group
@group = Group.find params[:id]

12
app/controllers/api/v1/issues_controller.rb
View File

@ -44,20 +44,14 @@ class Api::V1::IssuesController < Api::V1::BaseController
end
def create
@issue = @project.issues.new(params[:issue])
@issue = @project.issues.new
@issue.assign_attributes subject_params(Issue, @issue)
@issue.user = current_user
@issue.assignee = nil unless policy(@project).write?
create_subject @issue
end
def update
unless policy(@project).write?
params.delete :update_labels
[:assignee_id, :labelings, :labelings_attributes].each do |k|
params[:issue].delete k
end if params[:issue]
end
@issue.labelings.destroy_all if params[:update_labels]
@issue.labelings.destroy_all if params[:update_labels] && policy(@project).write?
if params[:issue] && status = params[:issue].delete(:status)
@issue.set_close(current_user) if status == 'closed'
@issue.set_open if status == 'open'

16
app/controllers/api/v1/platforms_controller.rb
View File

@ -32,17 +32,17 @@ class Api::V1::PlatformsController < Api::V1::BaseController
end
def create
platform_params = params[:platform] || {}
owner = User.where(id: platform_params[:owner_id]).first
@platform = Platform.new platform_params
pp = params[:platform] || {}
owner = User.find_by(id: pp[:owner_id])
@platform = Platform.new(platform_params)
@platform.owner = owner || get_owner
create_subject @platform
end
def update
platform_params = params[:platform] || {}
owner = User.where(id: platform_params[:owner_id]).first
platform_params[:owner] = owner if owner
pp = params[:platform] || {}
owner = User.find_by(id: pp[:owner_id])
pp[:owner] = owner if owner
update_subject @platform
end
@ -80,6 +80,10 @@ class Api::V1::PlatformsController < Api::V1::BaseController
private
def platform_params
subject_params(Platform)
end
# Private: before_action hook which loads Platform.
def load_platform
authorize @platform = Platform.find(params[:id])

6
app/controllers/api/v1/product_build_lists_controller.rb
View File

@ -17,10 +17,10 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
end
def create
@product_build_list = ProductBuildList.new(params[:product_build_list])
@product_build_list.project ||= @product_build_list.try(:product).try(:project)
@product_build_list = ProductBuildList.new subject_params(ProductBuildList)
@product_build_list.project ||= @product_build_list.try(:product).try(:project)
@product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script)
@product_build_list.params ||= @product_build_list.try(:product).try(:params)
@product_build_list.params ||= @product_build_list.try(:product).try(:params)
@product_build_list.time_living ||= @product_build_list.try(:product).try(:time_living)
create_subject @product_build_list
end

2
app/controllers/api/v1/products_controller.rb
View File

@ -5,7 +5,7 @@ class Api::V1::ProductsController < Api::V1::BaseController
before_action :load_product, except: :create
def create
create_subject @product = Product.new(params[:product])
create_subject @product = Product.new(subject_params(Product))
end
def update

2
app/controllers/api/v1/projects_controller.rb
View File

@ -31,7 +31,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
end
def create
@project = Project.new(params[:project])
@project = Project.new subject_params(Project)
p_params = params[:project] || {}
owner_type = %w(User Group).find{ |t| t == p_params[:owner_type] }
if owner_type.present?

2
app/controllers/api/v1/pull_requests_controller.rb
View File

@ -76,7 +76,7 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
authorize @pull
if pull_params.present?
attrs = pull_params.slice(:title, :body)
attrs = subject_params(PullRequest)
attrs.merge!(assignee_id: pull_params[:assignee_id]) if policy(@project).write?
if action = %w(close reopen).find{ |s| s == pull_params[:status] }

3
app/controllers/api/v1/repositories_controller.rb
View File

@ -97,8 +97,9 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
def signatures
key_pair = @repository.key_pair
key_pair.destroy if key_pair
key_pair = @repository.build_key_pair(params[:repository])
key_pair = @repository.build_key_pair subject_params(Repository, KeyPair)
key_pair.user_id = current_user.id
authorize key_pair, :create?
if key_pair.save
render_json_response @repository, 'Signatures have been updated for repository successfully'
else

8
app/controllers/api/v1/users_controller.rb
View File

@ -16,7 +16,7 @@ class Api::V1::UsersController < Api::V1::BaseController
def update
user_params = params[:user] || {}
send_confirmation = user_params[:email] != @user.email
if @user.update_without_password(user_params)
if @user.update_without_password(subject_params(User))
if send_confirmation
@user.confirmed_at, @user.confirmation_sent_at = nil
@user.send_confirmation_instructions
@ -29,7 +29,7 @@ class Api::V1::UsersController < Api::V1::BaseController
def notifiers
if request.put?
if @user.notifier.update_attributes(params[:notifiers])
if @user.notifier.update_attributes(notifier_params)
render_json_response @user, 'User notification settings have been updated successfully'
else
render_json_response @user, error_message(@user.notifier, 'User notification settings have not been updated'), 422
@ -39,6 +39,10 @@ class Api::V1::UsersController < Api::V1::BaseController
protected
def notifier_params
permit_params(:notifiers, *policy(SettingsNotifier).permitted_attributes)
end
def set_current_user
authorize @user = current_user
end

9
app/controllers/concerns/strong_params.rb
View File

@ -4,6 +4,13 @@ module StrongParams
protected
def permit_params(param_name, *accessible)
(params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten)
[param_name].flatten.inject(params.dup) do |pp, name|
pp = pp[name] || ActionController::Parameters.new
end.permit(*accessible.flatten)
end
def subject_params(subject_class, subject = nil)
permit_params(subject_class.name.underscore.to_sym, *policy(subject || subject_class).permitted_attributes)
end
end

8
app/controllers/contacts_controller.rb
View File

@ -6,7 +6,7 @@ class ContactsController < ApplicationController
end
def create
@form = Feedback.new(params[:feedback])
@form = Feedback.new(feedback_params)
if @form.perform_send
flash[:notice] = I18n.t("flash.contact.success")
redirect_to sended_contact_path
@ -19,4 +19,10 @@ class ContactsController < ApplicationController
def sended
end
private
def feedback_params
params[:feedback].permit(:name, :email, :subject, :message)
end
end

10
app/controllers/groups/profile_controller.rb
View File

@ -43,7 +43,9 @@ class Groups::ProfileController < Groups::BaseController
end
def create
authorize @group = current_user.own_groups.build(params[:group])
@group = current_user.own_groups.new
@group.assign_attributes(group_params)
authorize @group
if @group.save
flash[:notice] = t('flash.group.saved')
redirect_to group_path(@group)
@ -56,7 +58,7 @@ class Groups::ProfileController < Groups::BaseController
def update
authorize @group
if @group.update_attributes(params[:group])
if @group.update_attributes(group_params)
update_avatar(@group, params)
flash[:notice] = t('flash.group.saved')
redirect_to group_path(@group)
@ -81,6 +83,10 @@ class Groups::ProfileController < Groups::BaseController
protected
def group_params
subject_params(Group, @group)
end
def paginate_projects(page)
@projects.paginate(page: (page>0 ? page : nil), per_page: 24)
end

2
app/controllers/platforms/key_pairs_controller.rb
View File

@ -6,7 +6,7 @@ class Platforms::KeyPairsController < Platforms::BaseController
end
def create
@key_pair = KeyPair.new params[:key_pair]
@key_pair = KeyPair.new subject_params(KeyPair)
@key_pair.user_id = current_user.id
authorize @key_pair
if @key_pair.save

2
app/controllers/platforms/mass_builds_controller.rb
View File

@ -22,7 +22,7 @@ class Platforms::MassBuildsController < Platforms::BaseController
end
def create
@mass_build = @platform.mass_builds.build(params[:mass_build])
@mass_build = @platform.mass_builds.build(subject_params(MassBuild))
@mass_build.user = current_user
@mass_build.arches = params[:arches] || []
@mass_build.repositories ||= params[:repositories] || []

17
app/controllers/platforms/platforms_controller.rb
View File

@ -33,7 +33,7 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def create
authorize @platform = Platform.new(params[:platform])
authorize @platform = Platform.new(platform_params)
@admin_id = params[:admin_id]
@admin_uname = params[:admin_uname]
# FIXME: do not allow manipulate owner model, only platforms onwer_id and onwer_type
@ -53,13 +53,12 @@ class Platforms::PlatformsController < Platforms::BaseController
@admin_id = params[:admin_id]
@admin_uname = params[:admin_uname]
platform_params = params[:platform] || {}
platform_params = platform_params.slice(:description, :platform_arch_settings_attributes, :released, :automatic_metadata_regeneration, :default_branch)
platform_params[:owner] = User.find(@admin_id) if @admin_id.present?
pp = platform_params
pp[:owner] = User.find(@admin_id) if @admin_id.present?
respond_to do |format|
format.html do
if @platform.update_attributes(platform_params)
if @platform.update_attributes(pp)
flash[:notice] = I18n.t("flash.platform.saved")
redirect_to @platform
else
@ -68,7 +67,7 @@ class Platforms::PlatformsController < Platforms::BaseController
end
end
format.json do
if @platform.update_attributes(platform_params)
if @platform.update_attributes(pp)
render json: { notice: I18n.t("flash.platform.saved") }.to_json
else
render json: { error: I18n.t("flash.platform.save_error") }.to_json, status: 422
@ -108,7 +107,7 @@ class Platforms::PlatformsController < Platforms::BaseController
def make_clone
authorize @platform
@cloned = @platform.full_clone params[:platform].merge(owner: current_user)
@cloned = @platform.full_clone platform_params.merge(owner: current_user)
if @cloned.persisted?
flash[:notice] = I18n.t("flash.platform.clone_success")
redirect_to @cloned
@ -165,6 +164,10 @@ class Platforms::PlatformsController < Platforms::BaseController
private
def platform_params
subject_params(Platform)
end
# Private: before_action hook which loads Platform.
def load_platform
authorize @platform = Platform.find_cached(params[:id]), :show? if params[:id]

6
app/controllers/platforms/product_build_lists_controller.rb
View File

@ -47,7 +47,7 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
end
def create
pbl = @product.product_build_lists.new params[:product_build_list]
pbl = @product.product_build_lists.new product_build_list_params
pbl.project = @product.project
pbl.user = current_user
pbl.base_url = "http://#{request.host_with_port}"
@ -93,6 +93,10 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
protected
def product_build_list_params
subject_params(ProductBuildList)
end
def redirect_to_full_path_if_short_url
if params[:platform_id].blank? || params[:product_id].blank?
pbl = ProductBuildList.find params[:id]

8
app/controllers/platforms/products_controller.rb
View File

@ -19,7 +19,7 @@ class Platforms::ProductsController < Platforms::BaseController
end
def create
authorize @product = @platform.products.build(params[:product])
authorize @product = @platform.products.build(product_params)
if @product.save
flash[:notice] = t('flash.product.saved')
redirect_to platform_product_path(@platform, @product)
@ -31,7 +31,7 @@ class Platforms::ProductsController < Platforms::BaseController
end
def update
if @product.update_attributes(params[:product])
if @product.update_attributes(product_params)
flash[:notice] = t('flash.product.saved')
redirect_to platform_product_path(@platform, @product)
else
@ -61,6 +61,10 @@ class Platforms::ProductsController < Platforms::BaseController
private
def product_params
subject_params(Product)
end
# Private: before_action hook which loads Product.
def load_product
authorize @product = Product.find(params[:id])

8
app/controllers/platforms/repositories_controller.rb
View File

@ -25,7 +25,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
def update
authorize @repository
if @repository.update_attributes params[:repository].slice(:description, :synchronizing_publications, :publish_builds_only_from_branch).merge(publish_without_qa: (params[:repository][:publish_without_qa] || @repository.publish_without_qa))
if @repository.update_attributes(repository_params)
flash[:notice] = I18n.t("flash.repository.updated")
redirect_to platform_repository_path(@platform, @repository)
else
@ -67,7 +67,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def create
authorize @repository = @platform.repositories.build(params[:repository])
authorize @repository = @platform.repositories.build(repository_params)
if @repository.save
flash[:notice] = t('flash.repository.saved')
redirect_to platform_repository_path(@platform, @repository)
@ -175,6 +175,10 @@ class Platforms::RepositoriesController < Platforms::BaseController
protected
def repository_params
subject_params(Repository)
end
# Private: before_action hook which loads Repository.
def load_repository
authorize @repository = @platform.repositories.find(params[:id])

6
app/controllers/platforms/tokens_controller.rb
View File

@ -27,7 +27,7 @@ class Platforms::TokensController < Platforms::BaseController
end
def create
@token = @platform.tokens.build params[:token]
@token = @platform.tokens.build token_params
@token.creator = current_user
authorize @token
if @token.save
@ -42,6 +42,10 @@ class Platforms::TokensController < Platforms::BaseController
protected
def token_params
subject_params(Token)
end
# Private: before_action hook which loads Repository.
def load_token
authorize @token = @platform.tokens.find(params[:id])

53
app/controllers/projects/build_lists_controller.rb
View File

@ -52,21 +52,20 @@ class Projects::BuildListsController < Projects::BaseController
def create
notices, errors = [], []
@repository = Repository.find params[:build_list][:save_to_repository_id]
@platform = @repository.platform
@repository = Repository.find build_list_params[:save_to_repository_id]
@platform = @repository.platform
params[:build_list][:save_to_platform_id] = @platform.id
build_for_platforms = Repository.select(:platform_id).
where(id: params[:build_list][:include_repos]).group(:platform_id).map(&:platform_id)
build_lists = []
build_lists = []
build_for_platforms = Platform.joins(:repositories).where(repositories: { id: build_list_params[:include_repos] }).uniq
Arch.where(id: params[:arches]).each do |arch|
Platform.main.where(id: build_for_platforms).each do |build_for_platform|
@build_list = @project.build_lists.build(params[:build_list])
@build_list.build_for_platform = build_for_platform; @build_list.arch = arch; @build_list.user = current_user
@build_list.include_repos = @build_list.include_repos.select {|ir| @build_list.build_for_platform.repository_ids.include? ir.to_i}
@build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority
build_for_platforms.find_each do |build_for_platform|
@build_list = @project.build_lists.build(build_list_params)
@build_list.save_to_platform = @platform
@build_list.build_for_platform = build_for_platform
@build_list.arch = arch
@build_list.user = current_user
@build_list.include_repos = @build_list.include_repos.select {|ir| @build_list.build_for_platform.repository_ids.include? ir.to_i}
@build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority
flash_options = { project_version: @build_list.project_version, arch: arch.name, build_for_platform: build_for_platform.name }
authorize @build_list
@ -105,12 +104,12 @@ class Projects::BuildListsController < Projects::BaseController
if params[:attach_advisory] == 'new'
# create new advisory
unless @build_list.associate_and_create_advisory(params[:build_list][:advisory])
unless @build_list.associate_and_create_advisory(advisory_params)
redirect_to :back, notice: t('layout.build_lists.publish_fail') and return
end
else
# attach existing advisory
a = Advisory.where(advisory_id: params[:attach_advisory]).first
a = Advisory.find_by(advisory_id: params[:attach_advisory])
unless (a && a.attach_build_list(@build_list))
redirect_to :back, notice: t('layout.build_lists.publish_fail') and return
end
@ -206,6 +205,14 @@ class Projects::BuildListsController < Projects::BaseController
protected
def build_list_params
subject_params(BuildList)
end
def advisory_params
permit_params(%i(build_list advisory), *policy(Advisory).permitted_attributes)
end
# Private: before_action hook which loads BuidList.
def load_build_list
authorize @build_list =
@ -228,14 +235,14 @@ class Projects::BuildListsController < Projects::BaseController
build_list = @project.build_lists.find(params[:build_list_id])
params[:build_list] ||= {}
keys = [
:save_to_repository_id, :auto_publish_status, :include_repos,
:extra_params, :project_version, :update_type, :auto_create_container,
:extra_repositories, :extra_build_lists, :build_for_platform_id,
:use_cached_chroot, :use_extra_tests, :save_buildroot,
:include_testing_subrepository, :external_nodes
]
keys.each { |key| params[:build_list][key] = build_list.send(key) }
policy(BuildList).permitted_attributes.each do |key|
params[:build_list][key] =
if build_list.respond_to?(key)
build_list.send(key)
elsif build_list.respond_to?("#{key}?")
build_list.send("#{key}?")
end
end
params[:arches] = [build_list.arch_id]
[:owner_filter, :status_filter].each { |t| params[t] = 'true' if %w(true undefined).exclude? params[t] }
end

6
app/controllers/projects/collaborators_controller.rb
View File

@ -24,7 +24,7 @@ class Projects::CollaboratorsController < Projects::BaseController
end
def create
@collaborator = Collaborator.new(params[:collaborator])
@collaborator = Collaborator.new(collaborator_params)
@collaborator.project = @project
respond_to do |format|
if @collaborator.save
@ -62,6 +62,10 @@ class Projects::CollaboratorsController < Projects::BaseController
protected
def collaborator_params
subject_params(Collaborator)
end
def find_users
@users = @project.collaborators.order('uname')#User.all
@users = @users.without(@project.owner_id) if @project.owner_type == 'User'

8
app/controllers/projects/comments_controller.rb
View File

@ -27,7 +27,7 @@ class Projects::CommentsController < Projects::BaseController
def update
respond_to do |format|
if @comment.update_attributes(params[:comment])
if @comment.update_attributes(comment_params)
format.json { render json: {message:t('flash.comment.updated'), body: view_context.markdown(@comment.body)} }
else
format.json { render json: {message:t('flash.comment.error_in_updating')}, status: 422 }
@ -48,6 +48,10 @@ class Projects::CommentsController < Projects::BaseController
protected
def comment_params
subject_params(Comment)
end
def find_commentable
@commentable = params[:issue_id].present? && @project.issues.find_by(serial_id: params[:issue_id]) ||
params[:commit_id].present? && @project.repo.commit(params[:commit_id])
@ -55,7 +59,7 @@ class Projects::CommentsController < Projects::BaseController
def find_or_build_comment
@comment = params[:id].present? && Comment.where(automatic: false).find(params[:id]) ||
current_user.comments.build(params[:comment]) {|c| c.commentable = @commentable; c.project = @project}
current_user.comments.build(comment_params) {|c| c.commentable = @commentable; c.project = @project}
authorize @comment
end
end

8
app/controllers/projects/hooks_controller.rb
View File

@ -17,7 +17,7 @@ class Projects::HooksController < Projects::BaseController
end
def create
authorize @hook = @project.hooks.build(params[:hook])
authorize @hook = @project.hooks.build(hook_params)
if @hook.save
redirect_to project_hooks_path(@project, name: @hook.name), notice: t('flash.hook.created')
else
@ -28,7 +28,7 @@ class Projects::HooksController < Projects::BaseController
end
def update
if @hook.update_attributes(params[:hook])
if @hook.update_attributes(hook_params)
redirect_to project_hooks_path(@project, name: @hook.name), notice: t('flash.hook.updated')
else
flash[:error] = t('flash.hook.save_error')
@ -44,6 +44,10 @@ class Projects::HooksController < Projects::BaseController
private
def hook_params
subject_params(Hook)
end
# Private: before_action hook which loads Hook.
def load_hook
authorize @hook = @project.hooks.find(params[:id])

22
app/controllers/projects/issues_controller.rb
View File

@ -79,13 +79,10 @@ class Projects::IssuesController < Projects::BaseController
end
def create
@issue = @project.issues.build(params[:issue])
@issue.user_id = current_user.id
@issue = @project.issues.new
@issue.assign_attributes(issue_params)
@issue.user = current_user
unless policy(@project).write?
@issue.assignee_id = nil
@issue.labelings = []
end
authorize @issue
if @issue.save
@issue.subscribe_creator(current_user.id)
@ -108,19 +105,12 @@ class Projects::IssuesController < Projects::BaseController
format.json {
status = 200
unless policy(@project).write?
params.delete :update_labels
[:assignee_id, :labelings, :labelings_attributes].each do |k|
params[:issue].delete k
end if params[:issue]
end
if params[:issue] && status = params[:issue][:status]
@issue.set_close(current_user) if status == 'closed'
@issue.set_open if status == 'open'
status = @issue.save ? 200 : 500
else
status = 422 unless @issue.update_attributes(params[:issue])
status = 422 unless @issue.update_attributes(issue_params)
end
render status: status
}
@ -169,6 +159,10 @@ class Projects::IssuesController < Projects::BaseController
private
def issue_params
subject_params(Issue, @issue)
end
# Private: before_action hook which loads Issue.
def load_issue
authorize @issue = @project.issues.find_by!(serial_id: params[:id])

17
app/controllers/projects/projects_controller.rb
View File

@ -34,7 +34,7 @@ class Projects::ProjectsController < Projects::BaseController
end
def run_mass_import
@project = Project.new params[:project]
@project = Project.new project_params
@project.owner = choose_owner
authorize @project
@project.valid?
@ -54,7 +54,7 @@ class Projects::ProjectsController < Projects::BaseController
end
def create
@project = Project.new params[:project]
@project = Project.new project_params
@project.owner = choose_owner
authorize @project
@ -73,18 +73,17 @@ class Projects::ProjectsController < Projects::BaseController
params[:project].delete(:maintainer_id) if params[:project][:maintainer_id].blank?
respond_to do |format|
format.html do
if @project.update_attributes(params[:project])
if @project.update_attributes(project_params)
flash[:notice] = t('flash.project.saved')
redirect_to @project
else
@project.save
flash[:error] = t('flash.project.save_error')
flash[:warning] = @project.errors.full_messages.join('. ')
render action: :edit
end
end
format.json do
if @project.update_attributes(params[:project])
if @project.update_attributes(project_params)
render json: { notice: I18n.t('flash.project.saved') }
else
render json: { error: I18n.t('flash.project.save_error') }, status: 422
@ -95,7 +94,7 @@ class Projects::ProjectsController < Projects::BaseController
def schedule
authorize @project
p_to_r = @project.project_to_repositories.where(repository_id: params[:repository_id]).first
p_to_r = @project.project_to_repositories.find_by(repository_id: params[:repository_id])
unless p_to_r.repository.publish_without_qa
authorize p_to_r.repository.platform, :local_admin_manage?
end
@ -143,7 +142,7 @@ class Projects::ProjectsController < Projects::BaseController
def sections
authorize @project, :update?
if request.patch?
if @project.update_attributes(params[:project])
if @project.update_attributes(project_params)
flash[:notice] = t('flash.project.saved')
redirect_to sections_project_path(@project)
else
@ -192,6 +191,10 @@ class Projects::ProjectsController < Projects::BaseController
protected
def project_params
subject_params(Project)
end
def who_owns
@who_owns = (@project.try(:owner_type) == 'User' ? :me : :group)
end

4
app/controllers/projects/pull_requests_controller.rb
View File

@ -34,7 +34,7 @@ class Projects::PullRequestsController < Projects::BaseController
to_project = find_destination_project
authorize to_project, :show?
@pull = to_project.pull_requests.new pull_params
@pull = to_project.pull_requests.build pull_params
@issue = @pull.issue
@pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if policy(to_project).write?
@pull.issue.user, @pull.issue.project, @pull.from_project = current_user, to_project, @project
@ -131,7 +131,7 @@ class Projects::PullRequestsController < Projects::BaseController
end
def pull_params
@pull_params ||= params[:pull_request].presence
@pull_params ||= subject_params(PullRequest).presence
end
def json_for_autocomplete_base items

22
app/controllers/users/settings_controller.rb
View File

@ -7,7 +7,7 @@ class Users::SettingsController < Users::BaseController
def profile
if request.patch?
send_confirmation = params[:user][:email] != @user.email
if @user.update_without_password(params[:user])
if @user.update_without_password(user_params)
update_avatar(@user, params)
if send_confirmation
@user.confirmed_at = @user.confirmation_sent_at = nil
@ -29,7 +29,7 @@ class Users::SettingsController < Users::BaseController
def private
if request.patch?
if @user.update_with_password(params[:user])
if @user.update_with_password(user_params)
flash[:notice] = t('flash.user.saved')
redirect_to private_settings_path and return
end
@ -40,7 +40,7 @@ class Users::SettingsController < Users::BaseController
def notifiers
if request.patch?
if @user.notifier.update_attributes(params[:settings_notifier])
if @user.notifier.update_attributes(settings_notifier_params)
flash[:notice] = I18n.t("flash.settings.saved")
redirect_to notifiers_settings_path and return
end
@ -51,7 +51,7 @@ class Users::SettingsController < Users::BaseController
def builds_settings
@user.builds_setting ||= @user.build_builds_setting
if request.patch?
if @user.builds_setting.update_attributes(params[:user_builds_setting])
if @user.builds_setting.update_attributes(user_builds_setting_params)
flash[:notice] = I18n.t("flash.settings.saved")
redirect_to builds_settings_settings_path and return
end
@ -59,4 +59,18 @@ class Users::SettingsController < Users::BaseController
end
end
private
def settings_notifier_params
subject_params(SettingsNotifier)
end
def user_params
subject_params(User)
end
def user_builds_setting_params
subject_params(UserBuildsSetting)
end
end

8
app/controllers/users/ssh_keys_controller.rb
View File

@ -8,7 +8,7 @@ class Users::SshKeysController < Users::BaseController
end
def create
@ssh_key = current_user.ssh_keys.new params[:ssh_key]
@ssh_key = current_user.ssh_keys.new ssh_key_params
if @ssh_key.save
flash[:notice] = t 'flash.ssh_keys.saved'
@ -29,4 +29,10 @@ class Users::SshKeysController < Users::BaseController
redirect_to ssh_keys_path
end
private
def ssh_key_params
subject_params(SshKey)
end
end

2
app/models/activity_feed.rb
View File

@ -9,8 +9,6 @@ class ActivityFeed < ActiveRecord::Base
belongs_to :creator, class_name: 'User'
serialize :data
attr_accessible :user, :kind, :data, :project_owner, :project_name, :creator_id
default_scope { order created_at: :desc }
scope :outdated, -> { offset(1000) }
scope :by_project_name, ->(name) { where(project_name: name) if name.present? }

2
app/models/advisory.rb
View File

@ -12,8 +12,6 @@ class Advisory < ActiveRecord::Base
after_create :generate_advisory_id
before_save :normalize_references, if: :references_changed?
attr_accessible :description, :references
ID_TEMPLATE = 'ROSA-%<type>s-%<year>d:%<id>04d'
ID_STRING_TEMPLATE = 'ROSA-%<type>s-%<year>04s:%<id>04s'
TYPES = {'security' => 'SA', 'bugfix' => 'A'}

2
app/models/avatar.rb
View File

@ -15,6 +15,4 @@ class Avatar < ActiveRecord::Base
validates_attachment_size :avatar, less_than_or_equal_to: MAX_AVATAR_SIZE
validates_attachment_content_type :avatar, content_type: /\Aimage/
validates_attachment_file_name :avatar, matches: [ /(png|jpe?g|gif|bmp|tif?f)\z/i ]
attr_accessible :avatar
end

7
app/models/build_list.rb
View File

@ -88,13 +88,6 @@ class BuildList < ActiveRecord::Base
before_validation :prepare_extra_params, on: :create
before_validation :prepare_auto_publish_status, on: :create
attr_accessible :include_repos, :auto_publish, :build_for_platform_id, :commit_hash,
:arch_id, :project_id, :save_to_repository_id, :update_type,
:save_to_platform_id, :project_version, :auto_create_container,
:extra_repositories, :extra_build_lists, :extra_params,
:include_testing_subrepository, :auto_publish_status,
:use_cached_chroot, :use_extra_tests, :save_buildroot
LIVE_TIME = 4.week # for unpublished
MAX_LIVE_TIME = 3.month # for published
STATUSES, HUMAN_STATUSES = [], {}

2
app/models/build_list/item.rb
View File

@ -2,7 +2,7 @@ class BuildList::Item < ActiveRecord::Base
belongs_to :build_list, touch: true
attr_protected :build_list_id
# attr_protected :build_list_id
GIT_ERROR = 5

2
app/models/build_list/package.rb
View File

@ -7,8 +7,6 @@ class BuildList::Package < ActiveRecord::Base
serialize :dependent_packages, Array
attr_accessible :fullname, :name, :release, :version, :sha1, :epoch, :dependent_packages
validates :build_list, :build_list_id, :project, :project_id,
:platform, :platform_id, :fullname,
:package_type, :name, :release, :version,

1
app/models/build_script.rb
View File

@ -18,7 +18,6 @@ class BuildScript < ActiveRecord::Base
before_validation :attach_project
attr_writer :project_name
attr_accessible :project_name, :treeish, :commit, :sha1, :status
state_machine :status, initial: :active do
event(:disable) { transition active: :blocked }

5
app/models/collaborator.rb
View File

@ -2,14 +2,11 @@ class Collaborator
include ActiveModel::Conversion
include ActiveModel::Validations
include ActiveModel::Serializers::JSON
include ActiveModel::MassAssignmentSecurity
extend ActiveModel::Naming
attr_accessor :role, :actor, :project, :relation
attr_reader :id, :actor_id, :actor_type, :actor_name, :project_id
attr_accessible :role
delegate :new_record?, to: :relation
class << self
@ -56,7 +53,7 @@ class Collaborator
end
def update_attributes(attributes, options = {})
sanitize_for_mass_assignment(attributes, options[:as]).each_pair do |k, v|
attributes.each_pair do |k, v|
send("#{k}=", v)
end
save

2
app/models/comment.rb
View File

@ -22,8 +22,6 @@ class Comment < ActiveRecord::Base
after_create :subscribe_on_reply, unless: ->(c) { c.commit_comment? }
after_create :subscribe_users
attr_accessible :body, :data
def commentable
commit_comment? ? project.repo.commit(Comment.hex_to_commit_hash commentable_id) : super
end

2
app/models/concerns/autostart.rb
View File

@ -15,8 +15,6 @@ module Autostart
included do
validates :autostart_status, numericality: true,
inclusion: {in: AUTOSTART_STATUSES}, allow_blank: true
attr_accessible :autostart_status
end
def human_autostart_status

2
app/models/concerns/build_list_observer.rb
View File

@ -37,7 +37,7 @@ module BuildListObserver
end
build_count = statistic.build_count.to_i
new_av_time = ( statistic.average_build_time * build_count + duration.to_i ) / ( build_count + 1 )
statistic.update_attributes({average_build_time: new_av_time, build_count: build_count + 1}, without_protection: true)
statistic.update_attributes(average_build_time: new_av_time, build_count: build_count + 1)
end
end
end

2
app/models/concerns/default_branchable.rb
View File

@ -4,8 +4,6 @@ module DefaultBranchable
included do
validates :default_branch,
length: { maximum: 100 }
attr_accessible :default_branch
end
end

3
app/models/concerns/external_nodable.rb
View File

@ -7,9 +7,6 @@ module ExternalNodable
validates :external_nodes,
inclusion: { in: EXTERNAL_NODES },
allow_blank: true
attr_accessible :external_nodes
end
end

60
app/models/concerns/feed/comment.rb
View File

@ -17,22 +17,20 @@ module Feed::Comment
if can_notify_on_new_comment?(subscribe)
UserMailer.new_comment_notification(self, subscribe.user_id).deliver unless own_comment?(subscribe.user)
ActivityFeed.create(
{
user_id: subscribe.user_id,
kind: 'new_comment_notification',
project_owner: project.owner_uname,
project_name: project.name,
creator_id: user_id,
data: {
creator_name: user.name,
creator_email: user.email,
comment_body: body.truncate(100, omission: '…'),
issue_title: commentable.title,
issue_serial_id: commentable.serial_id,
project_id: commentable.project.id,
comment_id: id
}
}, without_protection: true
user_id: subscribe.user_id,
kind: 'new_comment_notification',
project_owner: project.owner_uname,
project_name: project.name,
creator_id: user_id,
data: {
creator_name: user.name,
creator_email: user.email,
comment_body: body.truncate(100, omission: '…'),
issue_title: commentable.title,
issue_serial_id: commentable.serial_id,
project_id: commentable.project.id,
comment_id: id
}
)
end
end
@ -46,23 +44,21 @@ module Feed::Comment
UserMailer.new_comment_notification(self, subscribe.user_id).deliver
end
ActivityFeed.create(
{
user_id: subscribe.user_id,
kind: 'new_comment_commit_notification',
project_owner: project.owner_uname,
project_name: project.name,
creator_id: user_id,
data: {
creator_name: user.name,
creator_email: user.email,
user_id: subscribe.user_id,
kind: 'new_comment_commit_notification',
project_owner: project.owner_uname,
project_name: project.name,
creator_id: user_id,
data: {
creator_name: user.name,
creator_email: user.email,
comment_body: body.truncate(100, omission: '…'),
commit_message: commentable.message.truncate(70, omission: '…'),
commit_id: commentable.id,
project_id: project.id,
comment_id: id
}
}, without_protection: true
comment_body: body.truncate(100, omission: '…'),
commit_message: commentable.message.truncate(70, omission: '…'),
commit_id: commentable.id,
project_id: project.id,
comment_id: id
}
)
end
end

2
app/models/concerns/product_build_lists/statusable.rb
View File

@ -41,8 +41,6 @@ module ProductBuildLists::Statusable
presence: true,
inclusion: { in: STATUSES }
attr_accessible :status
before_destroy :can_destroy?
state_machine :status, initial: :build_pending do

1
app/models/concerns/time_living.rb
View File

@ -18,7 +18,6 @@ module TimeLiving
}
before_validation :convert_time_living
attr_accessible :time_living
end
protected

1
app/models/event_log.rb
View File

@ -12,7 +12,6 @@ class EventLog < ActiveRecord::Base
self.eventable_name ||= eventable.name if eventable.respond_to?(:name)
end
# after_create { self.class.current_controller = nil }
attr_accessible :kind, :message, :eventable, :eventable_name
class << self
def create_with_current_controller(attributes)

5
app/models/feedback.rb
View File

@ -5,15 +5,12 @@ class Feedback
include ActiveModel::Conversion
include ActiveModel::Validations
include ActiveModel::Serializers::JSON
include ActiveModel::MassAssignmentSecurity
extend ActiveModel::Naming
self.include_root_in_json = false
attr_accessor :name, :email, :subject, :message
attr_accessible :name, :email, :subject, :message
validates :name, :subject, :message, presence: true
validates :email, presence: true,
format: { with: /\A[^@]+@([^@\.]+\.)+[^@\.]+\z/,
@ -24,7 +21,7 @@ class Feedback
if args.respond_to? :name and args.respond_to? :email
self.name, self.email = args.name, args.email
elsif args.respond_to? :each_pair
sanitize_for_mass_assignment(args, options[:as]).each_pair do |k, v|
args.each_pair do |k, v|
send("#{k}=", v)
end
else

2
app/models/flash_notify.rb
View File

@ -8,8 +8,6 @@ class FlashNotify < ActiveRecord::Base
validates :status, inclusion: {in: STATUSES}
validates :body_ru, :body_en, :status, presence: true
attr_accessible :body_ru, :body_en, :status, :published
def hash_id
@digest ||= Digest::MD5.hexdigest("#{self.id}-#{self.updated_at}")
end

1
app/models/group.rb
View File

@ -32,7 +32,6 @@ class Group < Avatar
joins(:actors).where('relations.role' => ['admin', 'writer'], 'relations.actor_id' => actor.id, 'relations.actor_type' => 'User')
}
attr_accessible :uname, :description, :delete_avatar
attr_readonly :uname
attr_accessor :delete_avatar

2
app/models/hook.rb
View File

@ -9,8 +9,6 @@ class Hook < ActiveRecord::Base
validates :project, :data, presence: true
validates :name, presence: true, inclusion: {in: NAMES}
attr_accessible :data, :name
serialize :data, Hash
scope :for_name, ->(name) { where(name: name) if name.present? }

3
app/models/issue.rb
View File

@ -47,9 +47,8 @@ class Issue < ActiveRecord::Base
before_create :update_statistic
before_update :update_statistic
attr_accessible :labelings_attributes, :title, :body, :assignee_id
accepts_nested_attributes_for :labelings,
reject_if: lambda {|attributes| attributes['label_id'].blank?},
reject_if: -> (attributes) { attributes['label_id'].blank? },
allow_destroy: true
scope :opened, -> { where(status: [STATUS_OPEN, STATUS_REOPEN]) }

1
app/models/key_pair.rb
View File

@ -4,7 +4,6 @@ class KeyPair < ActiveRecord::Base
belongs_to :user
attr_accessor :fingerprint
attr_accessible :public, :secret, :repository_id
attr_encrypted :secret, key: APP_CONFIG['keys']['key_pair_secret_key']
validates :repository, :user, presence: true

2
app/models/label.rb
View File

@ -8,6 +8,4 @@ class Label < ActiveRecord::Base
validates :color, presence: true
validates :color, format: { with: /\A([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})\z/, message: I18n.t('layout.issues.invalid_labels') }
attr_accessible :name, :color
end

2
app/models/labeling.rb
View File

@ -1,6 +1,4 @@
class Labeling < ActiveRecord::Base
belongs_to :issue
belongs_to :label
attr_accessible :id, :label_id
end

4
app/models/mass_build.rb
View File

@ -45,10 +45,6 @@ class MassBuild < ActiveRecord::Base
scope :search, -> (q) { where("#{table_name}.description ILIKE ?", "%#{q}%") if q.present? }
attr_accessor :arches, :repositories
attr_accessible :arches, :auto_publish_status, :projects_list, :build_for_platform_id,
:extra_repositories, :extra_build_lists, :increase_release_tag,
:use_cached_chroot, :use_extra_tests, :description, :extra_mass_builds,
:include_testing_subrepository, :auto_create_container, :repositories
validates :save_to_platform_id,
:build_for_platform_id,

2
app/models/node_instruction.rb
View File

@ -23,8 +23,6 @@ class NodeInstruction < ActiveRecord::Base
errors.add(:status, 'Can be only single active instruction for each node') if !disabled? && NodeInstruction.duplicate(id.to_i, user_id).exists?
}
attr_accessible :instruction, :user_id, :output, :status
state_machine :status, initial: :ready do
after_transition(on: :restart) do |instruction, transition|

12
app/models/platform.rb
View File

@ -98,18 +98,6 @@ class Platform < ActiveRecord::Base
after_destroy -> { remove_symlink_directory unless hidden? }
accepts_nested_attributes_for :platform_arch_settings, allow_destroy: true
attr_accessible :name,
:distrib_type,
:parent_platform_id,
:platform_type,
:owner,
:visibility,
:description,
:released,
:platform_arch_settings_attributes,
:automatic_metadata_regeneration,
:admin_id,
:term
attr_accessor :admin_id, :term

2
app/models/platform_arch_setting.rb
View File

@ -15,6 +15,4 @@ class PlatformArchSetting < ActiveRecord::Base
scope :by_arch, ->(arch) { where(arch_id: arch) if arch.present? }
scope :by_default, -> { where(default: true) }
attr_accessible :arch_id, :platform_id, :default
end

7
app/models/product.rb
View File

@ -16,13 +16,6 @@ class Product < ActiveRecord::Base
scope :recent, -> { order(:name) }
attr_accessible :name,
:description,
:project_id,
:main_script,
:params,
:platform_id,
:project_version
attr_readonly :platform_id
def full_clone(attrs = {})

10
app/models/product_build_list.rb
View File

@ -28,16 +28,6 @@ class ProductBuildList < ActiveRecord::Base
validates :main_script, :params, length: { maximum: 255 }
attr_accessor :base_url, :product_name
attr_accessible :base_url,
:branch,
:project_id,
:main_script,
:params,
:project_version,
:commit_hash,
:product_id,
:not_delete,
:product_name
attr_readonly :product_id
serialize :results, Array

4
app/models/project.rb
View File

@ -62,10 +62,6 @@ class Project < ActiveRecord::Base
errors.delete :project_to_repositories
end
attr_accessible :name, :description, :visibility, :srpm, :is_package,
:has_issues, :has_wiki, :maintainer_id, :publish_i686_into_x86_64,
:url, :srpms_list, :mass_import, :add_to_repository_id, :architecture_dependent,
:autostart_status
attr_readonly :owner_id, :owner_type
before_validation :truncate_name, on: :create

2
app/models/project_statistic.rb
View File

@ -5,6 +5,4 @@ class ProjectStatistic < ActiveRecord::Base
validates :arch, :project, :average_build_time, :build_count, presence: true
validates :project_id, uniqueness: { scope: :arch_id }
attr_accessible :average_build_time, :build_count
end

2
app/models/project_tag.rb
View File

@ -11,8 +11,6 @@ class ProjectTag < ActiveRecord::Base
validates :project, :commit_id, :sha1, :tag_name, :format_id, presence: true
validates :project_id, uniqueness: { scope: [:tag_name, :format_id] }
attr_accessible :project_id, :commit_id, :sha1, :tag_name, :format_id
def sha1_of_file_store_files
[sha1]
end

2
app/models/project_to_repository.rb
View File

@ -12,8 +12,6 @@ class ProjectToRepository < ActiveRecord::Base
validate :one_project_in_platform_repositories, on: :create
attr_accessible :project, :project_id
AUTOSTART_OPTIONS.each do |field|
store_accessor :autostart_options, field
end

1
app/models/pull_request.rb
View File

@ -49,7 +49,6 @@ class PullRequest < ActiveRecord::Base
after_destroy :clean_dir
accepts_nested_attributes_for :issue
attr_accessible :issue_attributes, :to_ref, :from_ref
scope :needed_checking, -> { includes(:issue).where(issues: { status: [STATUS_OPEN, STATUS_BLOCKED, STATUS_READY] }) }
scope :not_closed_or_merged, -> { needed_checking }

2
app/models/relation.rb
View File

@ -15,8 +15,6 @@ class Relation < ActiveRecord::Base
# validate { errors.add(:actor, :taken) if Relation.where(actor_type: self.actor_type, actor_id: self.actor_id).present? }
before_validation :add_default_role
attr_accessible :actor_id, :actor_type, :target_id, :target_type, :actor, :target, :role
scope :by_user_through_groups, ->(u) {
where("actor_type = 'User' AND actor_id = ? OR actor_type = 'Group' AND actor_id IN (?)", u.id, u.group_ids)
}

7
app/models/repository.rb
View File

@ -36,13 +36,6 @@ class Repository < ActiveRecord::Base
before_destroy :detele_directory
attr_accessible :name,
:description,
:publish_without_qa,
:synchronizing_publications,
:publish_builds_only_from_branch,
:build_for_platform_id
attr_readonly :name, :platform_id
attr_accessor :projects_list, :build_for_platform_id

2
app/models/repository_status.rb
View File

@ -31,8 +31,6 @@ class RepositoryStatus < ActiveRecord::Base
validates :repository, :platform, presence: true
validates :repository_id, uniqueness: { scope: :platform_id }
attr_accessible :platform_id, :repository_id
scope :platform_ready, -> { where(platforms: {status: READY}).joins(:platform) }
scope :for_regeneration, -> { where(status: WAITING_FOR_REGENERATION) }
scope :for_resign, -> { where(status: [WAITING_FOR_RESIGN, WAITING_FOR_RESIGN_AND_REGENERATION]) }

12
app/models/settings_notifier.rb
View File

@ -3,16 +3,4 @@ class SettingsNotifier < ActiveRecord::Base
validates :user, presence: true
attr_accessible :can_notify,
:update_code,
:new_comment_commit_owner,
:new_comment_commit_repo_owner,
:new_comment_commit_commentor,
:new_comment,
:new_comment_reply,
:new_issue,
:issue_assign,
:new_build,
:new_associated_build
end

1
app/models/ssh_key.rb
View File

@ -5,7 +5,6 @@ class SshKey < ActiveRecord::Base
SHELL_KEY_COMMAND = "sudo -i -u #{APP_CONFIG['shell_user']} ~#{APP_CONFIG['shell_user']}/gitlab-shell/bin/gitlab-keys"
belongs_to :user
attr_accessible :key, :name
before_validation -> { self.key = key.strip if key.present? }
before_validation :set_fingerprint

8
app/models/statistic.rb
View File

@ -41,14 +41,6 @@ class Statistic < ActiveRecord::Base
validates :activity_at,
presence: true
attr_accessible :user_id,
:email,
:project_id,
:project_name_with_owner,
:key,
:counter,
:activity_at
scope :for_period, -> (start_date, end_date) {
where(activity_at: (start_date..end_date))
}

3
app/models/subscribe.rb
View File

@ -3,7 +3,6 @@ class Subscribe < ActiveRecord::Base
belongs_to :user
belongs_to :project
attr_accessible :status, :user_id
validates :user, presence: true
def commit_subscribe?
@ -38,7 +37,7 @@ class Subscribe < ActiveRecord::Base
if subscribe = Subscribe.where(options).first
subscribe.update_attributes(status: status)
else
Subscribe.create(options.merge(status: status), without_protection: true)
Subscribe.create options.merge(status: status)
end
end

2
app/models/token.rb
View File

@ -12,8 +12,6 @@ class Token < ActiveRecord::Base
before_validation :generate_token, on: :create
attr_accessible :description
state_machine :status, initial: :active do
event :block do
transition [:active, :blocked] => :blocked

2
app/models/user.rb
View File

@ -56,8 +56,6 @@ class User < Avatar
validates :role, inclusion: { in: EXTENDED_ROLES }, allow_blank: true
validates :language, inclusion: { in: LANGUAGES }, allow_blank: true
attr_accessible :email, :password, :password_confirmation, :current_password, :remember_me, :login, :name, :uname, :language,
:site, :company, :professional_experience, :location, :sound_notifications, :hide_email, :delete_avatar
attr_readonly :uname
attr_accessor :login, :delete_avatar

2
app/models/user_builds_setting.rb
View File

@ -5,6 +5,4 @@ class UserBuildsSetting < ActiveRecord::Base
validates :user, presence: true
attr_accessible :platforms
end

10
app/policies/advisory_policy.rb
View File

@ -11,4 +11,14 @@ class AdvisoryPolicy < ApplicationPolicy
end
alias_method :update?, :create?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
description
references
)
end
end

31
app/policies/build_list_policy.rb
View File

@ -57,6 +57,37 @@ class BuildListPolicy < ApplicationPolicy
ProjectPolicy.new(user, record.project).write?
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
pa = %i(
arch_id
auto_create_container
auto_publish
auto_publish_status
build_for_platform_id
commit_hash
external_nodes
include_testing_subrepository
project_id
project_version
save_buildroot
save_to_platform_id
save_to_repository_id
update_type
use_cached_chroot
use_extra_tests
)
pa << {
include_repos: [],
extra_build_lists: [],
extra_repositories: [],
extra_params: BuildList::EXTRA_PARAMS,
}
pa
end
class Scope < Scope
def read

10
app/policies/collaborator_policy.rb Normal file
View File

@ -0,0 +1,10 @@
class CollaboratorPolicy < ApplicationPolicy
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(role actor_id actor_type)
end
end

7
app/policies/comment_policy.rb
View File

@ -11,4 +11,11 @@ class CommentPolicy < ApplicationPolicy
end
alias_method :destroy?, :update?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(body data)
end
end

9
app/policies/group_policy.rb
View File

@ -32,6 +32,15 @@ class GroupPolicy < ApplicationPolicy
!user.guest? && ( is_admin? || owner? )
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
pa = %i(avatar description delete_avatar default_branch)
pa << :uname if record.new_record?
pa
end
class Scope < Scope
def show
scope

7
app/policies/hook_policy.rb
View File

@ -8,4 +8,11 @@ class HookPolicy < ApplicationPolicy
alias_method :destroy?, :show?
alias_method :update?, :show?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(data name)
end
end

13
app/policies/issue_policy.rb
View File

@ -18,4 +18,17 @@ class IssuePolicy < ApplicationPolicy
is_admin? || record.user_id == user.id || local_admin?(record.project)
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
pa = %i(title body)
if ProjectPolicy.new(user, record.project).write?
pa << :assignee_id
pa << { labelings_attributes: %i(id name color label_id _destroy) }
pa << { labelings: [] }
end
pa
end
end

7
app/policies/key_pair_policy.rb
View File

@ -6,4 +6,11 @@ class KeyPairPolicy < ApplicationPolicy
end
alias_method :destroy?, :create?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(public secret repository_id)
end
end

23
app/policies/mass_build_policy.rb
View File

@ -15,4 +15,27 @@ class MassBuildPolicy < ApplicationPolicy
!record.stop_build && create?
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
arches
auto_create_container
auto_publish_status
build_for_platform_id
description
external_nodes
extra_build_lists
extra_mass_builds
extra_repositories
include_testing_subrepository
increase_release_tag
projects_list
repositories
use_cached_chroot
use_extra_tests
)
end
end

22
app/policies/platform_policy.rb
View File

@ -62,6 +62,28 @@ class PlatformPolicy < ApplicationPolicy
record.personal? && ( is_admin? || owner? )
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
admin_id
automatic_metadata_regeneration
default_branch
description
distrib_type
name
owner
parent_platform_id
platform_type
released
term
visibility
) + [
platform_arch_settings_attributes: %i(id arch_id platform_id default time_living)
]
end
class Scope < Scope
def related

20
app/policies/product_build_list_policy.rb
View File

@ -24,4 +24,24 @@ class ProductBuildListPolicy < ApplicationPolicy
is_admin? || ProductPolicy.new(user, record.product).destroy?
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
base_url
branch
commit_hash
main_script
not_delete
params
product_id
product_name
project_id
project_version
status
time_living
)
end
end

17
app/policies/product_policy.rb
View File

@ -17,4 +17,21 @@ class ProductPolicy < ApplicationPolicy
alias_method :destroy?, :create?
alias_method :update?, :create?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
autostart_status
description
main_script
name
params
platform_id
project_id
project_version
time_living
)
end
end

24
app/policies/project_policy.rb
View File

@ -71,6 +71,30 @@ class ProjectPolicy < ApplicationPolicy
true
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
add_to_repository_id
architecture_dependent
autostart_status
default_branch
description
has_issues
has_wiki
is_package
maintainer_id
mass_import
name
publish_i686_into_x86_64
srpm
srpms_list
url
visibility
)
end
class Scope < Scope
def membered

12
app/policies/pull_request_policy.rb
View File

@ -22,4 +22,16 @@ class PullRequestPolicy < ApplicationPolicy
is_admin? || local_writer?(record.to_project)
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
body
from_ref
title
to_ref
) + [ issue_attributes: %i(title body) ]
end
end

14
app/policies/repository_policy.rb
View File

@ -54,6 +54,20 @@ class RepositoryPolicy < ApplicationPolicy
end
alias_method :remove_repo_lock_file?, :add_repo_lock_file?
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
name
description
publish_without_qa
synchronizing_publications
publish_builds_only_from_branch
build_for_platform_id
)
end
private
# Public: Get user ids of repository.

22
app/policies/settings_notifier_policy.rb Normal file
View File

@ -0,0 +1,22 @@
class SettingsNotifierPolicy < ApplicationPolicy
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
%i(
can_notify
update_code
new_comment_commit_owner
new_comment_commit_repo_owner
new_comment_commit_commentor
new_comment
new_comment_reply
new_issue
issue_assign
new_build
new_associated_build
)
end
end

Some files were not shown because too many files have changed in this diff Show More