Merge branch 'feature/authorization' of /home/git/repositories/gitlab/gitlab-ci

Author: dzaporozhets

Gemfile

@@ -74,6 +74,7 @@ group :development, :test do
   gem 'pry'
   gem 'rspec-rails'
   gem 'capybara'
+  gem 'poltergeist'
   gem 'factory_girl_rails'
   gem "ffaker"
 

Gemfile.lock

@@ -64,13 +64,16 @@ GEM
     diff-lcs (1.2.4)
     dotenv (0.7.0)
     erubis (2.7.0)
+    eventmachine (1.0.3)
     execjs (1.4.0)
       multi_json (~> 1.0)
     factory_girl (4.2.0)
       activesupport (>= 3.0.0)
     factory_girl_rails (4.2.1)
       factory_girl (~> 4.2.0)
       railties (>= 3.0.0)
+    faye-websocket (0.4.7)
+      eventmachine (>= 0.12.0)
     ffaker (1.16.1)
     ffi (1.8.1)
     font-awesome-sass-rails (3.0.2.2)
@@ -113,6 +116,7 @@ GEM
       railties (>= 3.1, < 4.1)
     hashie (2.0.5)
     hike (1.2.3)
+    http_parser.rb (0.5.3)
     httparty (0.11.0)
       multi_json (~> 1.0)
       multi_xml (>= 0.5.2)
@@ -142,6 +146,10 @@ GEM
     mysql2 (0.3.11)
     nokogiri (1.5.9)
     pg (0.15.1)
+    poltergeist (1.3.0)
+      capybara (~> 2.1.0)
+      faye-websocket (>= 0.4.4, < 0.5.0)
+      http_parser.rb (~> 0.5.3)
     polyglot (0.3.3)
     pry (0.9.12.2)
       coderay (~> 1.0.5)
@@ -289,6 +297,7 @@ DEPENDENCIES
   minitest (= 4.3.2)
   mysql2
   pg
+  poltergeist
   pry
   puma (~> 2.3.2)
   quiet_assets

VERSION

@@ -1 +1 @@
-3.1.0
+3.2.0.pre

app/assets/javascripts/application.js.coffee

@@ -17,6 +17,9 @@
 #
 
 $ ->
+  $('.sync-now').on 'click', ->
+    alert(1)
+    $(this).addClass('icon-spin')
   $('.edit-runner-link').on 'click', ->
     descr = $(this).closest('.runner-description').first()
     descr.hide()

app/assets/javascripts/projects.js.coffee

@@ -1,3 +1,6 @@
-$(document).ready ->
+$ ->
   $('.badge-codes-toggle').on 'click', ->
     $('.badge-codes-block').toggle()
+
+  $('body').on 'click', '.sync-now', ->
+    $(this).find('i').addClass('icon-spin')

app/assets/stylesheets/main.scss

@@ -161,9 +161,10 @@ fieldset {
   font-size: 18px;
 }
 
-h3 {
-  font-weight: normal;
-  color: #666;
+h1, h2, h3, h4, h5, h6 {
+  font-weight: 500;
+  line-height: 1.1;
+  color: #555;
 }
 
 .profile-holder {
@@ -246,3 +247,21 @@ td form {
     background: #f9f9f9;
   }
 }
+
+.well-list {
+  @extend .unstyled;
+  li {
+    padding: 6px 0;
+    border-bottom: 1px solid #EEE;
+
+    form {
+      margin: 0;
+    }
+  }
+}
+
+.sync-now {
+  &:hover {
+    text-decoration: none;
+  }
+}

app/controllers/application_controller.rb

@@ -2,9 +2,22 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
 
   helper_method :current_user
+  before_filter :reset_cache
 
   private
 
+  def current_user
+    @current_user ||= session[:current_user]
+  end
+
+  def sign_in(user)
+    session[:current_user] = user
+  end
+
+  def sign_out
+    reset_session
+  end
+
   def authenticate_user!
     unless current_user
       redirect_to new_user_sessions_path
@@ -18,15 +31,20 @@ def authenticate_token!
     end
   end
 
-  def current_user
-    @current_user ||= session[:current_user]
+  def authorize_access_project!
+    unless current_user.can_access_project?(@project.gitlab_id)
+      return page_404
+    end
   end
 
-  def sign_in(user)
-    session[:current_user] = user
+  def page_404
+    render file: "#{Rails.root}/public/404.html", status: 404, layout: false
   end
 
-  def sign_out
-    @current_user = session[:current_user] = nil
+  # Reset user cache every day for security purposes
+  def reset_cache
+    if current_user && current_user.sync_at < (Time.zone.now - 24.hours)
+      current_user.reset_cache
+    end
   end
 end

app/controllers/builds_controller.rb

@@ -1,7 +1,7 @@
 class BuildsController < ApplicationController
   before_filter :authenticate_user!, except: [:status]
   before_filter :project
-  before_filter :authenticate_token!, only: [:build]
+  before_filter :authorize_access_project!, except: [:status]
 
   def show
     @builds = builds

app/controllers/projects_controller.rb

@@ -1,20 +1,32 @@
 class ProjectsController < ApplicationController
   before_filter :authenticate_user!, except: [:build, :status, :index, :show]
   before_filter :project, only: [:build, :integration, :show, :status, :edit, :update, :destroy, :charts]
+  before_filter :authorize_access_project!, except: [:build, :gitlab, :status, :index, :show, :new, :create]
   before_filter :authenticate_token!, only: [:build]
   before_filter :no_cache, only: [:status]
 
   layout 'project', except: [:index, :gitlab]
 
   def index
-    @projects = Project.order('name ASC')
-    @projects = @projects.public unless current_user
-    @projects  = @projects.page(params[:page]).per(20)
+    @projects = Project.public.page(params[:page]) unless current_user
+  end
+
+  def gitlab
+    current_user.reset_cache if params[:reset_cache]
+    @page = (params[:page] || 1).to_i
+    @per_page = 100
+    @gl_projects = current_user.gitlab_projects(@page, @per_page)
+    @projects = Project.where(gitlab_id: @gl_projects.map(&:id)).order('name ASC')
+    @total_count = @gl_projects.size
+    @gl_projects.reject! { |gl_project| @projects.map(&:gitlab_id).include?(gl_project.id) }
+  rescue
+    @error = 'Failed to fetch GitLab projects'
   end
 
   def show
-    unless @project.public || current_user
-      authenticate_user! and return
+    unless @project.public
+      authenticate_user!
+      authorize_access_project!
     end
 
     @ref = params[:ref]
@@ -108,13 +120,6 @@ def charts
     @charts[:year] = Charts::YearChart.new(@project)
   end
 
-  def gitlab
-    @page = (params[:page] || 1).to_i
-    @per_page = 100
-    @projects = current_user.gitlab_projects(@page, @per_page)
-  rescue
-    @error = 'Failed to fetch GitLab projects'
-  end
 
   protected
 

app/models/network.rb

@@ -37,6 +37,23 @@ def projects(url, api_opts, scope = :owned)
     end
   end
 
+  def project(url, api_opts, project_id)
+    opts = {
+      query: api_opts,
+      headers: {"Content-Type" => "application/json"},
+    }
+
+    query = "projects/#{project_id}.json"
+
+    response = self.class.get(url + api_prefix + query, opts)
+
+    if response.code == 200
+      response.parsed_response
+    else
+      nil
+    end
+  end
+
   def add_deploy_key(url, project_id, api_opts)
     opts = {
       body: api_opts.to_json,