Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
ca58e369
Commit
ca58e369
authored
Mar 27, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Only allow user to reference objects they have access to.
parent
b1ef1aa5
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
32 additions
and
22 deletions
+32
-22
app/helpers/gitlab_markdown_helper.rb
app/helpers/gitlab_markdown_helper.rb
+1
-1
lib/gitlab/markdown.rb
lib/gitlab/markdown.rb
+20
-18
lib/gitlab/reference_extractor.rb
lib/gitlab/reference_extractor.rb
+11
-3
No files found.
app/helpers/gitlab_markdown_helper.rb
View file @
ca58e369
...
...
@@ -19,7 +19,7 @@ module GitlabMarkdownHelper
escape_once
(
body
)
end
gfm_body
=
gfm
(
escaped_body
,
@project
,
html_options
)
gfm_body
=
gfm
(
escaped_body
,
@project
,
current_user
,
html_options
)
gfm_body
.
gsub!
(
%r{<a.*?>.*?</a>}m
)
do
|
match
|
"</a>
#{
match
}#{
link_to
(
""
,
url
,
html_options
)[
0
..-
5
]
}
"
# "</a>".length +1
...
...
lib/gitlab/markdown.rb
View file @
ca58e369
...
...
@@ -39,7 +39,7 @@ module Gitlab
# text - the source text
# project - the project
# html_options - extra options for the reference links as given to link_to
def
gfm
(
text
,
project
=
@project
,
html_options
=
{})
def
gfm
(
text
,
project
=
@project
,
user
=
current_user
,
html_options
=
{})
gfm_with_options
(
text
,
{},
project
,
html_options
)
end
...
...
@@ -51,7 +51,7 @@ module Gitlab
# - reference_only_path - Use relative path for reference links
# project - the project
# html_options - extra options for the reference links as given to link_to
def
gfm_with_options
(
text
,
options
=
{},
project
=
@project
,
html_options
=
{})
def
gfm_with_options
(
text
,
options
=
{},
project
=
@project
,
user
=
current_user
,
html_options
=
{})
return
text
if
text
.
nil?
# Duplicate the string so we don't alter the original, then call to_str
...
...
@@ -78,7 +78,7 @@ module Gitlab
# TODO: add popups with additional information
text
=
parse
(
text
,
project
)
text
=
parse
(
text
,
project
,
user
)
# Insert pre block extractions
text
.
gsub!
(
/\{gfm-extraction-(\h{32})\}/
)
do
...
...
@@ -155,8 +155,8 @@ module Gitlab
# text - Text to parse
#
# Returns parsed text
def
parse
(
text
,
project
=
@project
)
parse_references
(
text
,
project
)
if
project
def
parse
(
text
,
project
=
@project
,
user
=
current_user
)
parse_references
(
text
,
project
,
user
)
if
project
text
end
...
...
@@ -182,7 +182,7 @@ module Gitlab
TYPES
=
[
:user
,
:issue
,
:label
,
:merge_request
,
:snippet
,
:commit
,
:commit_range
].
freeze
def
parse_references
(
text
,
project
=
@project
)
def
parse_references
(
text
,
project
=
@project
,
user
=
current_user
)
# parse reference links
text
.
gsub!
(
REFERENCE_PATTERN
)
do
|
match
|
type
=
TYPES
.
select
{
|
t
|
!
$~
[
t
].
nil?
}.
first
...
...
@@ -192,11 +192,12 @@ module Gitlab
project_path
=
$LAST_MATCH_INFO
[
:project
]
if
project_path
actual_project
=
::
Project
.
find_with_namespace
(
project_path
)
actual_project
||=
nil
unless
can?
(
user
,
:read_project
,
actual_project
)
project_prefix
=
project_path
end
parse_result
(
$LAST_MATCH_INFO
,
type
,
actual_project
,
project_prefix
)
||
match
actual_project
,
user
,
project_prefix
)
||
match
end
end
...
...
@@ -204,7 +205,7 @@ module Gitlab
# link. Returns nil if +type+ is nil, if the match string is an HTML
# entity, if the reference is invalid, or if the matched text includes an
# invalid project path.
def
parse_result
(
match_info
,
type
,
project
,
project_prefix
)
def
parse_result
(
match_info
,
type
,
project
,
user
,
project_prefix
)
prefix
=
match_info
[
:prefix
]
suffix
=
match_info
[
:suffix
]
...
...
@@ -212,7 +213,7 @@ module Gitlab
return
nil
if
project
.
nil?
&&
!
project_prefix
.
nil?
identifier
=
match_info
[
type
]
ref_link
=
reference_link
(
type
,
identifier
,
project
,
project_prefix
)
ref_link
=
reference_link
(
type
,
identifier
,
project
,
user
,
project_prefix
)
if
ref_link
"
#{
prefix
}#{
ref_link
}#{
suffix
}
"
...
...
@@ -233,11 +234,11 @@ module Gitlab
# identifier - Object identifier (Issue ID, SHA hash, etc.)
#
# Returns string rendered by the processing method
def
reference_link
(
type
,
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_link
(
type
,
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
send
(
"reference_
#{
type
}
"
,
identifier
,
project
,
prefix_text
)
end
def
reference_user
(
identifier
,
project
=
@project
,
_
=
nil
)
def
reference_user
(
identifier
,
project
=
@project
,
user
=
current_user
,
_
=
nil
)
link_options
=
html_options
.
merge
(
class:
"gfm gfm-project_member
#{
html_options
[
:class
]
}
"
)
...
...
@@ -251,6 +252,7 @@ module Gitlab
elsif
namespace
=
Namespace
.
find_by
(
path:
identifier
)
url
=
if
namespace
.
is_a?
(
Group
)
return
nil
unless
can?
(
user
,
:read_group
,
namespace
)
group_url
(
identifier
,
only_path:
options
[
:reference_only_path
])
else
user_url
(
identifier
,
only_path:
options
[
:reference_only_path
])
...
...
@@ -260,7 +262,7 @@ module Gitlab
end
end
def
reference_label
(
identifier
,
project
=
@project
,
_
=
nil
)
def
reference_label
(
identifier
,
project
=
@project
,
user
=
current_user
,
_
=
nil
)
if
label
=
project
.
labels
.
find_by
(
id:
identifier
)
link_options
=
html_options
.
merge
(
class:
"gfm gfm-label
#{
html_options
[
:class
]
}
"
...
...
@@ -273,7 +275,7 @@ module Gitlab
end
end
def
reference_issue
(
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_issue
(
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
if
project
.
default_issues_tracker?
if
project
.
issue_exists?
identifier
url
=
url_for_issue
(
identifier
,
project
,
only_path:
options
[
:reference_only_path
])
...
...
@@ -293,7 +295,7 @@ module Gitlab
end
end
def
reference_merge_request
(
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_merge_request
(
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
if
merge_request
=
project
.
merge_requests
.
find_by
(
iid:
identifier
)
link_options
=
html_options
.
merge
(
title:
"Merge Request:
#{
merge_request
.
title
}
"
,
...
...
@@ -306,7 +308,7 @@ module Gitlab
end
end
def
reference_snippet
(
identifier
,
project
=
@project
,
_
=
nil
)
def
reference_snippet
(
identifier
,
project
=
@project
,
user
=
current_user
,
_
=
nil
)
if
snippet
=
project
.
snippets
.
find_by
(
id:
identifier
)
link_options
=
html_options
.
merge
(
title:
"Snippet:
#{
snippet
.
title
}
"
,
...
...
@@ -321,7 +323,7 @@ module Gitlab
end
end
def
reference_commit
(
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_commit
(
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
if
project
.
valid_repo?
&&
commit
=
project
.
repository
.
commit
(
identifier
)
link_options
=
html_options
.
merge
(
title:
commit
.
link_title
,
...
...
@@ -337,7 +339,7 @@ module Gitlab
end
end
def
reference_commit_range
(
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_commit_range
(
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
from_id
,
to_id
=
identifier
.
split
(
/\.{2,3}/
,
2
)
inclusive
=
identifier
!~
/\.{3}/
...
...
@@ -363,7 +365,7 @@ module Gitlab
end
end
def
reference_external_issue
(
identifier
,
project
=
@project
,
prefix_text
=
nil
)
def
reference_external_issue
(
identifier
,
project
=
@project
,
user
=
current_user
,
prefix_text
=
nil
)
url
=
url_for_issue
(
identifier
,
project
,
only_path:
options
[
:reference_only_path
])
title
=
project
.
external_issue_tracker
.
title
...
...
lib/gitlab/reference_extractor.rb
View file @
ca58e369
module
Gitlab
# Extract possible GFM references from an arbitrary String for further processing.
class
ReferenceExtractor
attr_accessor
:project
,
:references
attr_accessor
:project
,
:
current_user
,
:
references
include
Markdown
def
initialize
(
project
)
def
initialize
(
project
,
current_user
=
nil
)
@project
=
project
@current_user
=
user
@references
=
Hash
.
new
{
[]
}
end
def
can?
(
user
,
action
,
subject
)
# When extracting references, no user means access to everything.
return
true
if
user
.
nil?
Ability
.
abilities
.
allowed?
(
user
,
action
,
subject
)
end
def
analyze
(
text
)
text
=
text
.
dup
...
...
@@ -79,7 +87,7 @@ module Gitlab
private
def
reference_link
(
type
,
identifier
,
project
,
_
)
def
reference_link
(
type
,
identifier
,
project
,
user
,
_
)
references
[
type
]
<<
{
project:
project
,
id:
identifier
}
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment