Commit 77ce4fea authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents a6d104e2 0b966fb0
...@@ -1324,7 +1324,7 @@ class MergeRequest < ActiveRecord::Base ...@@ -1324,7 +1324,7 @@ class MergeRequest < ActiveRecord::Base
def base_pipeline def base_pipeline
@base_pipeline ||= project.ci_pipelines @base_pipeline ||= project.ci_pipelines
.order(id: :desc) .order(id: :desc)
.find_by(sha: diff_base_sha) .find_by(sha: diff_base_sha, ref: target_branch)
end end
def discussions_rendered_on_frontend? def discussions_rendered_on_frontend?
......
---
title: Ensure the base pipeline of a Merge Request belongs to its target branch
merge_request: 25226
author:
type: fixed
...@@ -66,7 +66,51 @@ Within the rule DSL, you can use: ...@@ -66,7 +66,51 @@ Within the rule DSL, you can use:
To see how the rules get evaluated into a judgment, it is useful in a console to use `policy.debug(:some_ability)`. This will print the rules in the order they are evaluated. To see how the rules get evaluated into a judgment, it is useful in a console to use `policy.debug(:some_ability)`. This will print the rules in the order they are evaluated.
When a policy is asked whether a particular ability is allowed (`policy.allowed?(:some_ability)`), it does not necessarily have to compute all the conditions on the policy. First, only the rules relevant to that particular ability are selected. Then, the execution model takes advantage of short-circuiting, and attempts to sort rules based on a heuristic of how expensive they will be to calculate. The sorting is dynamic and cache-aware, so that previously calculated conditions will be considered first, before computing other conditions. For example, let's say you wanted to debug `IssuePolicy`. You might run
the debugger in this way:
```ruby
user = User.find_by(username: 'john')
issue = Issue.first
policy = IssuePolicy.new(user, issue)
policy.debug(:read_issue)
```
An example debug output would look as follows:
```ruby
- [0] prevent when all?(confidential, ~can_read_confidential) ((@john : Issue/1))
- [0] prevent when archived ((@john : Project/4))
- [0] prevent when issues_disabled ((@john : Project/4))
- [0] prevent when all?(anonymous, ~public_project) ((@john : Project/4))
+ [32] enable when can?(:reporter_access) ((@john : Project/4))
```
Each line represents a rule that was evaluated. There are a few things to note:
1. The `-` or `+` symbol indicates whether the rule block was evaluated to be
`false` or `true`, respectively.
2. The number inside the brackets indicates the score.
3. The last part of the line (e.g. `@john : Issue/1`) shows the username
and subject for that rule.
Here you can see that the first four rules were evaluated `false` for
which user and subject. For example, you can see in the last line that
the rule was activated because the user `root` had at reporter access to
the `Project/4`.
When a policy is asked whether a particular ability is allowed
(`policy.allowed?(:some_ability)`), it does not necessarily have to
compute all the conditions on the policy. First, only the rules relevant
to that particular ability are selected. Then, the execution model takes
advantage of short-circuiting, and attempts to sort rules based on a
heuristic of how expensive they will be to calculate. The sorting is
dynamic and cache-aware, so that previously calculated conditions will
be considered first, before computing other conditions.
Note that the score is chosen by a developer via the `score:` parameter
in a `condition` to denote how expensive evaluating this rule would be
relative to other rules.
## Scope ## Scope
......
...@@ -2625,8 +2625,9 @@ describe MergeRequest do ...@@ -2625,8 +2625,9 @@ describe MergeRequest do
let!(:first_pipeline) { create(:ci_pipeline_without_jobs, pipeline_arguments) } let!(:first_pipeline) { create(:ci_pipeline_without_jobs, pipeline_arguments) }
let!(:last_pipeline) { create(:ci_pipeline_without_jobs, pipeline_arguments) } let!(:last_pipeline) { create(:ci_pipeline_without_jobs, pipeline_arguments) }
let!(:last_pipeline_with_other_ref) { create(:ci_pipeline_without_jobs, pipeline_arguments.merge(ref: 'other')) }
it 'returns latest pipeline' do it 'returns latest pipeline for the target branch' do
expect(merge_request.base_pipeline).to eq(last_pipeline) expect(merge_request.base_pipeline).to eq(last_pipeline)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment