Commit daa5ac42 authored by Alex Pooley's avatar Alex Pooley

Merge branch '341272-import-use-attr-permit-proj' into 'master'

Use allowlist for importing project attributes

See merge request gitlab-org/gitlab!72457
parents c5f329ce c8c6f468
...@@ -106,12 +106,7 @@ module Gitlab ...@@ -106,12 +106,7 @@ module Gitlab
def update_params! def update_params!
params = @importable_attributes.except(*relations.keys.map(&:to_s)) params = @importable_attributes.except(*relations.keys.map(&:to_s))
params = params.merge(present_override_params) params = params.merge(present_override_params)
params = filter_attributes(params)
# Cleaning all imported and overridden params
params = Gitlab::ImportExport::AttributeCleaner.clean(
relation_hash: params,
relation_class: importable_class,
excluded_keys: excluded_keys_for_relation(importable_class_sym))
@importable.assign_attributes(params) @importable.assign_attributes(params)
...@@ -122,6 +117,25 @@ module Gitlab ...@@ -122,6 +117,25 @@ module Gitlab
end end
end end
def filter_attributes(params)
if use_attributes_permitter? && attributes_permitter.permitted_attributes_defined?(importable_class_sym)
attributes_permitter.permit(importable_class_sym, params)
else
Gitlab::ImportExport::AttributeCleaner.clean(
relation_hash: params,
relation_class: importable_class,
excluded_keys: excluded_keys_for_relation(importable_class_sym))
end
end
def attributes_permitter
@attributes_permitter ||= Gitlab::ImportExport::AttributesPermitter.new
end
def use_attributes_permitter?
Feature.enabled?(:permitted_attributes_for_import_export, default_enabled: :yaml)
end
def present_override_params def present_override_params
# we filter out the empty strings from the overrides # we filter out the empty strings from the overrides
# keeping the default values configured # keeping the default values configured
......
...@@ -494,6 +494,59 @@ included_attributes: ...@@ -494,6 +494,59 @@ included_attributes:
- :created_at - :created_at
- :updated_at - :updated_at
- :summary - :summary
project:
- :approvals_before_merge
- :archived
- :auto_cancel_pending_pipelines
- :autoclose_referenced_issues
- :build_allow_git_fetch
- :build_coverage_regex
- :build_timeout
- :ci_config_path
- :delete_error
- :description
- :disable_overriding_approvers_per_merge_request
- :external_authorization_classification_label
- :external_webhook_token
- :has_external_issue_tracker
- :has_external_wiki
- :issues_template
- :jobs_cache_index
- :last_repository_check_failed
- :merge_requests_author_approval
- :merge_requests_disable_committers_approval
- :merge_requests_ff_only_enabled
- :merge_requests_rebase_enabled
- :merge_requests_template
- :only_allow_merge_if_all_discussions_are_resolved
- :only_allow_merge_if_pipeline_succeeds
- :pages_https_only
- :pending_delete
- :printing_merge_request_link_enabled
- :public_builds
- :remove_source_branch_after_merge
- :request_access_enabled
- :require_password_to_approve
- :reset_approvals_on_push
- :resolve_outdated_diff_discussions
- :service_desk_enabled
- :shared_runners_enabled
- :suggestion_commit_message
- :visibility_level
- :hooks
- :issues_access_level
- :forking_access_level
- :merge_requests_access_level
- :wiki_access_level
- :snippets_access_level
- :builds_access_level
- :repository_access_level
- :pages_access_level
- :metrics_dashboard_access_level
- :analytics_access_level
- :operations_access_level
- :security_and_compliance_access_level
- :container_registry_access_level
# Do not include the following attributes for the models specified. # Do not include the following attributes for the models specified.
excluded_attributes: excluded_attributes:
...@@ -883,3 +936,5 @@ ee: ...@@ -883,3 +936,5 @@ ee:
- :auto_fix_dast - :auto_fix_dast
- :auto_fix_dependency_scanning - :auto_fix_dependency_scanning
- :auto_fix_sast - :auto_fix_sast
project:
- :requirements_access_level
...@@ -126,6 +126,7 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do ...@@ -126,6 +126,7 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
:project_feature | true :project_feature | true
:prometheus_metrics | true :prometheus_metrics | true
:service_desk_setting | true :service_desk_setting | true
:project | true
end end
with_them do with_them do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment