debian-mirror-gitlab/app/controllers/projects/work_items_controller.rb

# frozen_string_literal: true

class Projects::WorkItemsController < Projects::ApplicationController
  include WorkhorseAuthorization
  extend Gitlab::Utils::Override

  EXTENSION_ALLOWLIST = %w[csv].map(&:downcase).freeze

  before_action :authorize_import_access!, only: [:import_csv, :authorize] # rubocop:disable Rails/LexicallyScopedActionFilter
  before_action do
    push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?)
    push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?)
    push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?)
    push_force_frontend_feature_flag(:saved_replies, current_user)
  end

  feature_category :team_planning
  urgency :high, [:authorize]
  urgency :low

  def import_csv
    file = import_params[:file]
    return render json: { errors: invalid_file_message }, status: :bad_request unless file_is_valid?(file)

    result = WorkItems::PrepareImportCsvService.new(project, current_user, file: file).execute

    if result.status == :error
      render json: { errors: result.message }, status: :bad_request
    else
      render json: { message: result.message }, status: :ok
    end
  end

  private

  def import_params
    params.permit(:file)
  end

  def authorize_import_access!
    can_import = can?(current_user, :import_work_items, project)
    import_csv_feature_available = Feature.enabled?(:import_export_work_items_csv, project)
    return if can_import && import_csv_feature_available

    if current_user || action_name == 'authorize'
      render_404
    else
      authenticate_user!
    end
  end

  def invalid_file_message
    supported_file_extensions = ".#{EXTENSION_ALLOWLIST.join(', .')}"
    format(_("The uploaded file was invalid. Supported file extensions are %{extensions}."),
      { extensions: supported_file_extensions })
  end

  def uploader_class
    FileUploader
  end

  def maximum_size
    Gitlab::CurrentSettings.max_attachment_size.megabytes
  end

  def file_extension_allowlist
    EXTENSION_ALLOWLIST
  end
end

Projects::WorkItemsController.prepend_mod
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`# frozen_string_literal: true`

			`class Projects::WorkItemsController < Projects::ApplicationController`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`include WorkhorseAuthorization`
			`extend Gitlab::Utils::Override`

			`EXTENSION_ALLOWLIST = %w[csv].map(&:downcase).freeze`

			`before_action :authorize_import_access!, only: [:import_csv, :authorize] # rubocop:disable Rails/LexicallyScopedActionFilter`
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`before_action do`
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30			`push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?)`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			`push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?)`
New upstream version 15.3.1+ds1 2022-08-27 11:52:29 +05:30			`push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?)`
New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`push_force_frontend_feature_flag(:saved_replies, current_user)`
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`end`

New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30			`feature_category :team_planning`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`urgency :high, [:authorize]`
New upstream version 15.0.4+ds1 2022-07-16 23:28:13 +05:30			`urgency :low`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30
			`def import_csv`
			`file = import_params[:file]`
			`return render json: { errors: invalid_file_message }, status: :bad_request unless file_is_valid?(file)`

			`result = WorkItems::PrepareImportCsvService.new(project, current_user, file: file).execute`

			`if result.status == :error`
			`render json: { errors: result.message }, status: :bad_request`
			`else`
			`render json: { message: result.message }, status: :ok`
			`end`
			`end`

			`private`

			`def import_params`
			`params.permit(:file)`
			`end`

			`def authorize_import_access!`
			`can_import = can?(current_user, :import_work_items, project)`
			`import_csv_feature_available = Feature.enabled?(:import_export_work_items_csv, project)`
			`return if can_import && import_csv_feature_available`

			`if current_user \|\| action_name == 'authorize'`
			`render_404`
			`else`
			`authenticate_user!`
			`end`
			`end`

			`def invalid_file_message`
			`supported_file_extensions = ".#{EXTENSION_ALLOWLIST.join(', .')}"`
			`format(_("The uploaded file was invalid. Supported file extensions are %{extensions}."),`
			`{ extensions: supported_file_extensions })`
			`end`

			`def uploader_class`
			`FileUploader`
			`end`

			`def maximum_size`
			`Gitlab::CurrentSettings.max_attachment_size.megabytes`
			`end`

			`def file_extension_allowlist`
			`EXTENSION_ALLOWLIST`
			`end`
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`end`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30
			`Projects::WorkItemsController.prepend_mod`