Refresh patch with confirmation from Balasankar

2019-11-28 22:42:28 +05:30 · 2019-11-28 22:42:28 +05:30 · ca129b8928
commit ca129b8928
parent 9c0250c08b
1 changed files with 49 additions and 29 deletions
--- a/debian/patches/CVE-2019-19254.patch
+++ b/debian/patches/CVE-2019-19254.patch
@ -1,21 +1,50 @@
-From 879ca8ab319a60f114e99a57848467d252fc65c7 Mon Sep 17 00:00:00 2001
+From 5bdfcaa1c268aa475a11480a0ae33691f73a1a96 Mon Sep 17 00:00:00 2001
-From: Aakriti Gupta <agupta@gitlab.com>
+From: Brandon Labuschagne <blabuschagne@gitlab.com>
-Date: Wed, 6 Nov 2019 17:07:11 +0100
+Date: Fri, 15 Nov 2019 14:39:29 +0000
-Subject: [PATCH] Prevent guests from seeing commits for cycle analytics - if
+Subject: [PATCH 1/2] Ensure that summary items remain aligned
 the user has access level lower than REPORTER, don't include commit count in
 summary
 Default number of items is 3. If this is not the case,
 then increase the column width of the summary items
 to cater for 2 items plus the date filter.
 ---
- ...y-ag-cycle-analytics-guest-permissions.yml |  5 +++++
+ .../javascripts/cycle_analytics/cycle_analytics_bundle.js   | 6 ++++++
- lib/gitlab/cycle_analytics/stage_summary.rb   | 22 ++++++++++++++++---
+ app/views/projects/cycle_analytics/show.html.haml           | 4 ++--
- spec/features/cycle_analytics_spec.rb         | 10 ++++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
 .../cycle_analytics/stage_summary_spec.rb     | 21 ++++++++++++++++++
 4 files changed, 54 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
-diff --git a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
+--- a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
-new file mode 100644
+++ b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
-index 000000000000..c7a3b8923cdf
+@@ -56,10 +56,16 @@
         service: this.createCycleAnalyticsService(cycleAnalyticsEl.dataset.requestPath),
       };
     },
 +    defaultNumberOfSummaryItems: 3,
     computed: {
       currentStage() {
         return this.store.currentActiveStage();
       },
 +      summaryTableColumnClass() {
 +        return this.state.summary.length === this.$options.defaultNumberOfSummaryItems
 +          ? 'col-sm-3'
 +          : 'col-sm-4';
 +      },
     },
     created() {
       // Conditional check placed here to prevent this method from being called on the
 --- a/app/views/projects/cycle_analytics/show.html.haml
 +++ b/app/views/projects/cycle_analytics/show.html.haml
@@ -14,10 +14,10 @@
       .content-block
         .container-fluid
           .row
 -            .col-sm-3.col-12.column{ "v-for" => "item in state.summary" }
 +            .col-12.column{ "v-for" => "item in state.summary", ":class" => "summaryTableColumnClass" }
               %h3.header {{ item.value }}
               %p.text {{ item.title }}
 -            .col-sm-3.col-12.column
 +            .col-12.column{ ":class" => "summaryTableColumnClass" }
               .dropdown.inline.js-ca-dropdown
                 %button.dropdown-menu-toggle{ "data-toggle" => "dropdown", :type => "button" }
                   %span.dropdown-label {{ n__('Last %d day', 'Last %d days', 30) }}
 --- /dev/null
 +++ b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
@@ -0,0 +1,5 @@
@ -24,11 +53,9 @@ index 000000000000..c7a3b8923cdf
 +merge_request:
 +author:
 +type: security
 diff --git a/lib/gitlab/cycle_analytics/stage_summary.rb b/lib/gitlab/cycle_analytics/stage_summary.rb
 index 5198dd5b4eb6..c0ee65a106d1 100644
 --- a/lib/gitlab/cycle_analytics/stage_summary.rb
 +++ b/lib/gitlab/cycle_analytics/stage_summary.rb
-@@ -10,13 +10,29 @@ module Gitlab
+@@ -10,13 +10,29 @@
       end
       def data
@ -61,11 +88,9 @@ index 5198dd5b4eb6..c0ee65a106d1 100644
       def serialize(summary_object)
         AnalyticsSummarySerializer.new.represent(summary_object)
       end
 diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb
 index 07f0864fb3ba..df8d5124f36e 100644
 --- a/spec/features/cycle_analytics_spec.rb
 +++ b/spec/features/cycle_analytics_spec.rb
-@@ -108,6 +108,10 @@ describe 'Cycle Analytics', :js do
+@@ -108,6 +108,10 @@
       wait_for_requests
     end
@ -76,7 +101,7 @@ index 07f0864fb3ba..df8d5124f36e 100644
     it 'needs permissions to see restricted stages' do
       expect(find('.stage-events')).to have_content(issue.title)
-@@ -123,8 +127,12 @@ describe 'Cycle Analytics', :js do
+@@ -123,8 +127,12 @@
     find(:xpath, "//p[contains(text(),'New Issue')]/preceding-sibling::h3")
   end
@ -90,11 +115,9 @@ index 07f0864fb3ba..df8d5124f36e 100644
   end
   def deploys_counter
 diff --git a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
 index 778c2f479b56..35bfeae5ea24 100644
 --- a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
 +++ b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
-@@ -8,6 +8,10 @@ describe Gitlab::CycleAnalytics::StageSummary do
+@@ -8,6 +8,10 @@
   let(:user) { create(:user, :admin) }
   subject { described_class.new(project, from: Time.now, current_user: user).data }
@ -105,7 +128,7 @@ index 778c2f479b56..35bfeae5ea24 100644
   describe "#new_issues" do
     it "finds the number of issues created after the 'from date'" do
       Timecop.freeze(5.days.ago) { create(:issue, project: project) }
-@@ -42,6 +46,23 @@ describe Gitlab::CycleAnalytics::StageSummary do
+@@ -42,6 +46,23 @@
       expect(subject.second[:value]).to eq(100)
     end
@ -129,6 +152,3 @@ index 778c2f479b56..35bfeae5ea24 100644
   end
   describe "#deploys" do
 -- 
 2.22.0