Refresh patch with confirmation from Balasankar

2019-11-28 22:42:28 +05:30 · 2019-11-28 22:42:28 +05:30 · ca129b8928
commit ca129b8928
parent 9c0250c08b
1 changed files with 49 additions and 29 deletions
--- a/debian/patches/CVE-2019-19254.patch
+++ b/debian/patches/CVE-2019-19254.patch
@ -1,21 +1,50 @@
-From 879ca8ab319a60f114e99a57848467d252fc65c7 Mon Sep 17 00:00:00 2001
-From: Aakriti Gupta <agupta@gitlab.com>
-Date: Wed, 6 Nov 2019 17:07:11 +0100
-Subject: [PATCH] Prevent guests from seeing commits for cycle analytics - if
- the user has access level lower than REPORTER, don't include commit count in
- summary
+From 5bdfcaa1c268aa475a11480a0ae33691f73a1a96 Mon Sep 17 00:00:00 2001
+From: Brandon Labuschagne <blabuschagne@gitlab.com>
+Date: Fri, 15 Nov 2019 14:39:29 +0000
+Subject: [PATCH 1/2] Ensure that summary items remain aligned

+Default number of items is 3. If this is not the case,
+then increase the column width of the summary items
+to cater for 2 items plus the date filter.
 ---
- ...y-ag-cycle-analytics-guest-permissions.yml |  5 +++++
- lib/gitlab/cycle_analytics/stage_summary.rb   | 22 ++++++++++++++++---
- spec/features/cycle_analytics_spec.rb         | 10 ++++++++-
- .../cycle_analytics/stage_summary_spec.rb     | 21 ++++++++++++++++++
- 4 files changed, 54 insertions(+), 4 deletions(-)
- create mode 100644 changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
+ .../javascripts/cycle_analytics/cycle_analytics_bundle.js   | 6 ++++++
+ app/views/projects/cycle_analytics/show.html.haml           | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)

-diff --git a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
-new file mode 100644
-index 000000000000..c7a3b8923cdf
+--- a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
+++ b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
+@@ -56,10 +56,16 @@
+         service: this.createCycleAnalyticsService(cycleAnalyticsEl.dataset.requestPath),
+       };
+     },
+    defaultNumberOfSummaryItems: 3,
+     computed: {
+       currentStage() {
+         return this.store.currentActiveStage();
+       },
+      summaryTableColumnClass() {
+        return this.state.summary.length === this.$options.defaultNumberOfSummaryItems
+          ? 'col-sm-3'
+          : 'col-sm-4';
+      },
+     },
+     created() {
+       // Conditional check placed here to prevent this method from being called on the
+--- a/app/views/projects/cycle_analytics/show.html.haml
+++ b/app/views/projects/cycle_analytics/show.html.haml
+@@ -14,10 +14,10 @@
+       .content-block
+         .container-fluid
+           .row
+-            .col-sm-3.col-12.column{ "v-for" => "item in state.summary" }
+            .col-12.column{ "v-for" => "item in state.summary", ":class" => "summaryTableColumnClass" }
+               %h3.header {{ item.value }}
+               %p.text {{ item.title }}
+-            .col-sm-3.col-12.column
+            .col-12.column{ ":class" => "summaryTableColumnClass" }
+               .dropdown.inline.js-ca-dropdown
+                 %button.dropdown-menu-toggle{ "data-toggle" => "dropdown", :type => "button" }
+                   %span.dropdown-label {{ n__('Last %d day', 'Last %d days', 30) }}
 --- /dev/null
 +++ b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
@@ -0,0 +1,5 @@
@ -24,11 +53,9 @@ index 000000000000..c7a3b8923cdf
 +merge_request:
 +author:
 +type: security
-diff --git a/lib/gitlab/cycle_analytics/stage_summary.rb b/lib/gitlab/cycle_analytics/stage_summary.rb
-index 5198dd5b4eb6..c0ee65a106d1 100644
 --- a/lib/gitlab/cycle_analytics/stage_summary.rb
 +++ b/lib/gitlab/cycle_analytics/stage_summary.rb
-@@ -10,13 +10,29 @@ module Gitlab
+@@ -10,13 +10,29 @@
       end
 
       def data
@ -61,11 +88,9 @@ index 5198dd5b4eb6..c0ee65a106d1 100644
       def serialize(summary_object)
         AnalyticsSummarySerializer.new.represent(summary_object)
       end
-diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb
-index 07f0864fb3ba..df8d5124f36e 100644
 --- a/spec/features/cycle_analytics_spec.rb
 +++ b/spec/features/cycle_analytics_spec.rb
-@@ -108,6 +108,10 @@ describe 'Cycle Analytics', :js do
+@@ -108,6 +108,10 @@
       wait_for_requests
     end
 
@ -76,7 +101,7 @@ index 07f0864fb3ba..df8d5124f36e 100644
     it 'needs permissions to see restricted stages' do
       expect(find('.stage-events')).to have_content(issue.title)
 
-@@ -123,8 +127,12 @@ describe 'Cycle Analytics', :js do
+@@ -123,8 +127,12 @@
     find(:xpath, "//p[contains(text(),'New Issue')]/preceding-sibling::h3")
   end
 
@ -90,11 +115,9 @@ index 07f0864fb3ba..df8d5124f36e 100644
   end
 
   def deploys_counter
-diff --git a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
-index 778c2f479b56..35bfeae5ea24 100644
 --- a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
 +++ b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
-@@ -8,6 +8,10 @@ describe Gitlab::CycleAnalytics::StageSummary do
+@@ -8,6 +8,10 @@
   let(:user) { create(:user, :admin) }
   subject { described_class.new(project, from: Time.now, current_user: user).data }
 
@ -105,7 +128,7 @@ index 778c2f479b56..35bfeae5ea24 100644
   describe "#new_issues" do
     it "finds the number of issues created after the 'from date'" do
       Timecop.freeze(5.days.ago) { create(:issue, project: project) }
-@@ -42,6 +46,23 @@ describe Gitlab::CycleAnalytics::StageSummary do
+@@ -42,6 +46,23 @@
 
       expect(subject.second[:value]).to eq(100)
     end
@ -129,6 +152,3 @@ index 778c2f479b56..35bfeae5ea24 100644
   end
 
   describe "#deploys" do
-- 
-2.22.0
-