# frozen_string_literal: true
class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationController
include ToggleSubscriptionAction
include IssuableActions
include RendersCommits
include RendersAssignees
include ToggleAwardEmoji
include IssuableCollections
include RecordUserLastActivity
include SourcegraphDecorator
include DiffHelper
include Gitlab::Cache::Helpers
include ::Observability::ContentSecurityPolicy
prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) }
skip_before_action :merge_request, only: [:index, :bulk_update, :export_csv]
before_action :apply_diff_view_cookie!, only: [:show, :diffs]
before_action :disable_query_limiting, only: [:assign_related_issues, :update]
before_action :authorize_update_issuable!, only: [:close, :edit, :update, :remove_wip, :sort]
before_action :authorize_read_actual_head_pipeline!, only: [
:test_reports,
:exposed_artifacts,
:coverage_reports,
:terraform_reports,
:accessibility_reports,
:codequality_reports,
:codequality_mr_diff_reports
]
before_action :set_issuables_index, only: [:index]
before_action :check_search_rate_limit!, only: [:index], if: -> {
params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
}
before_action :authenticate_user!, only: [:assign_related_issues]
before_action :check_user_can_push_to_source_branch!, only: [:rebase]
before_action only: [:show, :diffs] do
push_frontend_feature_flag(:core_security_mr_widget_counts, project)
push_frontend_feature_flag(:issue_assignees_widget, @project)
push_frontend_feature_flag(:refactor_security_extension, @project)
push_frontend_feature_flag(:refactor_code_quality_inline_findings, project)
push_frontend_feature_flag(:moved_mr_sidebar, project)
push_frontend_feature_flag(:mr_review_submit_comment, project)
push_frontend_feature_flag(:mr_experience_survey, project)
push_frontend_feature_flag(:realtime_reviewers, project)
push_frontend_feature_flag(:realtime_mr_status_change, project)
end
before_action do
push_frontend_feature_flag(:permit_all_shared_groups_for_approval, @project)
end
around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :diffs, :discussions]
after_action :log_merge_request_show, only: [:show, :diffs]
feature_category :code_review_workflow, [
:assign_related_issues, :bulk_update, :cancel_auto_merge,
:commit_change_content, :commits, :context_commits, :destroy,
:discussions, :edit, :index, :merge, :rebase, :remove_wip,
:show, :diffs, :toggle_award_emoji, :toggle_subscription, :update
]
feature_category :code_testing, [:test_reports, :coverage_reports]
feature_category :code_quality, [:codequality_reports, :codequality_mr_diff_reports]
feature_category :code_testing, [:accessibility_reports]
feature_category :infrastructure_as_code, [:terraform_reports]
feature_category :continuous_integration, [:pipeline_status, :pipelines, :exposed_artifacts]
urgency :high, [:export_csv]
urgency :low, [
:index,
:show,
:diffs,
:commits,
:bulk_update,
:edit,
:update,
:cancel_auto_merge,
:merge,
:ci_environments_status,
:destroy,
:rebase,
:discussions,
:pipelines,
:coverage_reports,
:test_reports,
:codequality_mr_diff_reports,
:codequality_reports,
:terraform_reports
]
urgency :low, [:pipeline_status, :pipelines, :exposed_artifacts]
def index
@merge_requests = @issuables
respond_to do |format|
format.html
format.atom { render layout: 'xml' }
format.json do
render json: {
html: view_to_html_string("projects/merge_requests/_merge_requests")
}
end
end
end
def show
show_merge_request
end
def diffs
show_merge_request
end
def commits
# Get context commits from repository
@context_commits =
set_commits_for_rendering(
@merge_request.recent_context_commits
)
per_page = [(params[:per_page] || MergeRequestDiff::COMMITS_SAFE_SIZE).to_i, MergeRequestDiff::COMMITS_SAFE_SIZE].min
recent_commits = @merge_request.recent_commits(load_from_gitaly: true, limit: per_page, page: params[:page]).with_latest_pipeline(@merge_request.source_branch).with_markdown_cache
@next_page = recent_commits.next_page
@commits = set_commits_for_rendering(
recent_commits,
commits_count: @merge_request.commits_count
)
render json: { html: view_to_html_string('projects/merge_requests/_commits'), next_page: @next_page }
end
def pipelines
set_pipeline_variables
@pipelines = @pipelines.page(params[:page])
Gitlab::PollingInterval.set_header(response, interval: 10_000)
render json: {
pipelines: PipelineSerializer
.new(project: @project, current_user: @current_user)
.with_pagination(request, response)
.represent(@pipelines),
count: {
all: @pipelines.count
}
}
end
def sast_reports
reports_response(merge_request.compare_sast_reports(current_user), head_pipeline)
end
def secret_detection_reports
reports_response(merge_request.compare_secret_detection_reports(current_user), head_pipeline)
end
def context_commits
# Get commits from repository
# or from cache if already merged
commits = ContextCommitsFinder.new(project, @merge_request, {
search: params[:search],
author: params[:author],
committed_before: convert_date_to_epoch(params[:committed_before]),
committed_after: convert_date_to_epoch(params[:committed_after]),
limit: params[:limit]
}).execute
render json: CommitEntity.represent(commits, { type: :full, request: merge_request })
end
def test_reports
reports_response(@merge_request.compare_test_reports)
end
def accessibility_reports
if @merge_request.has_accessibility_reports?
reports_response(@merge_request.compare_accessibility_reports)
else
head :no_content
end
end
def coverage_reports
if @merge_request.has_coverage_reports?
reports_response(@merge_request.find_coverage_reports)
else
head :no_content
end
end
def codequality_mr_diff_reports
reports_response(@merge_request.find_codequality_mr_diff_reports, head_pipeline)
end
def codequality_reports
reports_response(@merge_request.compare_codequality_reports)
end
def terraform_reports
reports_response(@merge_request.find_terraform_reports)
end
def exposed_artifacts
if @merge_request.has_exposed_artifacts?
reports_response(@merge_request.find_exposed_artifacts)
else
head :no_content
end
end
def edit
define_edit_vars
end
def update
@merge_request = ::MergeRequests::UpdateService.new(project: project, current_user: current_user, params: merge_request_update_params).execute(@merge_request)
respond_to do |format|
format.html do
if @merge_request.errors.present?
define_edit_vars
render :edit
else
redirect_to project_merge_request_path(@merge_request.target_project, @merge_request)
end
end
format.json do
if merge_request.errors.present?
render json: @merge_request.errors, status: :bad_request
else
render json: serializer.represent(@merge_request, serializer: params[:serializer] || 'basic')
end
end
end
rescue ActiveRecord::StaleObjectError
define_edit_vars if request.format.html?
render_conflict_response
end
def remove_wip
@merge_request = ::MergeRequests::UpdateService
.new(project: project, current_user: current_user, params: { wip_event: 'ready' })
.execute(@merge_request)
render json: serialize_widget(@merge_request)
end
def commit_change_content
render partial: 'projects/merge_requests/widget/commit_change_content', layout: false
end
def cancel_auto_merge
unless @merge_request.can_cancel_auto_merge?(current_user)
return access_denied!
end
AutoMergeService.new(project, current_user).cancel(@merge_request)
render json: serialize_widget(@merge_request)
end
def merge
access_check_result = merge_access_check
return access_check_result if access_check_result
status = merge!
if @merge_request.merge_error
render json: { status: status, merge_error: @merge_request.merge_error }
else
render json: { status: status }
end
end
def assign_related_issues
result = ::MergeRequests::AssignIssuesService.new(project: project, current_user: current_user, params: { merge_request: @merge_request }).execute
case result[:count]
when 0
flash[:error] = "Failed to assign you issues related to the merge request"
when 1
flash[:notice] = "1 issue has been assigned to you"
else
flash[:notice] = "#{result[:count]} issues have been assigned to you"
end
redirect_to(merge_request_path(@merge_request))
end
def pipeline_status
render json: PipelineSerializer
.new(project: @project, current_user: @current_user)
.represent_status(head_pipeline)
end
def ci_environments_status
environments =
if ci_environments_status_on_merge_result?
EnvironmentStatus.for_deployed_merge_request(@merge_request, current_user)
else
EnvironmentStatus.for_merge_request(@merge_request, current_user)
end
render json: EnvironmentStatusSerializer.new(current_user: current_user).represent(environments)
end
def rebase
@merge_request.rebase_async(current_user.id, skip_ci: Gitlab::Utils.to_boolean(merge_params[:skip_ci], default: false))
head :ok
rescue MergeRequest::RebaseLockTimeout => e
render json: { merge_error: e.message }, status: :conflict
end
def discussions
merge_request.discussions_diffs.load_highlight
super
end
def export_csv
IssuableExportCsvWorker.perform_async(:merge_request, current_user.id, project.id, finder_options.to_h) # rubocop:disable CodeReuse/Worker
index_path = project_merge_requests_path(project)
message = _('Your CSV export has started. It will be emailed to %{email} when complete.') % { email: current_user.notification_email_or_default }
redirect_to(index_path, notice: message)
end
protected
alias_method :subscribable_resource, :merge_request
alias_method :issuable, :merge_request
alias_method :awardable, :merge_request
def sorting_field
MergeRequest::SORTING_PREFERENCE_FIELD
end
def merge_params
params.permit(merge_params_attributes)
end
def merge_params_attributes
MergeRequest::KNOWN_MERGE_PARAMS
end
def auto_merge_requested?
# Support params[:merge_when_pipeline_succeeds] during the transition period
params[:auto_merge_strategy].present? || params[:merge_when_pipeline_succeeds].present?
end
private
def show_merge_request
close_merge_request_if_no_source_project
@merge_request.check_mergeability(async: true)
respond_to do |format|
format.html do
# use next to appease Rubocop
next render('invalid') if target_branch_missing?
render_html_page
end
format.json do
Gitlab::PollingInterval.set_header(response, interval: 10_000)
if params[:serializer] == 'sidebar_extras'
cache_context = [
params[:serializer],
current_user&.cache_key,
@merge_request.merge_request_assignees.map(&:cache_key),
@merge_request.merge_request_reviewers.map(&:cache_key)
]
render_cached(@merge_request,
with: serializer,
cache_context: ->(_) { [Digest::SHA256.hexdigest(cache_context.to_s)] },
serializer: params[:serializer])
else
render json: serializer.represent(@merge_request, serializer: params[:serializer])
end
end
format.patch do
next render_404 unless @merge_request.diff_refs
send_git_patch @project.repository, @merge_request.diff_refs
end
format.diff do
next render_404 unless @merge_request.diff_refs
send_git_diff @project.repository, @merge_request.diff_refs
end
end
end
def render_html_page
preload_assignees_for_render(@merge_request)
# Build a note object for comment form
@note = @project.notes.new(noteable: @merge_request)
@noteable = @merge_request
@commits_count = @merge_request.commits_count + @merge_request.context_commits_count
@diffs_count = get_diffs_count
@issuable_sidebar = serializer.represent(@merge_request, serializer: 'sidebar')
@current_user_data = Gitlab::Json.dump(UserSerializer.new(project: @project).represent(current_user, {}, MergeRequestCurrentUserEntity))
@show_whitespace_default = current_user.nil? || current_user.show_whitespace_in_diffs
@file_by_file_default = current_user&.view_diffs_file_by_file
@coverage_path = coverage_reports_project_merge_request_path(@project, @merge_request, format: :json) if @merge_request.has_coverage_reports?
@update_current_user_path = expose_path(api_v4_user_preferences_path)
@endpoint_metadata_url = endpoint_metadata_url(@project, @merge_request)
@endpoint_diff_batch_url = endpoint_diff_batch_url(@project, @merge_request)
set_pipeline_variables
@number_of_pipelines = @pipelines.size
render
end
def get_diffs_count
if show_only_context_commits?
@merge_request.context_commits_diff.raw_diffs.size
else
@merge_request.diff_size
end
end
def merge_request_update_params
merge_request_params.merge!(params.permit(:merge_request_diff_head_sha))
end
def head_pipeline
strong_memoize(:head_pipeline) do
pipeline = @merge_request.head_pipeline
pipeline if can?(current_user, :read_pipeline, pipeline)
end
end
def ci_environments_status_on_merge_result?
params[:environment_target] == 'merge_commit'
end
def target_branch_missing?
@merge_request.has_no_commits? && !@merge_request.target_branch_exists?
end
def merge!
# Disable the CI check if auto_merge_strategy is specified since we have
# to wait until CI completes to know
unless @merge_request.mergeable?(skip_ci_check: auto_merge_requested?)
return :failed
end
squashing = params.fetch(:squash, false)
merge_service = ::MergeRequests::MergeService.new(project: @project, current_user: current_user, params: merge_params)
unless merge_service.hooks_validation_pass?(@merge_request, validate_squash_message: squashing)
return :hook_validation_error
end
return :sha_mismatch if params[:sha] != @merge_request.diff_head_sha
@merge_request.update(merge_error: nil, squash: squashing)
if auto_merge_requested?
if merge_request.auto_merge_enabled?
# TODO: We should have a dedicated endpoint for updating merge params.
# See https://gitlab.com/gitlab-org/gitlab-foss/issues/63130.
AutoMergeService.new(project, current_user, merge_params).update(merge_request)
else
AutoMergeService.new(project, current_user, merge_params)
.execute(merge_request,
params[:auto_merge_strategy] || AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
end
else
@merge_request.merge_async(current_user.id, merge_params)
:success
end
end
def serialize_widget(merge_request)
cached_data = serializer.represent(merge_request, serializer: 'poll_cached_widget')
widget_data = serializer.represent(merge_request, serializer: 'poll_widget')
cached_data.merge!(widget_data)
end
def serializer
@serializer ||= MergeRequestSerializer.new(current_user: current_user, project: merge_request.project)
end
def define_edit_vars
@source_project = @merge_request.source_project
@target_project = @merge_request.target_project
@noteable = @merge_request
# FIXME: We have to assign a presenter to another instance variable
# due to class_name checks being made with issuable classes
@mr_presenter = @merge_request.present(current_user: current_user)
end
def finder_type
MergeRequestsFinder
end
def check_user_can_push_to_source_branch!
result = MergeRequests::RebaseService
.new(project: @merge_request.source_project, current_user: current_user)
.validate(@merge_request)
return if result.success?
render json: { merge_error: result.message }, status: :forbidden
end
def merge_access_check
access_denied! unless @merge_request.can_be_merged_by?(current_user)
end
def disable_query_limiting
# Also see https://gitlab.com/gitlab-org/gitlab/-/issues/20827
Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/20824')
end
def reports_response(report_comparison, pipeline = nil)
if pipeline&.active?
::Gitlab::PollingInterval.set_header(response, interval: 3000)
render json: '', status: :no_content && return
end
case report_comparison[:status]
when :parsing
::Gitlab::PollingInterval.set_header(response, interval: 3000)
render json: '', status: :no_content
when :parsed
render json: Gitlab::Json.dump(report_comparison[:data]), status: :ok
when :error
render json: { status_reason: report_comparison[:status_reason] }, status: :bad_request
else
raise "Failed to build comparison response as comparison yielded unknown status '#{report_comparison[:status]}'"
end
end
def log_merge_request_show
return unless current_user && @merge_request
::Gitlab::Search::RecentMergeRequests.new(user: current_user).log_view(@merge_request)
end
def authorize_read_actual_head_pipeline!
return render_404 unless can?(current_user, :read_build, merge_request.actual_head_pipeline)
end
def show_whitespace
current_user&.show_whitespace_in_diffs ? '0' : '1'
end
def endpoint_metadata_url(project, merge_request)
params = request.query_parameters.merge(view: 'inline', diff_head: true, w: show_whitespace)
diffs_metadata_project_json_merge_request_path(project, merge_request, 'json', params)
end
def endpoint_diff_batch_url(project, merge_request)
per_page = current_user&.view_diffs_file_by_file ? '1' : '5'
params = request.query_parameters.merge(view: 'inline', diff_head: true, w: show_whitespace, page: '0', per_page: per_page)
diffs_batch_project_json_merge_request_path(project, merge_request, 'json', params)
end
def convert_date_to_epoch(date)
Date.strptime(date, "%Y-%m-%d")&.to_time&.to_i if date
rescue Date::Error, TypeError
end
end
Projects::MergeRequestsController.prepend_mod_with('Projects::MergeRequestsController')