383 lines
10 KiB
Ruby
383 lines
10 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Snippet < ApplicationRecord
|
|
include Gitlab::VisibilityLevel
|
|
include Redactable
|
|
include CacheMarkdownField
|
|
include Noteable
|
|
include Participable
|
|
include Sortable
|
|
include Awardable
|
|
include Mentionable
|
|
include Spammable
|
|
include Editable
|
|
include Gitlab::SQL::Pattern
|
|
include FromUnion
|
|
include IgnorableColumns
|
|
include HasRepository
|
|
include CanMoveRepositoryStorage
|
|
include AfterCommitQueue
|
|
extend ::Gitlab::Utils::Override
|
|
include CreatedAtFilterable
|
|
|
|
MAX_FILE_COUNT = 10
|
|
|
|
DESCRIPTION_LENGTH_MAX = 1.megabyte
|
|
|
|
cache_markdown_field :title, pipeline: :single_line
|
|
cache_markdown_field :description
|
|
cache_markdown_field :content
|
|
|
|
redact_field :description
|
|
|
|
# Aliases to make application_helper#edited_time_ago_with_tooltip helper work properly with snippets.
|
|
# See https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/10392/diffs#note_28719102
|
|
alias_attribute :last_edited_at, :updated_at
|
|
alias_attribute :last_edited_by, :updated_by
|
|
|
|
# If file_name changes, it invalidates content
|
|
alias_method :default_content_html_invalidator, :content_html_invalidated?
|
|
def content_html_invalidated?
|
|
default_content_html_invalidator || file_name_changed?
|
|
end
|
|
|
|
belongs_to :author, class_name: 'User'
|
|
belongs_to :project
|
|
alias_method :resource_parent, :project
|
|
|
|
has_many :notes, as: :noteable, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
|
|
has_many :user_mentions, class_name: "SnippetUserMention", dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
|
|
has_one :snippet_repository, inverse_of: :snippet
|
|
has_many :repository_storage_moves, class_name: 'Snippets::RepositoryStorageMove', inverse_of: :container
|
|
|
|
# We need to add the `dependent` in order to call the after_destroy callback
|
|
has_one :statistics, class_name: 'SnippetStatistics', dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
|
|
|
|
delegate :name, :email, to: :author, prefix: true, allow_nil: true
|
|
|
|
validates :author, presence: true
|
|
validates :title, presence: true, length: { maximum: 255 }
|
|
validates :file_name,
|
|
length: { maximum: 255 }
|
|
validates :description, bytesize: { maximum: -> { DESCRIPTION_LENGTH_MAX } }, if: :description_changed?
|
|
|
|
validates :content, presence: true
|
|
validates :content, bytesize: { maximum: -> { Gitlab::CurrentSettings.snippet_size_limit } }, if: :content_changed?
|
|
|
|
after_create :create_statistics
|
|
|
|
# Scopes
|
|
scope :are_internal, -> { where(visibility_level: Snippet::INTERNAL) }
|
|
scope :are_private, -> { where(visibility_level: Snippet::PRIVATE) }
|
|
scope :are_public, -> { public_only }
|
|
scope :are_secret, -> { public_only.where(secret: true) }
|
|
scope :fresh, -> { order("created_at DESC") }
|
|
scope :inc_author, -> { includes(:author) }
|
|
scope :inc_relations_for_view, -> { includes(author: :status) }
|
|
scope :inc_statistics, -> { includes(:statistics) }
|
|
scope :with_statistics, -> { joins(:statistics) }
|
|
scope :inc_projects_namespace_route, -> { includes(project: [:route, :namespace]) }
|
|
|
|
attr_mentionable :description
|
|
|
|
participant :author
|
|
participant :notes_with_associations
|
|
|
|
attr_spammable :title, spam_title: true
|
|
attr_spammable :content, spam_description: true
|
|
|
|
attr_encrypted :secret_token,
|
|
key: Settings.attr_encrypted_db_key_base_truncated,
|
|
mode: :per_attribute_iv,
|
|
algorithm: 'aes-256-cbc'
|
|
|
|
class << self
|
|
# Searches for snippets with a matching title, description or file name.
|
|
#
|
|
# This method uses ILIKE on PostgreSQL.
|
|
#
|
|
# query - The search query as a String.
|
|
#
|
|
# Returns an ActiveRecord::Relation.
|
|
def search(query)
|
|
fuzzy_search(query, [:title, :description, :file_name])
|
|
end
|
|
|
|
def parent_class
|
|
::Project
|
|
end
|
|
|
|
def sanitized_file_name(file_name)
|
|
file_name.gsub(/[^a-zA-Z0-9_\-\.]+/, '')
|
|
end
|
|
|
|
def with_optional_visibility(value = nil)
|
|
if value
|
|
where(visibility_level: value)
|
|
else
|
|
all
|
|
end
|
|
end
|
|
|
|
def only_personal_snippets
|
|
where(project_id: nil)
|
|
end
|
|
|
|
def only_project_snippets
|
|
where.not(project_id: nil)
|
|
end
|
|
|
|
def only_include_projects_visible_to(current_user = nil)
|
|
levels = Gitlab::VisibilityLevel.levels_for_user(current_user)
|
|
|
|
joins(:project).where(projects: { visibility_level: levels })
|
|
end
|
|
|
|
def only_include_projects_with_snippets_enabled(include_private: false)
|
|
column = ProjectFeature.access_level_attribute(:snippets)
|
|
levels = [ProjectFeature::ENABLED, ProjectFeature::PUBLIC]
|
|
|
|
levels << ProjectFeature::PRIVATE if include_private
|
|
|
|
joins(project: :project_feature)
|
|
.where(project_features: { column => levels })
|
|
end
|
|
|
|
def only_include_authorized_projects(current_user)
|
|
where(
|
|
'EXISTS (?)',
|
|
ProjectAuthorization
|
|
.select(1)
|
|
.where('project_id = snippets.project_id')
|
|
.where(user_id: current_user.id)
|
|
)
|
|
end
|
|
|
|
def for_project_with_user(project, user = nil)
|
|
return none unless project.snippets_visible?(user)
|
|
|
|
if user && project.team.member?(user)
|
|
project.snippets
|
|
else
|
|
project.snippets.public_to_user(user)
|
|
end
|
|
end
|
|
|
|
def visible_to_or_authored_by(user)
|
|
query = where(visibility_level: Gitlab::VisibilityLevel.levels_for_user(user))
|
|
query.or(where(author_id: user.id))
|
|
end
|
|
|
|
def reference_prefix
|
|
'$'
|
|
end
|
|
|
|
# Pattern used to extract `$123` snippet references from text
|
|
#
|
|
# This pattern supports cross-project references.
|
|
def reference_pattern
|
|
@reference_pattern ||= %r{
|
|
(#{Project.reference_pattern})?
|
|
#{Regexp.escape(reference_prefix)}(?<snippet>\d+)
|
|
}x
|
|
end
|
|
|
|
def link_reference_pattern
|
|
@link_reference_pattern ||= super("snippets", /(?<snippet>\d+)/)
|
|
end
|
|
|
|
def find_by_id_and_project(id:, project:)
|
|
Snippet.find_by(id: id, project: project)
|
|
end
|
|
|
|
def find_by_project_title_trunc_created_at(project, title, created_at)
|
|
where(project: project, title: title)
|
|
.find_by(
|
|
"date_trunc('second', created_at at time zone :tz) at time zone :tz = :created_at",
|
|
tz: created_at.zone, created_at: created_at)
|
|
end
|
|
|
|
def max_file_limit
|
|
MAX_FILE_COUNT
|
|
end
|
|
end
|
|
|
|
def initialize(attributes = {})
|
|
# We can't use default_value_for because the database has a default
|
|
# value of 0 for visibility_level. If someone attempts to create a
|
|
# private snippet, default_value_for will assume that the
|
|
# visibility_level hasn't changed and will use the application
|
|
# setting default, which could be internal or public.
|
|
#
|
|
# To fix the problem, we assign the actual snippet default if no
|
|
# explicit visibility has been initialized.
|
|
attributes ||= {}
|
|
|
|
unless visibility_attribute_present?(attributes)
|
|
attributes[:visibility_level] = Gitlab::CurrentSettings.default_snippet_visibility
|
|
end
|
|
|
|
super
|
|
end
|
|
|
|
def to_reference(from = nil, full: false)
|
|
reference = "#{self.class.reference_prefix}#{id}"
|
|
|
|
if project.present?
|
|
"#{project.to_reference_base(from, full: full)}#{reference}"
|
|
else
|
|
reference
|
|
end
|
|
end
|
|
|
|
def all_files
|
|
list_files(default_branch)
|
|
end
|
|
|
|
def blob
|
|
@blob ||= Blob.decorate(SnippetBlob.new(self), self)
|
|
end
|
|
|
|
def blobs(paths = [])
|
|
return [] unless repository_exists?
|
|
|
|
paths = all_files if paths.empty?
|
|
items = paths.map { |path| [default_branch, path] }
|
|
|
|
repository.blobs_at(items).compact
|
|
end
|
|
|
|
def hook_attrs
|
|
attributes
|
|
end
|
|
|
|
def file_name
|
|
super.to_s
|
|
end
|
|
|
|
def visibility_level_field
|
|
:visibility_level
|
|
end
|
|
|
|
def embeddable?
|
|
Ability.allowed?(nil, :read_snippet, self)
|
|
end
|
|
|
|
def notes_with_associations
|
|
notes.includes(:author)
|
|
end
|
|
|
|
def check_for_spam?(user:)
|
|
visibility_level_changed?(to: Snippet::PUBLIC) ||
|
|
(public? && (title_changed? || content_changed?))
|
|
end
|
|
|
|
# snippets are the biggest sources of spam
|
|
override :allow_possible_spam?
|
|
def allow_possible_spam?
|
|
false
|
|
end
|
|
|
|
def spammable_entity_type
|
|
'snippet'
|
|
end
|
|
|
|
def to_ability_name
|
|
'snippet'
|
|
end
|
|
|
|
def valid_secret_token?(token)
|
|
return false unless token && secret_token
|
|
|
|
ActiveSupport::SecurityUtils.secure_compare(token.to_s, secret_token.to_s)
|
|
end
|
|
|
|
def as_json(options = {})
|
|
options[:except] = Array.wrap(options[:except])
|
|
options[:except] << :secret_token
|
|
|
|
super
|
|
end
|
|
|
|
override :repository
|
|
def repository
|
|
@repository ||= Gitlab::GlRepository::SNIPPET.repository_for(self)
|
|
end
|
|
|
|
override :repository_size_checker
|
|
def repository_size_checker
|
|
strong_memoize(:repository_size_checker) do
|
|
::Gitlab::RepositorySizeChecker.new(
|
|
current_size_proc: -> { repository.size.megabytes },
|
|
limit: Gitlab::CurrentSettings.snippet_size_limit,
|
|
namespace: nil
|
|
)
|
|
end
|
|
end
|
|
|
|
override :storage
|
|
def storage
|
|
@storage ||= Storage::Hashed.new(self, prefix: Storage::Hashed::SNIPPET_REPOSITORY_PATH_PREFIX)
|
|
end
|
|
|
|
# This is the full_path used to identify the the snippet repository.
|
|
override :full_path
|
|
def full_path
|
|
return unless persisted?
|
|
|
|
@full_path ||= begin
|
|
components = []
|
|
components << project.full_path if project_id?
|
|
components << 'snippets'
|
|
components << self.id
|
|
components.join('/')
|
|
end
|
|
end
|
|
|
|
override :default_branch
|
|
def default_branch
|
|
super || Gitlab::DefaultBranch.value(object: project)
|
|
end
|
|
|
|
def repository_storage
|
|
snippet_repository&.shard_name || Repository.pick_storage_shard
|
|
end
|
|
|
|
def create_repository
|
|
return if repository_exists? && snippet_repository
|
|
|
|
repository.create_if_not_exists(default_branch)
|
|
track_snippet_repository(repository.storage)
|
|
end
|
|
|
|
def track_snippet_repository(shard)
|
|
snippet_repo = snippet_repository || build_snippet_repository
|
|
snippet_repo.update!(shard_name: shard, disk_path: disk_path)
|
|
end
|
|
|
|
def can_cache_field?(field)
|
|
field != :content || MarkupHelper.gitlab_markdown?(file_name)
|
|
end
|
|
|
|
def hexdigest
|
|
Digest::SHA256.hexdigest("#{title}#{description}#{created_at}#{updated_at}")
|
|
end
|
|
|
|
def file_name_on_repo
|
|
return if repository.empty?
|
|
|
|
list_files(default_branch).first
|
|
end
|
|
|
|
def list_files(ref = nil)
|
|
return [] if repository.empty?
|
|
|
|
repository.ls_files(ref || default_branch)
|
|
end
|
|
|
|
def multiple_files?
|
|
list_files.size > 1
|
|
end
|
|
end
|
|
|
|
Snippet.prepend_mod_with('Snippet')
|