Mise à jour terminée. Pour connaître les apports de la version 13.8.4 par rapport à notre ancienne version vous pouvez lire les "Release Notes" suivantes :
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
https://about.gitlab.com/releases/2021/02/05/gitlab-13-8-3-released/

Commit 8192af9f authored by sebastien letort's avatar sebastien letort

Minor. Page layout, typo corrections in comments.

parent e714a4e6
Pipeline #66337 canceled with stage
import logging
from django.conf import settings
from django.contrib.auth.mixins import UserPassesTestMixin, LoginRequiredMixin
from django.core.exceptions import PermissionDenied
......@@ -7,7 +9,7 @@ from django.shortcuts import redirect
from .models import Job
from .helpers import get_request_user
log = logging.getLogger('allgo')
# FIXME: should we validate API calls with this mixin too ? The answer is not
# obvious because it would not be too good to break the API when the ToS are
......@@ -29,7 +31,6 @@ class AllgoValidAccountMixin:
def dispatch(self, request, *args, **kwargs):
user = request.user
if not user.is_anonymous():
# registered users must have their email validated
if isinstance(self, ProviderAccessMixin):
......@@ -83,7 +84,6 @@ class AllAccessMixin(AllgoValidAccountMixin):
pass
class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
"""Check authorization to access a given job"""
......@@ -91,6 +91,7 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
"""Check if user has access to a job
- redirects to the login page if unauthenticated
---> **What the doc says, not done.** In a browser, json response, in a terminal error 401.
- allow access if user is the job owner or if user is a superuser
"""
user = get_request_user(self.request)
......
......@@ -43,7 +43,7 @@ class BaseModel(models.Model):
This base class overrides .save() to enforce validation of the model
constraints before creating or updating an entry.
The validation is automatically peformed unless `force_insert` or
The validation is automatically performed unless `force_insert` or
`force_update` is true.
see also:
......
......@@ -182,6 +182,7 @@ class WebappList(AllAccessMixin, ListView):
def get_queryset(self):
return query_webapps_for_user(self.request.user).order_by('-created_at')
class UserWebappList(AllAccessMixin, ListView):
"""List of user's webapp
......@@ -361,6 +362,7 @@ def get_rails_webapp_metadata(*, webapp_id=None, docker_name=None):
log.error("webapp import error: failed to get %s (%s)", url, e)
raise
class WebappImport(ProviderAccessMixin, SuccessMessageMixin, FormView):
"""Import a new webapp
......@@ -472,6 +474,7 @@ class WebappImport(ProviderAccessMixin, SuccessMessageMixin, FormView):
self.object = webapp
return super().form_valid(form)
class WebappVersionImport(UserAccessMixin, DetailView):
"""Import version
......@@ -586,6 +589,7 @@ class WebappJson(UserAccessMixin, DetailView):
"sandbox_state": webapp.get_sandbox_state_display(),
})
class WebappSandboxPanel(UserAccessMixin, TemplateView):
"""Create a new sandbox for a given application
......@@ -731,7 +735,6 @@ class WebappSandboxPanel(UserAccessMixin, TemplateView):
# TAGS
# -----------------------------------------------------------------------------
class TagList(AllAccessMixin, ListView):
"""List all available tag along with their number of occurences
......@@ -947,6 +950,7 @@ class UserPasswordUpdate(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
return super(UserPasswordUpdate, self) \
.dispatch(request, *args, **kwargs)
class UserNeedValidation(LoginRequiredMixin, DetailView):
"""This page is displayed when the user has not completed the registration process
......@@ -1227,6 +1231,7 @@ class JobCreate(AllAccessMixin, SuccessMessageMixin, CreateView):
kwargs['webapp'] = queryset
return kwargs
class JobAbort(JobAuthMixin, View):
def post(self, request, *, pk):
job_id = int(pk)
......@@ -1240,8 +1245,6 @@ class JobAbort(JobAuthMixin, View):
messages.error(request, "unable to abort job %s because is not running" % job_id)
return redirect('main:job_detail', job_id)
class JobDelete(JobAuthMixin, DeleteView):
"""Delete a job from the database
......@@ -1302,7 +1305,6 @@ class JobDelete(JobAuthMixin, DeleteView):
return redirect(self.get_success_url())
class JobFileDownload(JobAuthMixin, View):
"""Download a given file"""
......@@ -1469,6 +1471,7 @@ class RunnerUpdate(UserAccessMixin, SuccessMessageMixin, UpdateView):
"allgo/runner", "-", self.object.token, get_base_url(self.request)]
return super().get_context_data(**kwargs)
class RunnerDelete(UserAccessMixin, DeleteView):
"""Delete a runner
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment