project.rb 68 KB
Newer Older
1 2
# frozen_string_literal: true

3 4
require 'carrierwave/orm/activerecord'

gitlabhq's avatar
gitlabhq committed
5
class Project < ActiveRecord::Base
6
  include Gitlab::ConfigHelper
7
  include Gitlab::ShellAdapter
8
  include Gitlab::VisibilityLevel
9
  include AccessRequestable
10
  include Avatarable
11
  include CacheMarkdownField
12 13
  include Referable
  include Sortable
14
  include AfterCommitQueue
15
  include CaseSensitivity
16
  include TokenAuthenticatable
17
  include ValidAttribute
18
  include ProjectFeaturesCompatibility
19
  include SelectForProjectAuthorization
20
  include Presentable
21
  include Routable
22
  include GroupDescendant
23
  include Gitlab::SQL::Pattern
24
  include DeploymentPlatform
25
  include ::Gitlab::Utils::StrongMemoize
26
  include ChronicDurationAttribute
27
  include FastDestroyAll::Helpers
Jan Provaznik's avatar
Jan Provaznik committed
28
  include WithUploads
29
  include BatchDestroyDependentAssociations
30
  include FeatureGate
31
  include OptionallySearch
32
  include FromUnion
33
  include IgnorableColumn
34
  extend Gitlab::Cache::RequestCache
Robert Speicher's avatar
Robert Speicher committed
35

36
  extend Gitlab::ConfigHelper
37

38
  BoardLimitExceeded = Class.new(StandardError)
39

40
  STATISTICS_ATTRIBUTE = 'repositories_count'.freeze
41
  NUMBER_OF_PERMITTED_BOARDS = 1
Douwe Maan's avatar
Douwe Maan committed
42
  UNKNOWN_IMPORT_URL = 'http://unknown.git'.freeze
43 44
  # Hashed Storage versions handle rolling out new storage to project and dependents models:
  # nil: legacy
45 46 47
  # 1: repository
  # 2: attachments
  LATEST_STORAGE_VERSION = 2
48 49 50 51
  HASHED_STORAGE_FEATURES = {
    repository: 1,
    attachments: 2
  }.freeze
Jared Szechy's avatar
Jared Szechy committed
52

53 54 55 56 57
  VALID_IMPORT_PORTS = [80, 443].freeze
  VALID_IMPORT_PROTOCOLS = %w(http https git).freeze

  VALID_MIRROR_PORTS = [22, 80, 443].freeze
  VALID_MIRROR_PROTOCOLS = %w(http https ssh git).freeze
58

59 60
  ignore_column :import_status, :import_jid, :import_error

61 62
  cache_markdown_field :description, pipeline: :description

63
  delegate :feature_available?, :builds_enabled?, :wiki_enabled?,
64 65
           :merge_requests_enabled?, :issues_enabled?, :pages_enabled?, :public_pages?,
           to: :project_feature, allow_nil: true
66

67
  delegate :base_dir, :disk_path, :ensure_storage_path_exists, to: :storage
68

69 70 71 72 73 74
  delegate :scheduled?, :started?, :in_progress?,
    :failed?, :finished?,
    prefix: :import, to: :import_state, allow_nil: true

  delegate :no_import?, to: :import_state, allow_nil: true

75
  default_value_for :archived, false
76
  default_value_for(:visibility_level) { Gitlab::CurrentSettings.default_project_visibility }
77
  default_value_for :resolve_outdated_diff_discussions, false
78
  default_value_for :container_registry_enabled, gitlab_config_features.container_registry
79 80
  default_value_for(:repository_storage) { Gitlab::CurrentSettings.pick_repository_storage }
  default_value_for(:shared_runners_enabled) { Gitlab::CurrentSettings.shared_runners_enabled }
81 82 83 84 85
  default_value_for :issues_enabled, gitlab_config_features.issues
  default_value_for :merge_requests_enabled, gitlab_config_features.merge_requests
  default_value_for :builds_enabled, gitlab_config_features.builds
  default_value_for :wiki_enabled, gitlab_config_features.wiki
  default_value_for :snippets_enabled, gitlab_config_features.snippets
86
  default_value_for :only_allow_merge_if_all_discussions_are_resolved, false
87

88
  add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
89

90
  before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? }
91

92
  before_save :ensure_runners_token
93

94
  after_save :update_project_statistics, if: :namespace_id_changed?
95 96 97

  after_save :create_import_state, if: ->(project) { project.import? && project.import_state.nil? }

98
  after_create :create_project_feature, unless: :project_feature
99 100 101 102 103

  after_create :create_ci_cd_settings,
    unless: :ci_cd_settings,
    if: proc { ProjectCiCdSetting.available? }

Mark Chao's avatar
Mark Chao committed
104
  after_create :set_timestamps_for_create
105
  after_update :update_forks_visibility_level
106

107
  before_destroy :remove_private_deploy_keys
108

109
  use_fast_destroy :build_trace_chunks
110

111
  after_destroy -> { run_after_commit { remove_pages } }
112
  after_destroy :remove_exports
Kamil Trzcinski's avatar
Kamil Trzcinski committed
113

114 115
  after_validation :check_pending_delete

116
  # Storage specific hooks
117
  after_initialize :use_hashed_storage
118
  after_create :check_repository_absence!
119 120
  after_create :ensure_storage_path_exists
  after_save :ensure_storage_path_exists, if: :namespace_id_changed?
121

122
  acts_as_ordered_taggable
123

124
  attr_accessor :old_path_with_namespace
125
  attr_accessor :template_name
126
  attr_writer :pipeline_status
127
  attr_accessor :skip_disk_validation
128

129 130
  alias_attribute :title, :name

131
  # Relations
132
  belongs_to :pool_repository
133
  belongs_to :creator, class_name: 'User'
134
  belongs_to :group, -> { where(type: 'Group') }, foreign_key: 'namespace_id'
135
  belongs_to :namespace
136 137
  alias_method :parent, :namespace
  alias_attribute :parent_id, :namespace_id
138

139
  has_one :last_event, -> {order 'events.created_at DESC'}, class_name: 'Event'
140
  has_many :boards, before_add: :validate_board_limit
141

142
  # Project services
143
  has_one :campfire_service
blackst0ne's avatar
blackst0ne committed
144
  has_one :discord_service
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
  has_one :drone_ci_service
  has_one :emails_on_push_service
  has_one :pipelines_email_service
  has_one :irker_service
  has_one :pivotaltracker_service
  has_one :flowdock_service
  has_one :assembla_service
  has_one :asana_service
  has_one :mattermost_slash_commands_service
  has_one :mattermost_service
  has_one :slack_slash_commands_service
  has_one :slack_service
  has_one :buildkite_service
  has_one :bamboo_service
  has_one :teamcity_service
  has_one :pushover_service
  has_one :jira_service
  has_one :redmine_service
Yauhen Kotau's avatar
Yauhen Kotau committed
163
  has_one :youtrack_service
164 165 166 167 168 169 170 171 172 173
  has_one :custom_issue_tracker_service
  has_one :bugzilla_service
  has_one :gitlab_issue_tracker_service, inverse_of: :project
  has_one :external_wiki_service
  has_one :kubernetes_service, inverse_of: :project
  has_one :prometheus_service, inverse_of: :project
  has_one :mock_ci_service
  has_one :mock_deployment_service
  has_one :mock_monitoring_service
  has_one :microsoft_teams_service
Matt Coleman's avatar
Matt Coleman committed
174
  has_one :packagist_service
175
  has_one :hangouts_chat_service
176

177 178 179 180 181
  has_one :root_of_fork_network,
          foreign_key: 'root_project_id',
          inverse_of: :root_project,
          class_name: 'ForkNetwork'
  has_one :fork_network_member
182
  has_one :fork_network, through: :fork_network_member
183 184 185
  has_one :forked_from_project, through: :fork_network_member
  has_many :forked_to_members, class_name: 'ForkNetworkMember', foreign_key: 'forked_from_project_id'
  has_many :forks, through: :forked_to_members, source: :project, inverse_of: :forked_from_project
186

187
  has_one :import_state, autosave: true, class_name: 'ProjectImportState', inverse_of: :project
188
  has_one :import_export_upload, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
189
  has_one :project_repository, inverse_of: :project
190
  has_one :error_tracking_setting, inverse_of: :project, class_name: 'ErrorTracking::ProjectErrorTrackingSetting'
191

192
  # Merge Requests for target project should be removed with it
193
  has_many :merge_requests, foreign_key: 'target_project_id', inverse_of: :target_project
194
  has_many :source_of_merge_requests, foreign_key: 'source_project_id', class_name: 'MergeRequest'
195 196 197 198 199 200 201 202 203 204
  has_many :issues
  has_many :labels, class_name: 'ProjectLabel'
  has_many :services
  has_many :events
  has_many :milestones
  has_many :notes
  has_many :snippets, class_name: 'ProjectSnippet'
  has_many :hooks, class_name: 'ProjectHook'
  has_many :protected_branches
  has_many :protected_tags
205
  has_many :repository_languages, -> { order "share DESC" }
206

207
  has_many :project_authorizations
208
  has_many :authorized_users, through: :project_authorizations, source: :user, class_name: 'User'
209
  has_many :project_members, -> { where(requested_at: nil) },
210
    as: :source, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
211

212
  alias_method :members, :project_members
213
  has_many :users, through: :project_members
214

215
  has_many :requesters, -> { where.not(requested_at: nil) },
216
    as: :source, class_name: 'ProjectMember', dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
217
  has_many :members_and_requesters, as: :source, class_name: 'ProjectMember'
218

219
  has_many :deploy_keys_projects
220
  has_many :deploy_keys, through: :deploy_keys_projects
221
  has_many :users_star_projects
222
  has_many :starrers, through: :users_star_projects, source: :user
223
  has_many :releases
224
  has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
225
  has_many :lfs_objects, through: :lfs_objects_projects
226
  has_many :lfs_file_locks
227
  has_many :project_group_links
228
  has_many :invited_groups, through: :project_group_links, source: :group
229 230
  has_many :pages_domains
  has_many :todos
231
  has_many :notification_settings, as: :source, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
232

233 234
  has_many :internal_ids

235
  has_one :import_data, class_name: 'ProjectImportData', inverse_of: :project, autosave: true
236
  has_one :project_feature, inverse_of: :project
237
  has_one :statistics, class_name: 'ProjectStatistics'
238

Shinya Maeda's avatar
Shinya Maeda committed
239
  has_one :cluster_project, class_name: 'Clusters::Project'
240
  has_many :clusters, through: :cluster_project, class_name: 'Clusters::Cluster'
241
  has_many :cluster_ingresses, through: :clusters, source: :application_ingress, class_name: 'Clusters::Applications::Ingress'
242
  has_many :kubernetes_namespaces, class_name: 'Clusters::KubernetesNamespace'
243

244 245
  has_many :prometheus_metrics

246 247 248
  # Container repositories need to remove data from the container registry,
  # which is not managed by the DB. Hence we're still using dependent: :destroy
  # here.
249
  has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
250

251
  has_many :commit_statuses
252
  # The relation :all_pipelines is intended to be used when we want to get the
253 254
  # whole list of pipelines associated to the project
  has_many :all_pipelines, class_name: 'Ci::Pipeline', inverse_of: :project
255
  # The relation :ci_pipelines is intended to be used when we want to get only
256 257 258 259
  # those pipeline which are directly related to CI. There are
  # other pipelines, like webide ones, that we won't retrieve
  # if we use this relation.
  has_many :ci_pipelines,
260
          -> { ci_sources },
261 262
          class_name: 'Ci::Pipeline',
          inverse_of: :project
263
  has_many :stages, class_name: 'Ci::Stage', inverse_of: :project
264 265 266 267 268

  # Ci::Build objects store data on the file system such as artifact files and
  # build traces. Currently there's no efficient way of removing this data in
  # bulk that doesn't involve loading the rows into memory. As a result we're
  # still using `dependent: :destroy` here.
269
  has_many :builds, class_name: 'Ci::Build', inverse_of: :project, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
270
  has_many :build_trace_section_names, class_name: 'Ci::BuildTraceSectionName'
271
  has_many :build_trace_chunks, class_name: 'Ci::BuildTraceChunk', through: :builds, source: :trace_chunks
272
  has_many :runner_projects, class_name: 'Ci::RunnerProject', inverse_of: :project
273
  has_many :runners, through: :runner_projects, source: :runner, class_name: 'Ci::Runner'
274
  has_many :variables, class_name: 'Ci::Variable'
275 276
  has_many :triggers, class_name: 'Ci::Trigger'
  has_many :environments
277
  has_many :deployments, -> { success }
278
  has_many :pipeline_schedules, class_name: 'Ci::PipelineSchedule'
Mayra Cabrera's avatar
Mayra Cabrera committed
279
  has_many :project_deploy_tokens
280
  has_many :deploy_tokens, through: :project_deploy_tokens
281

282
  has_one :auto_devops, class_name: 'ProjectAutoDevops'
283
  has_many :custom_attributes, class_name: 'ProjectCustomAttribute'
284

285
  has_many :project_badges, class_name: 'ProjectBadge'
286
  has_one :ci_cd_settings, class_name: 'ProjectCiCdSetting', inverse_of: :project, autosave: true, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
287

288 289
  has_many :remote_mirrors, inverse_of: :project

290
  accepts_nested_attributes_for :variables, allow_destroy: true
291
  accepts_nested_attributes_for :project_feature, update_only: true
292
  accepts_nested_attributes_for :import_data
293
  accepts_nested_attributes_for :auto_devops, update_only: true
294

295 296 297 298
  accepts_nested_attributes_for :remote_mirrors,
                                allow_destroy: true,
                                reject_if: ->(attrs) { attrs[:id].blank? && attrs[:url].blank? }

299 300
  accepts_nested_attributes_for :error_tracking_setting, update_only: true

301
  delegate :name, to: :owner, allow_nil: true, prefix: true
302
  delegate :members, to: :team, prefix: true
303
  delegate :add_user, :add_users, to: :team
304 305
  delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team
  delegate :add_master, to: :team # @deprecated
306
  delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings
307 308
  delegate :group_clusters_enabled?, to: :group, allow_nil: true
  delegate :root_ancestor, to: :namespace, allow_nil: true
309
  delegate :last_pipeline, to: :commit, allow_nil: true
310

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
311
  # Validations
312
  validates :creator, presence: true, on: :create
313
  validates :description, length: { maximum: 2000 }, allow_blank: true
314
  validates :ci_config_path,
315
    format: { without: %r{(\.{2}|\A/)},
316
              message: 'cannot include leading slash or directory traversal.' },
317 318
    length: { maximum: 255 },
    allow_blank: true
319 320
  validates :name,
    presence: true,
321
    length: { maximum: 255 },
322
    format: { with: Gitlab::Regex.project_name_regex,
Douwe Maan's avatar
Douwe Maan committed
323
              message: Gitlab::Regex.project_name_regex_message }
324 325
  validates :path,
    presence: true,
326
    project_path: true,
327
    length: { maximum: 255 }
328

329
  validates :namespace, presence: true
Douwe Maan's avatar
Douwe Maan committed
330
  validates :name, uniqueness: { scope: :namespace_id }
331 332 333
  validates :import_url, public_url: { protocols: ->(project) { project.persisted? ? VALID_MIRROR_PROTOCOLS : VALID_IMPORT_PROTOCOLS },
                                       ports: ->(project) { project.persisted? ? VALID_MIRROR_PORTS : VALID_IMPORT_PORTS },
                                       enforce_user: true }, if: [:external_import?, :import_url_changed?]
334
  validates :star_count, numericality: { greater_than_or_equal_to: 0 }
335
  validate :check_personal_projects_limit, on: :create
336
  validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? }
337 338
  validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) }
  validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) }
339
  validate :check_wiki_path_conflict
Rob Watson's avatar
Rob Watson committed
340
  validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) }
341 342 343
  validates :repository_storage,
    presence: true,
    inclusion: { in: ->(_object) { Gitlab.config.repositories.storages.keys } }
344
  validates :variables, variable_duplicates: { scope: :environment_scope }
345
  validates :bfg_object_map, file_size: { maximum: :max_attachment_size }
346

347
  # Scopes
348
  scope :pending_delete, -> { where(pending_delete: true) }
349
  scope :without_deleted, -> { where(pending_delete: false) }
350

351 352 353
  scope :with_storage_feature, ->(feature) { where('storage_version >= :version', version: HASHED_STORAGE_FEATURES[feature]) }
  scope :without_storage_feature, ->(feature) { where('storage_version < :version OR storage_version IS NULL', version: HASHED_STORAGE_FEATURES[feature]) }
  scope :with_unmigrated_storage, -> { where('storage_version < :version OR storage_version IS NULL', version: LATEST_STORAGE_VERSION) }
354

355 356
  # last_activity_at is throttled every minute, but last_repository_updated_at is updated with every push
  scope :sorted_by_activity, -> { reorder("GREATEST(COALESCE(last_activity_at, '1970-01-01'), COALESCE(last_repository_updated_at, '1970-01-01')) DESC") }
357
  scope :sorted_by_stars, -> { reorder(star_count: :desc) }
358

359
  scope :in_namespace, ->(namespace_ids) { where(namespace_id: namespace_ids) }
360
  scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
361
  scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) }
Toon Claes's avatar
Toon Claes committed
362
  scope :starred_by, ->(user) { joins(:users_star_projects).where('users_star_projects.user_id': user.id) }
363
  scope :visible_to_user, ->(user) { where(id: user.authorized_projects.select(:id).reorder(nil)) }
364
  scope :visible_to_user_and_access_level, ->(user, access_level) { where(id: user.authorized_projects.where('project_authorizations.access_level >= ?', access_level).select(:id).reorder(nil)) }
365
  scope :archived, -> { where(archived: true) }
366
  scope :non_archived, -> { where(archived: false) }
367
  scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct }
368
  scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) }
369
  scope :with_project_feature, -> { joins('LEFT JOIN project_features ON projects.id = project_features.project_id') }
Markus Koller's avatar
Markus Koller committed
370
  scope :with_statistics, -> { includes(:statistics) }
371
  scope :with_shared_runners, -> { where(shared_runners_enabled: true) }
372 373 374
  scope :inside_path, ->(path) do
    # We need routes alias rs for JOIN so it does not conflict with
    # includes(:route) which we use in ProjectsFinder.
375 376
    joins("INNER JOIN routes rs ON rs.source_id = projects.id AND rs.source_type = 'Project'")
      .where('rs.path LIKE ?', "#{sanitize_sql_like(path)}/%")
377
  end
378 379 380

  # "enabled" here means "not disabled". It includes private features!
  scope :with_feature_enabled, ->(feature) {
381 382 383 384
    access_level_attribute = ProjectFeature.arel_table[ProjectFeature.access_level_attribute(feature)]
    enabled_feature = access_level_attribute.gt(ProjectFeature::DISABLED).or(access_level_attribute.eq(nil))

    with_project_feature.where(enabled_feature)
385 386 387 388 389 390 391 392
  }

  # Picks a feature where the level is exactly that given.
  scope :with_feature_access_level, ->(feature, level) {
    access_level_attribute = ProjectFeature.access_level_attribute(feature)
    with_project_feature.where(project_features: { access_level_attribute => level })
  }

393 394 395 396 397 398 399 400 401 402
  # Picks projects which use the given programming language
  scope :with_programming_language, ->(language_name) do
    lang_id_query = ProgrammingLanguage
        .with_name_case_insensitive(language_name)
        .select(:id)

    joins(:repository_languages)
        .where(repository_languages: { programming_language_id: lang_id_query })
  end

403 404
  scope :with_builds_enabled, -> { with_feature_enabled(:builds) }
  scope :with_issues_enabled, -> { with_feature_enabled(:issues) }
405
  scope :with_issues_available_for_user, ->(current_user) { with_feature_available_for_user(:issues, current_user) }
406
  scope :with_merge_requests_enabled, -> { with_feature_enabled(:merge_requests) }
407
  scope :with_remote_mirrors, -> { joins(:remote_mirrors).where(remote_mirrors: { enabled: true }).distinct }
408

409 410 411 412 413
  scope :with_group_runners_enabled, -> do
    joins(:ci_cd_settings)
    .where(project_ci_cd_settings: { group_runners_enabled: true })
  end

414 415 416 417 418 419
  scope :missing_kubernetes_namespace, -> (kubernetes_namespaces) do
    subquery = kubernetes_namespaces.select('1').where('clusters_kubernetes_namespaces.project_id = projects.id')

    where('NOT EXISTS (?)', subquery)
  end

420
  enum auto_cancel_pending_pipelines: { disabled: 0, enabled: 1 }
421

422 423
  chronic_duration_attr :build_timeout_human_readable, :build_timeout,
    default: 3600, error_message: 'Maximum job timeout has a value which could not be accepted'
424 425

  validates :build_timeout, allow_nil: true,
426 427 428 429
                            numericality: { greater_than_or_equal_to: 10.minutes,
                                            less_than: 1.month,
                                            only_integer: true,
                                            message: 'needs to be beetween 10 minutes and 1 month' }
430

431 432 433
  # Used by Projects::CleanupService to hold a map of rewritten object IDs
  mount_uploader :bfg_object_map, AttachmentUploader

434 435 436 437 438 439 440
  # Returns a project, if it is not about to be removed.
  #
  # id - The ID of the project to retrieve.
  def self.find_without_deleted(id)
    without_deleted.find_by_id(id)
  end

441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460
  # Paginates a collection using a `WHERE id < ?` condition.
  #
  # before - A project ID to use for filtering out projects with an equal or
  #      greater ID. If no ID is given, all projects are included.
  #
  # limit - The maximum number of rows to include.
  def self.paginate_in_descending_order_using_id(
    before: nil,
    limit: Kaminari.config.default_per_page
  )
    relation = order_id_desc.limit(limit)
    relation = relation.where('projects.id < ?', before) if before

    relation
  end

  def self.eager_load_namespace_and_owner
    includes(namespace: :owner)
  end

461 462
  # Returns a collection of projects that is either public or visible to the
  # logged in user.
463 464
  def self.public_or_visible_to_user(user = nil)
    if user
465 466 467
      where('EXISTS (?) OR projects.visibility_level IN (?)',
            user.authorizations_for_projects,
            Gitlab::VisibilityLevel.levels_for_user(user))
468
    else
469
      public_to_user
470 471 472
    end
  end

473
  # project features may be "disabled", "internal", "enabled" or "public". If "internal",
474
  # they are only available to team members. This scope returns projects where
475
  # the feature is either public, enabled, or internal with permission for the user.
476 477 478 479
  #
  # This method uses an optimised version of `with_feature_access_level` for
  # logged in users to more efficiently get private projects with the given
  # feature.
480
  def self.with_feature_available_for_user(feature, user)
481 482
    visible = [ProjectFeature::ENABLED, ProjectFeature::PUBLIC]
    min_access_level = ProjectFeature.required_minimum_access_level(feature)
483 484 485 486 487 488

    if user&.admin?
      with_feature_enabled(feature)
    elsif user
      column = ProjectFeature.quoted_access_level_column(feature)

489
      with_project_feature
490 491 492 493 494 495 496 497 498
        .where(
          "(projects.visibility_level > :private AND (#{column} IS NULL OR #{column} >= (:public_visible) OR (#{column} = :private_visible AND EXISTS(:authorizations))))"\
          " OR (projects.visibility_level = :private AND (#{column} IS NULL OR #{column} >= :private_visible) AND EXISTS(:authorizations))",
          {
            private: Gitlab::VisibilityLevel::PRIVATE,
            public_visible: ProjectFeature::ENABLED,
            private_visible: ProjectFeature::PRIVATE,
            authorizations: user.authorizations_for_projects(min_access_level: min_access_level)
          })
499 500 501
    else
      with_feature_access_level(feature, visible)
    end
502
  end
503

504 505
  scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
  scope :abandoned, -> { where('projects.last_activity_at < ?', 6.months.ago) }
506

507 508
  scope :excluding_project, ->(project) { where.not(id: project) }

509 510
  # We require an alias to the project_mirror_data_table in order to use import_state in our queries
  scope :joins_import_state, -> { joins("INNER JOIN project_mirror_data import_state ON import_state.project_id = projects.id") }
511
  scope :for_group, -> (group) { where(group: group) }
512

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
513
  class << self
514 515 516 517 518 519 520
    # Searches for a list of projects based on the query given in `query`.
    #
    # On PostgreSQL this method uses "ILIKE" to perform a case-insensitive
    # search. On MySQL a regular "LIKE" is used as it's already
    # case-insensitive.
    #
    # query - The search query as a String.
521
    def search(query)
522
      fuzzy_search(query, [:path, :name, :description])
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
523
    end
524

525
    def search_by_title(query)
526
      non_archived.fuzzy_search(query, [:name])
527 528
    end

529 530 531
    def visibility_levels
      Gitlab::VisibilityLevel.options
    end
532

533
    def sort_by_attribute(method)
534 535
      case method.to_s
      when 'storage_size_desc'
Markus Koller's avatar
Markus Koller committed
536 537 538
        # storage_size is a joined column so we need to
        # pass a string to avoid AR adding the table name
        reorder('project_statistics.storage_size DESC, projects.id DESC')
539 540 541 542
      when 'latest_activity_desc'
        reorder(last_activity_at: :desc)
      when 'latest_activity_asc'
        reorder(last_activity_at: :asc)
543 544
      when 'stars_desc'
        sorted_by_stars
545 546
      else
        order_by(method)
547 548
      end
    end
549 550

    def reference_pattern
551
      %r{
552
        (?<!#{Gitlab::PathRegex::PATH_START_CHAR})
553 554
        ((?<namespace>#{Gitlab::PathRegex::FULL_NAMESPACE_FORMAT_REGEX})\/)?
        (?<project>#{Gitlab::PathRegex::PROJECT_PATH_FORMAT_REGEX})
555
      }x
556
    end
557

558 559 560 561
    def reference_postfix
      '>'
    end

562 563 564 565
    def reference_postfix_escaped
      '&gt;'
    end

566
    # Pattern used to extract `namespace/project>` project references from text.
567 568
    # '>' or its escaped form ('&gt;') are checked for because '>' is sometimes escaped
    # when the reference comes from an external source.
569 570 571
    def markdown_reference_pattern
      %r{
        #{reference_pattern}
572
        (#{reference_postfix}|#{reference_postfix_escaped})
573 574 575
      }x
    end

576
    def trending
577 578
      joins('INNER JOIN trending_projects ON projects.id = trending_projects.project_id')
        .reorder('trending_projects.id ASC')
579
    end
580 581 582 583 584 585

    def cached_count
      Rails.cache.fetch('total_project_count', expires_in: 5.minutes) do
        Project.count
      end
    end
586 587

    def group_ids
588
      joins(:namespace).where(namespaces: { type: 'Group' }).select(:namespace_id)
589
    end
590 591
  end

592 593 594 595 596 597 598 599
  def all_pipelines
    if builds_enabled?
      super
    else
      super.external
    end
  end

600 601 602 603 604 605 606 607
  def ci_pipelines
    if builds_enabled?
      super
    else
      super.external
    end
  end

608 609
  # returns all ancestor-groups upto but excluding the given namespace
  # when no namespace is given, all ancestors upto the top are returned
610
  def ancestors_upto(top = nil, hierarchy_order: nil)
611
    Gitlab::ObjectHierarchy.new(Group.where(id: namespace_id))
612
      .base_and_ancestors(upto: top, hierarchy_order: hierarchy_order)
613 614
  end

615 616
  alias_method :ancestors, :ancestors_upto

617
  def lfs_enabled?
618
    return namespace.lfs_enabled? if self[:lfs_enabled].nil?
Patricio Cano's avatar
Patricio Cano committed
619

620
    self[:lfs_enabled] && Gitlab.config.lfs.enabled
621 622
  end

623 624
  alias_method :lfs_enabled, :lfs_enabled?

625
  def auto_devops_enabled?
626
    if auto_devops&.enabled.nil?
627
      has_auto_devops_implicitly_enabled?
628 629
    else
      auto_devops.enabled?
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
630
    end
631 632
  end

633
  def has_auto_devops_implicitly_enabled?
634 635
    auto_devops&.enabled.nil? &&
      (Gitlab::CurrentSettings.auto_devops_enabled? || Feature.enabled?(:force_autodevops_on_by_default, self))
636 637
  end

638
  def has_auto_devops_implicitly_disabled?
639
    auto_devops&.enabled.nil? && !(Gitlab::CurrentSettings.auto_devops_enabled? || Feature.enabled?(:force_autodevops_on_by_default, self))
640 641
  end

642 643 644 645
  def daily_statistics_enabled?
    Feature.enabled?(:project_daily_statistics, self, default_enabled: true)
  end

646 647 648 649
  def empty_repo?
    repository.empty?
  end

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
650
  def team
651
    @team ||= ProjectTeam.new(self)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
652 653 654
  end

  def repository
655
    @repository ||= Repository.new(full_path, self, disk_path: disk_path)
656 657
  end

658
  def cleanup
659 660 661
    @repository = nil
  end

662 663
  alias_method :reload_repository!, :cleanup

664
  def container_registry_url
Kamil Trzcinski's avatar
Kamil Trzcinski committed
665
    if Gitlab.config.registry.enabled
666
      "#{Gitlab.config.registry.host_port}/#{full_path.downcase}"
667
    end
668 669
  end

670
  def has_container_registry_tags?
671 672 673
    return @images if defined?(@images)

    @images = container_repositories.to_a.any?(&:has_tags?) ||
674
      has_root_container_repository_tags?
675 676
  end

677 678
  def commit(ref = 'HEAD')
    repository.commit(ref)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
679 680
  end

681 682 683 684
  def commit_by(oid:)
    repository.commit_by(oid: oid)
  end

685 686 687 688
  def commits_by(oids:)
    repository.commits_by(oids: oids)
  end

689
  # ref can't be HEAD, can only be branch/tag name or SHA
690
  def latest_successful_build_for(job_name, ref = default_branch)
691
    latest_pipeline = ci_pipelines.latest_successful_for(ref)
692
    return unless latest_pipeline
693

694
    latest_pipeline.builds.latest.with_artifacts_archive.find_by(name: job_name)
695 696
  end

697
  def latest_successful_build_for!(job_name, ref = default_branch)
698 699 700
    latest_successful_build_for(job_name, ref) || raise(ActiveRecord::RecordNotFound.new("Couldn't find job #{job_name}"))
  end

701
  def merge_base_commit(first_commit_id, second_commit_id)
Douwe Maan's avatar
Douwe Maan committed
702
    sha = repository.merge_base(first_commit_id, second_commit_id)
703
    commit_by(oid: sha) if sha
704 705
  end

706
  def saved?
707
    id && persisted?
708 709
  end

710 711 712 713 714 715 716 717
  def import_status
    import_state&.status || 'none'
  end

  def human_import_status_name
    import_state&.human_status_name || 'none'
  end

718
  def add_import_job
Douwe Maan's avatar
Douwe Maan committed
719 720
    job_id =
      if forked?
721
        RepositoryForkWorker.perform_async(id)
722
      elsif gitlab_project_import?
James Lopez's avatar
James Lopez committed
723
        # Do not retry on Import/Export until https://gitlab.com/gitlab-org/gitlab-ce/issues/26189 is solved.
724
        RepositoryImportWorker.set(retry: false).perform_async(self.id)
Douwe Maan's avatar
Douwe Maan committed
725 726 727
      else
        RepositoryImportWorker.perform_async(self.id)
      end
728

729 730 731 732 733 734 735 736
    log_import_activity(job_id)

    job_id
  end

  def log_import_activity(job_id, type: :import)
    job_type = type.to_s.capitalize

737
    if job_id
738
      Rails.logger.info("#{job_type} job scheduled for #{full_path} with job ID #{job_id}.")
739
    else
740
      Rails.logger.error("#{job_type} job failed to create for #{full_path}.")
741
    end
742 743
  end

744 745 746 747 748
  def reset_cache_and_import_attrs
    run_after_commit do
      ProjectCacheWorker.perform_async(self.id)
    end

749
    import_state.update(last_error: nil)
750 751 752
    remove_import_data
  end

753
  # This method is overridden in EE::Project model
754
  def remove_import_data
755
    import_data&.destroy
756 757
  end

758
  def ci_config_path=(value)
759
    # Strip all leading slashes so that //foo -> foo
760
    super(value&.delete("\0"))
761 762
  end

763
  def import_url=(value)
764 765 766 767 768 769 770
    if Gitlab::UrlSanitizer.valid?(value)
      import_url = Gitlab::UrlSanitizer.new(value)
      super(import_url.sanitized_url)
      create_or_update_import_data(credentials: import_url.credentials)
    else
      super(value)
    end
771 772 773
  end

  def import_url
James Lopez's avatar
James Lopez committed
774
    if import_data && super.present?
775
      import_url = Gitlab::UrlSanitizer.new(super, credentials: import_data.credentials)
James Lopez's avatar
James Lopez committed
776 777 778
      import_url.full_url
    else
      super
779
    end
780 781
  rescue
    super
782
  end
783

James Lopez's avatar
James Lopez committed
784
  def valid_import_url?
785
    valid?(:import_url) || errors.messages[:import_url].nil?
James Lopez's avatar
James Lopez committed
786 787
  end

788
  def create_or_update_import_data(data: nil, credentials: nil)
789
    return if data.nil? && credentials.nil?
790

James Lopez's avatar
James Lopez committed
791
    project_import_data = import_data || build_import_data
792

793 794
    project_import_data.merge_data(data.to_h)
    project_import_data.merge_credentials(credentials.to_h)
795 796

    project_import_data
797
  end
798

799
  def import?
800
    external_import? || forked? || gitlab_project_import? || bare_repository_import?
801 802 803
  end

  def external_import?
804 805 806
    import_url.present?
  end

807
  def safe_import_url
808
    Gitlab::UrlSanitizer.new(import_url).masked_url
809 810
  end

811 812 813 814
  def bare_repository_import?
    import_type == 'bare_repository'
  end

815 816 817 818
  def gitlab_project_import?
    import_type == 'gitlab_project'
  end

Rémy Coutable's avatar
Rémy Coutable committed
819 820 821 822
  def gitea_import?
    import_type == 'gitea'
  end

823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853
  def has_remote_mirror?
    remote_mirror_available? && remote_mirrors.enabled.exists?
  end

  def updating_remote_mirror?
    remote_mirrors.enabled.started.exists?
  end

  def update_remote_mirrors
    return unless remote_mirror_available?

    remote_mirrors.enabled.each(&:sync)
  end

  def mark_stuck_remote_mirrors_as_failed!
    remote_mirrors.stuck.update_all(
      update_status: :failed,
      last_error: 'The remote mirror took to long to complete.',
      last_update_at: Time.now
    )
  end

  def mark_remote_mirrors_for_removal
    remote_mirrors.each(&:mark_for_delete_if_blank_url)
  end

  def remote_mirror_available?
    remote_mirror_available_overridden ||
      ::Gitlab::CurrentSettings.mirror_available
  end

854 855 856 857 858 859
  def check_personal_projects_limit
    # Since this method is called as validation hook, `creator` might not be
    # present. Since the validation for that will fail, we can just return
    # early.
    return if !creator || creator.can_create_project? ||
        namespace.kind == 'group'
860

861 862 863 864
    limit = creator.projects_limit
    error =
      if limit.zero?
        _('Personal project creation is not allowed. Please contact your administrator with questions')
865
      else
866
        _('Your project limit is %{limit} projects! Please contact your administrator to increase it')
867
      end
868 869

    self.errors.add(:limit_reached, error % { limit: limit })
gitlabhq's avatar
gitlabhq committed
870 871
  end

Douwe Maan's avatar
Douwe Maan committed
872 873 874 875 876 877 878 879 880 881 882 883 884
  def visibility_level_allowed_by_group
    return if visibility_level_allowed_by_group?

    level_name = Gitlab::VisibilityLevel.level_name(self.visibility_level).downcase
    group_level_name = Gitlab::VisibilityLevel.level_name(self.group.visibility_level).downcase
    self.errors.add(:visibility_level, "#{level_name} is not allowed in a #{group_level_name} group.")
  end

  def visibility_level_allowed_as_fork
    return if visibility_level_allowed_as_fork?

    level_name = Gitlab::VisibilityLevel.level_name(self.visibility_level).downcase
    self.errors.add(:visibility_level, "#{level_name} is not allowed since the fork source project has lower visibility.")
885 886
  end

887 888 889 890 891 892 893 894 895 896
  def check_wiki_path_conflict
    return if path.blank?

    path_to_check = path.ends_with?('.wiki') ? path.chomp('.wiki') : "#{path}.wiki"

    if Project.where(namespace_id: namespace_id, path: path_to_check).exists?
      errors.add(:name, 'has already been taken')
    end
  end

Rob Watson's avatar
Rob Watson committed
897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916
  def pages_https_only
    return false unless Gitlab.config.pages.external_https

    super
  end

  def pages_https_only?
    return false unless Gitlab.config.pages.external_https

    super
  end

  def validate_pages_https_only
    return unless pages_https_only?

    unless pages_domains.all?(&:https?)
      errors.add(:pages_https_only, "cannot be enabled unless all domains have TLS certificates")
    end
  end

917
  def to_param
918 919 920 921 922
    if persisted? && errors.include?(:path)
      path_was
    else
      path
    end