project.rb 67.5 KB
Newer Older
1 2
# frozen_string_literal: true

3 4
require 'carrierwave/orm/activerecord'

gitlabhq's avatar
gitlabhq committed
5
class Project < ActiveRecord::Base
6
  include Gitlab::ConfigHelper
7
  include Gitlab::ShellAdapter
8
  include Gitlab::VisibilityLevel
9
  include AccessRequestable
10
  include Avatarable
11
  include CacheMarkdownField
12 13
  include Referable
  include Sortable
14
  include AfterCommitQueue
15
  include CaseSensitivity
16
  include TokenAuthenticatable
17
  include ValidAttribute
18
  include ProjectFeaturesCompatibility
19
  include SelectForProjectAuthorization
20
  include Presentable
21
  include Routable
22
  include GroupDescendant
23
  include Gitlab::SQL::Pattern
24
  include DeploymentPlatform
25
  include ::Gitlab::Utils::StrongMemoize
26
  include ChronicDurationAttribute
27
  include FastDestroyAll::Helpers
Jan Provaznik's avatar
Jan Provaznik committed
28
  include WithUploads
29
  include BatchDestroyDependentAssociations
30
  include FeatureGate
31
  include OptionallySearch
32
  include FromUnion
33
  include IgnorableColumn
34
  extend Gitlab::Cache::RequestCache
Robert Speicher's avatar
Robert Speicher committed
35

36
  extend Gitlab::ConfigHelper
37

38
  BoardLimitExceeded = Class.new(StandardError)
39

40
  STATISTICS_ATTRIBUTE = 'repositories_count'.freeze
41
  UNKNOWN_IMPORT_URL = 'http://unknown.git'.freeze
42 43
  # Hashed Storage versions handle rolling out new storage to project and dependents models:
  # nil: legacy
44 45 46
  # 1: repository
  # 2: attachments
  LATEST_STORAGE_VERSION = 2
47 48 49 50
  HASHED_STORAGE_FEATURES = {
    repository: 1,
    attachments: 2
  }.freeze
Jared Szechy's avatar
Jared Szechy committed
51

52 53 54 55 56
  VALID_IMPORT_PORTS = [80, 443].freeze
  VALID_IMPORT_PROTOCOLS = %w(http https git).freeze

  VALID_MIRROR_PORTS = [22, 80, 443].freeze
  VALID_MIRROR_PROTOCOLS = %w(http https ssh git).freeze
57

58 59
  ignore_column :import_status, :import_jid, :import_error

60 61
  cache_markdown_field :description, pipeline: :description

62
  delegate :feature_available?, :builds_enabled?, :wiki_enabled?,
63 64
           :merge_requests_enabled?, :issues_enabled?, :pages_enabled?, :public_pages?,
           to: :project_feature, allow_nil: true
65

66
  delegate :base_dir, :disk_path, :ensure_storage_path_exists, to: :storage
67

68 69 70 71 72 73
  delegate :scheduled?, :started?, :in_progress?,
    :failed?, :finished?,
    prefix: :import, to: :import_state, allow_nil: true

  delegate :no_import?, to: :import_state, allow_nil: true

74
  default_value_for :archived, false
75
  default_value_for(:visibility_level) { Gitlab::CurrentSettings.default_project_visibility }
76
  default_value_for :resolve_outdated_diff_discussions, false
77
  default_value_for :container_registry_enabled, gitlab_config_features.container_registry
78 79
  default_value_for(:repository_storage) { Gitlab::CurrentSettings.pick_repository_storage }
  default_value_for(:shared_runners_enabled) { Gitlab::CurrentSettings.shared_runners_enabled }
80 81 82 83 84
  default_value_for :issues_enabled, gitlab_config_features.issues
  default_value_for :merge_requests_enabled, gitlab_config_features.merge_requests
  default_value_for :builds_enabled, gitlab_config_features.builds
  default_value_for :wiki_enabled, gitlab_config_features.wiki
  default_value_for :snippets_enabled, gitlab_config_features.snippets
85
  default_value_for :only_allow_merge_if_all_discussions_are_resolved, false
86

87
  add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
88

89
  before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? }
90

91
  before_save :ensure_runners_token
92

93
  after_save :update_project_statistics, if: :namespace_id_changed?
94 95 96

  after_save :create_import_state, if: ->(project) { project.import? && project.import_state.nil? }

97
  after_create :create_project_feature, unless: :project_feature
98 99 100 101 102

  after_create :create_ci_cd_settings,
    unless: :ci_cd_settings,
    if: proc { ProjectCiCdSetting.available? }

103
  after_create :set_timestamps_for_create
104
  after_update :update_forks_visibility_level
105

106
  before_destroy :remove_private_deploy_keys
107

108
  use_fast_destroy :build_trace_chunks
109

110
  after_destroy -> { run_after_commit { remove_pages } }
111
  after_destroy :remove_exports
Kamil Trzcinski's avatar
Kamil Trzcinski committed
112

113 114
  after_validation :check_pending_delete

115
  # Storage specific hooks
116
  after_initialize :use_hashed_storage
117
  after_create :check_repository_absence!
118 119
  after_create :ensure_storage_path_exists
  after_save :ensure_storage_path_exists, if: :namespace_id_changed?
120

121
  acts_as_ordered_taggable
122

123
  attr_accessor :old_path_with_namespace
124
  attr_accessor :template_name
125
  attr_writer :pipeline_status
126
  attr_accessor :skip_disk_validation
127

128 129
  alias_attribute :title, :name

130
  # Relations
131
  belongs_to :pool_repository
132
  belongs_to :creator, class_name: 'User'
133
  belongs_to :group, -> { where(type: 'Group') }, foreign_key: 'namespace_id'
134
  belongs_to :namespace
135 136
  alias_method :parent, :namespace
  alias_attribute :parent_id, :namespace_id
137

138
  has_one :last_event, -> {order 'events.created_at DESC'}, class_name: 'Event'
139
  has_many :boards
140

141
  # Project services
142
  has_one :campfire_service
blackst0ne's avatar
blackst0ne committed
143
  has_one :discord_service
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161
  has_one :drone_ci_service
  has_one :emails_on_push_service
  has_one :pipelines_email_service
  has_one :irker_service
  has_one :pivotaltracker_service
  has_one :flowdock_service
  has_one :assembla_service
  has_one :asana_service
  has_one :mattermost_slash_commands_service
  has_one :mattermost_service
  has_one :slack_slash_commands_service
  has_one :slack_service
  has_one :buildkite_service
  has_one :bamboo_service
  has_one :teamcity_service
  has_one :pushover_service
  has_one :jira_service
  has_one :redmine_service
162
  has_one :youtrack_service
163 164 165 166 167 168 169 170 171 172
  has_one :custom_issue_tracker_service
  has_one :bugzilla_service
  has_one :gitlab_issue_tracker_service, inverse_of: :project
  has_one :external_wiki_service
  has_one :kubernetes_service, inverse_of: :project
  has_one :prometheus_service, inverse_of: :project
  has_one :mock_ci_service
  has_one :mock_deployment_service
  has_one :mock_monitoring_service
  has_one :microsoft_teams_service
173
  has_one :packagist_service
174
  has_one :hangouts_chat_service
175

176 177 178 179 180
  has_one :root_of_fork_network,
          foreign_key: 'root_project_id',
          inverse_of: :root_project,
          class_name: 'ForkNetwork'
  has_one :fork_network_member
181
  has_one :fork_network, through: :fork_network_member
182 183 184
  has_one :forked_from_project, through: :fork_network_member
  has_many :forked_to_members, class_name: 'ForkNetworkMember', foreign_key: 'forked_from_project_id'
  has_many :forks, through: :forked_to_members, source: :project, inverse_of: :forked_from_project
185

186
  has_one :import_state, autosave: true, class_name: 'ProjectImportState', inverse_of: :project
187
  has_one :import_export_upload, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
188
  has_one :project_repository, inverse_of: :project
189
  has_one :error_tracking_setting, inverse_of: :project, class_name: 'ErrorTracking::ProjectErrorTrackingSetting'
190

191
  # Merge Requests for target project should be removed with it
192
  has_many :merge_requests, foreign_key: 'target_project_id', inverse_of: :target_project
193
  has_many :source_of_merge_requests, foreign_key: 'source_project_id', class_name: 'MergeRequest'
194 195 196 197 198 199 200 201 202 203
  has_many :issues
  has_many :labels, class_name: 'ProjectLabel'
  has_many :services
  has_many :events
  has_many :milestones
  has_many :notes
  has_many :snippets, class_name: 'ProjectSnippet'
  has_many :hooks, class_name: 'ProjectHook'
  has_many :protected_branches
  has_many :protected_tags
204
  has_many :repository_languages, -> { order "share DESC" }
205

206
  has_many :project_authorizations
207
  has_many :authorized_users, through: :project_authorizations, source: :user, class_name: 'User'
208
  has_many :project_members, -> { where(requested_at: nil) },
209
    as: :source, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
210

211
  alias_method :members, :project_members
212
  has_many :users, through: :project_members
213

214
  has_many :requesters, -> { where.not(requested_at: nil) },
215
    as: :source, class_name: 'ProjectMember', dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
216
  has_many :members_and_requesters, as: :source, class_name: 'ProjectMember'
217

218
  has_many :deploy_keys_projects
219
  has_many :deploy_keys, through: :deploy_keys_projects
220
  has_many :users_star_projects
221
  has_many :starrers, through: :users_star_projects, source: :user
222
  has_many :releases
223
  has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
224
  has_many :lfs_objects, through: :lfs_objects_projects
225
  has_many :lfs_file_locks
226
  has_many :project_group_links
227
  has_many :invited_groups, through: :project_group_links, source: :group
228 229
  has_many :pages_domains
  has_many :todos
230
  has_many :notification_settings, as: :source, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
231

232 233
  has_many :internal_ids

234
  has_one :import_data, class_name: 'ProjectImportData', inverse_of: :project, autosave: true
235
  has_one :project_feature, inverse_of: :project
236
  has_one :statistics, class_name: 'ProjectStatistics'
237

Shinya Maeda's avatar
Shinya Maeda committed
238
  has_one :cluster_project, class_name: 'Clusters::Project'
239
  has_many :clusters, through: :cluster_project, class_name: 'Clusters::Cluster'
240
  has_many :cluster_ingresses, through: :clusters, source: :application_ingress, class_name: 'Clusters::Applications::Ingress'
241
  has_many :kubernetes_namespaces, class_name: 'Clusters::KubernetesNamespace'
242

243 244
  has_many :prometheus_metrics

245 246 247
  # Container repositories need to remove data from the container registry,
  # which is not managed by the DB. Hence we're still using dependent: :destroy
  # here.
248
  has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
249

250
  has_many :commit_statuses
251
  # The relation :all_pipelines is intended to be used when we want to get the
252 253
  # whole list of pipelines associated to the project
  has_many :all_pipelines, class_name: 'Ci::Pipeline', inverse_of: :project
254
  # The relation :ci_pipelines is intended to be used when we want to get only
255 256 257 258
  # those pipeline which are directly related to CI. There are
  # other pipelines, like webide ones, that we won't retrieve
  # if we use this relation.
  has_many :ci_pipelines,
259
          -> { ci_sources },
260 261
          class_name: 'Ci::Pipeline',
          inverse_of: :project
262
  has_many :stages, class_name: 'Ci::Stage', inverse_of: :project
263 264 265 266 267

  # Ci::Build objects store data on the file system such as artifact files and
  # build traces. Currently there's no efficient way of removing this data in
  # bulk that doesn't involve loading the rows into memory. As a result we're
  # still using `dependent: :destroy` here.
268
  has_many :builds, class_name: 'Ci::Build', inverse_of: :project, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
269
  has_many :build_trace_section_names, class_name: 'Ci::BuildTraceSectionName'
270
  has_many :build_trace_chunks, class_name: 'Ci::BuildTraceChunk', through: :builds, source: :trace_chunks
271
  has_many :runner_projects, class_name: 'Ci::RunnerProject', inverse_of: :project
272
  has_many :runners, through: :runner_projects, source: :runner, class_name: 'Ci::Runner'
273
  has_many :variables, class_name: 'Ci::Variable'
274 275
  has_many :triggers, class_name: 'Ci::Trigger'
  has_many :environments
276
  has_many :deployments, -> { success }
277
  has_many :pipeline_schedules, class_name: 'Ci::PipelineSchedule'
278
  has_many :project_deploy_tokens
279
  has_many :deploy_tokens, through: :project_deploy_tokens
280

281
  has_one :auto_devops, class_name: 'ProjectAutoDevops'
282
  has_many :custom_attributes, class_name: 'ProjectCustomAttribute'
283

284
  has_many :project_badges, class_name: 'ProjectBadge'
285
  has_one :ci_cd_settings, class_name: 'ProjectCiCdSetting', inverse_of: :project, autosave: true, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
286

287 288
  has_many :remote_mirrors, inverse_of: :project

289
  accepts_nested_attributes_for :variables, allow_destroy: true
290
  accepts_nested_attributes_for :project_feature, update_only: true
291
  accepts_nested_attributes_for :import_data
292
  accepts_nested_attributes_for :auto_devops, update_only: true
293

294 295 296 297
  accepts_nested_attributes_for :remote_mirrors,
                                allow_destroy: true,
                                reject_if: ->(attrs) { attrs[:id].blank? && attrs[:url].blank? }

298 299
  accepts_nested_attributes_for :error_tracking_setting, update_only: true

300
  delegate :name, to: :owner, allow_nil: true, prefix: true
301
  delegate :members, to: :team, prefix: true
302
  delegate :add_user, :add_users, to: :team
303 304
  delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team
  delegate :add_master, to: :team # @deprecated
305
  delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings
306 307
  delegate :group_clusters_enabled?, to: :group, allow_nil: true
  delegate :root_ancestor, to: :namespace, allow_nil: true
308
  delegate :last_pipeline, to: :commit, allow_nil: true
309

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
310
  # Validations
311
  validates :creator, presence: true, on: :create
312
  validates :description, length: { maximum: 2000 }, allow_blank: true
313
  validates :ci_config_path,
314
    format: { without: %r{(\.{2}|\A/)},
315
              message: 'cannot include leading slash or directory traversal.' },
316 317
    length: { maximum: 255 },
    allow_blank: true
318 319
  validates :name,
    presence: true,
320
    length: { maximum: 255 },
321
    format: { with: Gitlab::Regex.project_name_regex,
Douwe Maan's avatar
Douwe Maan committed
322
              message: Gitlab::Regex.project_name_regex_message }
323 324
  validates :path,
    presence: true,
325
    project_path: true,
326
    length: { maximum: 255 }
327

328
  validates :namespace, presence: true
Douwe Maan's avatar
Douwe Maan committed
329
  validates :name, uniqueness: { scope: :namespace_id }
330 331 332
  validates :import_url, public_url: { protocols: ->(project) { project.persisted? ? VALID_MIRROR_PROTOCOLS : VALID_IMPORT_PROTOCOLS },
                                       ports: ->(project) { project.persisted? ? VALID_MIRROR_PORTS : VALID_IMPORT_PORTS },
                                       enforce_user: true }, if: [:external_import?, :import_url_changed?]
333
  validates :star_count, numericality: { greater_than_or_equal_to: 0 }
334
  validate :check_personal_projects_limit, on: :create
335
  validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? }
336 337
  validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) }
  validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) }
338
  validate :check_wiki_path_conflict
Rob Watson's avatar
Rob Watson committed
339
  validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) }
340 341 342
  validates :repository_storage,
    presence: true,
    inclusion: { in: ->(_object) { Gitlab.config.repositories.storages.keys } }
343
  validates :variables, variable_duplicates: { scope: :environment_scope }
344
  validates :bfg_object_map, file_size: { maximum: :max_attachment_size }
345

346
  # Scopes
347
  scope :pending_delete, -> { where(pending_delete: true) }
348
  scope :without_deleted, -> { where(pending_delete: false) }
349

350 351 352
  scope :with_storage_feature, ->(feature) { where('storage_version >= :version', version: HASHED_STORAGE_FEATURES[feature]) }
  scope :without_storage_feature, ->(feature) { where('storage_version < :version OR storage_version IS NULL', version: HASHED_STORAGE_FEATURES[feature]) }
  scope :with_unmigrated_storage, -> { where('storage_version < :version OR storage_version IS NULL', version: LATEST_STORAGE_VERSION) }
353

354 355
  # last_activity_at is throttled every minute, but last_repository_updated_at is updated with every push
  scope :sorted_by_activity, -> { reorder("GREATEST(COALESCE(last_activity_at, '1970-01-01'), COALESCE(last_repository_updated_at, '1970-01-01')) DESC") }
356
  scope :sorted_by_stars, -> { reorder(star_count: :desc) }
357

358
  scope :in_namespace, ->(namespace_ids) { where(namespace_id: namespace_ids) }
359
  scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
360
  scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) }
361
  scope :starred_by, ->(user) { joins(:users_star_projects).where('users_star_projects.user_id': user.id) }
362
  scope :visible_to_user, ->(user) { where(id: user.authorized_projects.select(:id).reorder(nil)) }
363
  scope :visible_to_user_and_access_level, ->(user, access_level) { where(id: user.authorized_projects.where('project_authorizations.access_level >= ?', access_level).select(:id).reorder(nil)) }
364
  scope :archived, -> { where(archived: true) }
365
  scope :non_archived, -> { where(archived: false) }
366
  scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct }
367
  scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) }
368
  scope :with_project_feature, -> { joins('LEFT JOIN project_features ON projects.id = project_features.project_id') }
369
  scope :with_statistics, -> { includes(:statistics) }
370
  scope :with_shared_runners, -> { where(shared_runners_enabled: true) }
371 372 373
  scope :inside_path, ->(path) do
    # We need routes alias rs for JOIN so it does not conflict with
    # includes(:route) which we use in ProjectsFinder.
374 375
    joins("INNER JOIN routes rs ON rs.source_id = projects.id AND rs.source_type = 'Project'")
      .where('rs.path LIKE ?', "#{sanitize_sql_like(path)}/%")
376
  end
377 378 379

  # "enabled" here means "not disabled". It includes private features!
  scope :with_feature_enabled, ->(feature) {
380 381 382 383
    access_level_attribute = ProjectFeature.arel_table[ProjectFeature.access_level_attribute(feature)]
    enabled_feature = access_level_attribute.gt(ProjectFeature::DISABLED).or(access_level_attribute.eq(nil))

    with_project_feature.where(enabled_feature)
384 385 386 387 388 389 390 391
  }

  # Picks a feature where the level is exactly that given.
  scope :with_feature_access_level, ->(feature, level) {
    access_level_attribute = ProjectFeature.access_level_attribute(feature)
    with_project_feature.where(project_features: { access_level_attribute => level })
  }

392 393 394 395 396 397 398 399 400 401
  # Picks projects which use the given programming language
  scope :with_programming_language, ->(language_name) do
    lang_id_query = ProgrammingLanguage
        .with_name_case_insensitive(language_name)
        .select(:id)

    joins(:repository_languages)
        .where(repository_languages: { programming_language_id: lang_id_query })
  end

402 403
  scope :with_builds_enabled, -> { with_feature_enabled(:builds) }
  scope :with_issues_enabled, -> { with_feature_enabled(:issues) }
404
  scope :with_issues_available_for_user, ->(current_user) { with_feature_available_for_user(:issues, current_user) }
405
  scope :with_merge_requests_enabled, -> { with_feature_enabled(:merge_requests) }
406
  scope :with_remote_mirrors, -> { joins(:remote_mirrors).where(remote_mirrors: { enabled: true }).distinct }
407

408 409 410 411 412
  scope :with_group_runners_enabled, -> do
    joins(:ci_cd_settings)
    .where(project_ci_cd_settings: { group_runners_enabled: true })
  end

413 414 415 416 417 418
  scope :missing_kubernetes_namespace, -> (kubernetes_namespaces) do
    subquery = kubernetes_namespaces.select('1').where('clusters_kubernetes_namespaces.project_id = projects.id')

    where('NOT EXISTS (?)', subquery)
  end

419
  enum auto_cancel_pending_pipelines: { disabled: 0, enabled: 1 }
420

421 422
  chronic_duration_attr :build_timeout_human_readable, :build_timeout,
    default: 3600, error_message: 'Maximum job timeout has a value which could not be accepted'
423 424

  validates :build_timeout, allow_nil: true,
425 426 427 428
                            numericality: { greater_than_or_equal_to: 10.minutes,
                                            less_than: 1.month,
                                            only_integer: true,
                                            message: 'needs to be beetween 10 minutes and 1 month' }
429

430 431 432
  # Used by Projects::CleanupService to hold a map of rewritten object IDs
  mount_uploader :bfg_object_map, AttachmentUploader

433 434 435 436 437 438 439
  # Returns a project, if it is not about to be removed.
  #
  # id - The ID of the project to retrieve.
  def self.find_without_deleted(id)
    without_deleted.find_by_id(id)
  end

440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459
  # Paginates a collection using a `WHERE id < ?` condition.
  #
  # before - A project ID to use for filtering out projects with an equal or
  #      greater ID. If no ID is given, all projects are included.
  #
  # limit - The maximum number of rows to include.
  def self.paginate_in_descending_order_using_id(
    before: nil,
    limit: Kaminari.config.default_per_page
  )
    relation = order_id_desc.limit(limit)
    relation = relation.where('projects.id < ?', before) if before

    relation
  end

  def self.eager_load_namespace_and_owner
    includes(namespace: :owner)
  end

460 461
  # Returns a collection of projects that is either public or visible to the
  # logged in user.
462 463
  def self.public_or_visible_to_user(user = nil)
    if user
464 465 466
      where('EXISTS (?) OR projects.visibility_level IN (?)',
            user.authorizations_for_projects,
            Gitlab::VisibilityLevel.levels_for_user(user))
467
    else
468
      public_to_user
469 470 471
    end
  end

472
  # project features may be "disabled", "internal", "enabled" or "public". If "internal",
473
  # they are only available to team members. This scope returns projects where
474
  # the feature is either public, enabled, or internal with permission for the user.
475 476 477 478
  #
  # This method uses an optimised version of `with_feature_access_level` for
  # logged in users to more efficiently get private projects with the given
  # feature.
479
  def self.with_feature_available_for_user(feature, user)
480 481
    visible = [ProjectFeature::ENABLED, ProjectFeature::PUBLIC]
    min_access_level = ProjectFeature.required_minimum_access_level(feature)
482 483 484 485 486 487

    if user&.admin?
      with_feature_enabled(feature)
    elsif user
      column = ProjectFeature.quoted_access_level_column(feature)

488
      with_project_feature
489 490 491 492 493 494 495 496 497
        .where(
          "(projects.visibility_level > :private AND (#{column} IS NULL OR #{column} >= (:public_visible) OR (#{column} = :private_visible AND EXISTS(:authorizations))))"\
          " OR (projects.visibility_level = :private AND (#{column} IS NULL OR #{column} >= :private_visible) AND EXISTS(:authorizations))",
          {
            private: Gitlab::VisibilityLevel::PRIVATE,
            public_visible: ProjectFeature::ENABLED,
            private_visible: ProjectFeature::PRIVATE,
            authorizations: user.authorizations_for_projects(min_access_level: min_access_level)
          })
498 499 500
    else
      with_feature_access_level(feature, visible)
    end
501
  end
502

503 504
  scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
  scope :abandoned, -> { where('projects.last_activity_at < ?', 6.months.ago) }
505

506 507
  scope :excluding_project, ->(project) { where.not(id: project) }

508 509
  # We require an alias to the project_mirror_data_table in order to use import_state in our queries
  scope :joins_import_state, -> { joins("INNER JOIN project_mirror_data import_state ON import_state.project_id = projects.id") }
510
  scope :for_group, -> (group) { where(group: group) }
511

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
512
  class << self
513 514 515 516 517 518 519
    # Searches for a list of projects based on the query given in `query`.
    #
    # On PostgreSQL this method uses "ILIKE" to perform a case-insensitive
    # search. On MySQL a regular "LIKE" is used as it's already
    # case-insensitive.
    #
    # query - The search query as a String.
520
    def search(query)
521
      fuzzy_search(query, [:path, :name, :description])
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
522
    end
523

524
    def search_by_title(query)
525
      non_archived.fuzzy_search(query, [:name])
526 527
    end

528 529 530
    def visibility_levels
      Gitlab::VisibilityLevel.options
    end
531

532
    def sort_by_attribute(method)
533 534
      case method.to_s
      when 'storage_size_desc'
535 536 537
        # storage_size is a joined column so we need to
        # pass a string to avoid AR adding the table name
        reorder('project_statistics.storage_size DESC, projects.id DESC')
538 539 540 541
      when 'latest_activity_desc'
        reorder(last_activity_at: :desc)
      when 'latest_activity_asc'
        reorder(last_activity_at: :asc)
542 543
      when 'stars_desc'
        sorted_by_stars
544 545
      else
        order_by(method)
546 547
      end
    end
548 549

    def reference_pattern
550
      %r{
551
        (?<!#{Gitlab::PathRegex::PATH_START_CHAR})
552 553
        ((?<namespace>#{Gitlab::PathRegex::FULL_NAMESPACE_FORMAT_REGEX})\/)?
        (?<project>#{Gitlab::PathRegex::PROJECT_PATH_FORMAT_REGEX})
554
      }x
555
    end
556

557 558 559 560
    def reference_postfix
      '>'
    end

561 562 563 564
    def reference_postfix_escaped
      '&gt;'
    end

565
    # Pattern used to extract `namespace/project>` project references from text.
566 567
    # '>' or its escaped form ('&gt;') are checked for because '>' is sometimes escaped
    # when the reference comes from an external source.
568 569 570
    def markdown_reference_pattern
      %r{
        #{reference_pattern}
571
        (#{reference_postfix}|#{reference_postfix_escaped})
572 573 574
      }x
    end

575
    def trending
576 577
      joins('INNER JOIN trending_projects ON projects.id = trending_projects.project_id')
        .reorder('trending_projects.id ASC')
578
    end
579 580 581 582 583 584

    def cached_count
      Rails.cache.fetch('total_project_count', expires_in: 5.minutes) do
        Project.count
      end
    end
585 586

    def group_ids
587
      joins(:namespace).where(namespaces: { type: 'Group' }).select(:namespace_id)
588
    end
589 590
  end

591 592 593 594 595 596 597 598
  def all_pipelines
    if builds_enabled?
      super
    else
      super.external
    end
  end

599 600 601 602 603 604 605 606
  def ci_pipelines
    if builds_enabled?
      super
    else
      super.external
    end
  end

607 608
  # returns all ancestor-groups upto but excluding the given namespace
  # when no namespace is given, all ancestors upto the top are returned
609
  def ancestors_upto(top = nil, hierarchy_order: nil)
610
    Gitlab::ObjectHierarchy.new(Group.where(id: namespace_id))
611
      .base_and_ancestors(upto: top, hierarchy_order: hierarchy_order)
612 613
  end

614 615
  alias_method :ancestors, :ancestors_upto

616
  def lfs_enabled?
617
    return namespace.lfs_enabled? if self[:lfs_enabled].nil?
Patricio Cano's avatar
Patricio Cano committed
618

619
    self[:lfs_enabled] && Gitlab.config.lfs.enabled
620 621
  end

622 623
  alias_method :lfs_enabled, :lfs_enabled?

624
  def auto_devops_enabled?
625
    if auto_devops&.enabled.nil?
626
      has_auto_devops_implicitly_enabled?
627 628
    else
      auto_devops.enabled?
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
629
    end
630 631
  end

632
  def has_auto_devops_implicitly_enabled?
633 634 635
    auto_devops_config = first_auto_devops_config

    auto_devops_config[:scope] != :project && auto_devops_config[:status]
636 637
  end

638
  def has_auto_devops_implicitly_disabled?
639 640 641 642 643 644 645 646 647
    auto_devops_config = first_auto_devops_config

    auto_devops_config[:scope] != :project && !auto_devops_config[:status]
  end

  def first_auto_devops_config
    return namespace.first_auto_devops_config if auto_devops&.enabled.nil?

    { scope: :project, status: auto_devops&.enabled || Feature.enabled?(:force_autodevops_on_by_default, self) }
648 649
  end

650 651 652 653
  def daily_statistics_enabled?
    Feature.enabled?(:project_daily_statistics, self, default_enabled: true)
  end

654 655 656 657
  def empty_repo?
    repository.empty?
  end

658
  def team
659
    @team ||= ProjectTeam.new(self)
660 661 662
  end

  def repository
663
    @repository ||= Repository.new(full_path, self, disk_path: disk_path)
664 665
  end

666
  def cleanup
667 668 669
    @repository = nil
  end

670 671
  alias_method :reload_repository!, :cleanup

672
  def container_registry_url
Kamil Trzcinski's avatar
Kamil Trzcinski committed
673
    if Gitlab.config.registry.enabled
674
      "#{Gitlab.config.registry.host_port}/#{full_path.downcase}"
675
    end
676 677
  end

678
  def has_container_registry_tags?
679 680 681
    return @images if defined?(@images)

    @images = container_repositories.to_a.any?(&:has_tags?) ||
682
      has_root_container_repository_tags?
683 684
  end

685 686
  def commit(ref = 'HEAD')
    repository.commit(ref)
687 688
  end

689 690 691 692
  def commit_by(oid:)
    repository.commit_by(oid: oid)
  end

693 694 695 696
  def commits_by(oids:)
    repository.commits_by(oids: oids)
  end

697
  # ref can't be HEAD, can only be branch/tag name or SHA
698
  def latest_successful_build_for(job_name, ref = default_branch)
699
    latest_pipeline = ci_pipelines.latest_successful_for(ref)
700
    return unless latest_pipeline
701

702
    latest_pipeline.builds.latest.with_artifacts_archive.find_by(name: job_name)
703 704
  end

705
  def latest_successful_build_for!(job_name, ref = default_branch)
706 707 708
    latest_successful_build_for(job_name, ref) || raise(ActiveRecord::RecordNotFound.new("Couldn't find job #{job_name}"))
  end

709
  def merge_base_commit(first_commit_id, second_commit_id)
Douwe Maan's avatar
Douwe Maan committed
710
    sha = repository.merge_base(first_commit_id, second_commit_id)
711
    commit_by(oid: sha) if sha
712 713
  end

714
  def saved?
715
    id && persisted?
716 717
  end

718 719 720 721 722 723 724 725
  def import_status
    import_state&.status || 'none'
  end

  def human_import_status_name
    import_state&.human_status_name || 'none'
  end

726
  def add_import_job
Douwe Maan's avatar
Douwe Maan committed
727 728
    job_id =
      if forked?
729
        RepositoryForkWorker.perform_async(id)
730
      elsif gitlab_project_import?
James Lopez's avatar
James Lopez committed
731
        # Do not retry on Import/Export until https://gitlab.com/gitlab-org/gitlab-ce/issues/26189 is solved.
732
        RepositoryImportWorker.set(retry: false).perform_async(self.id)
Douwe Maan's avatar
Douwe Maan committed
733 734 735
      else
        RepositoryImportWorker.perform_async(self.id)
      end
736

737 738 739 740 741 742 743 744
    log_import_activity(job_id)

    job_id
  end

  def log_import_activity(job_id, type: :import)
    job_type = type.to_s.capitalize

745
    if job_id
746
      Rails.logger.info("#{job_type} job scheduled for #{full_path} with job ID #{job_id}.")
747
    else
748
      Rails.logger.error("#{job_type} job failed to create for #{full_path}.")
749
    end
750 751
  end

752 753 754 755 756
  def reset_cache_and_import_attrs
    run_after_commit do
      ProjectCacheWorker.perform_async(self.id)
    end

757
    import_state.update(last_error: nil)
758 759 760
    remove_import_data
  end

761
  # This method is overridden in EE::Project model
762
  def remove_import_data
763
    import_data&.destroy
764 765
  end

766
  def ci_config_path=(value)
767
    # Strip all leading slashes so that //foo -> foo
768
    super(value&.delete("\0"))
769 770
  end

771
  def import_url=(value)
772 773 774 775 776 777 778
    if Gitlab::UrlSanitizer.valid?(value)
      import_url = Gitlab::UrlSanitizer.new(value)
      super(import_url.sanitized_url)
      create_or_update_import_data(credentials: import_url.credentials)
    else
      super(value)
    end
779 780 781
  end

  def import_url
782
    if import_data && super.present?
783
      import_url = Gitlab::UrlSanitizer.new(super, credentials: import_data.credentials)
James Lopez's avatar
James Lopez committed
784 785 786
      import_url.full_url
    else
      super
787
    end
788 789
  rescue
    super
790
  end
791

James Lopez's avatar
James Lopez committed
792
  def valid_import_url?
793
    valid?(:import_url) || errors.messages[:import_url].nil?
James Lopez's avatar
James Lopez committed
794 795
  end

796
  def create_or_update_import_data(data: nil, credentials: nil)
797
    return if data.nil? && credentials.nil?
798

James Lopez's avatar
James Lopez committed
799
    project_import_data = import_data || build_import_data
800

801 802
    project_import_data.merge_data(data.to_h)
    project_import_data.merge_credentials(credentials.to_h)
803 804

    project_import_data
805
  end
806

807
  def import?
808
    external_import? || forked? || gitlab_project_import? || bare_repository_import?
809 810 811
  end

  def external_import?
812 813 814
    import_url.present?
  end

815
  def safe_import_url
816
    Gitlab::UrlSanitizer.new(import_url).masked_url
817 818
  end

819 820 821 822
  def bare_repository_import?
    import_type == 'bare_repository'
  end

823 824 825 826
  def gitlab_project_import?
    import_type == 'gitlab_project'
  end

827 828 829 830
  def gitea_import?
    import_type == 'gitea'
  end

831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861
  def has_remote_mirror?
    remote_mirror_available? && remote_mirrors.enabled.exists?
  end

  def updating_remote_mirror?
    remote_mirrors.enabled.started.exists?
  end

  def update_remote_mirrors
    return unless remote_mirror_available?

    remote_mirrors.enabled.each(&:sync)
  end

  def mark_stuck_remote_mirrors_as_failed!
    remote_mirrors.stuck.update_all(
      update_status: :failed,
      last_error: 'The remote mirror took to long to complete.',
      last_update_at: Time.now
    )
  end

  def mark_remote_mirrors_for_removal
    remote_mirrors.each(&:mark_for_delete_if_blank_url)
  end

  def remote_mirror_available?
    remote_mirror_available_overridden ||
      ::Gitlab::CurrentSettings.mirror_available
  end

862 863 864 865 866 867
  def check_personal_projects_limit
    # Since this method is called as validation hook, `creator` might not be
    # present. Since the validation for that will fail, we can just return
    # early.
    return if !creator || creator.can_create_project? ||
        namespace.kind == 'group'
868

869 870 871 872
    limit = creator.projects_limit
    error =
      if limit.zero?
        _('Personal project creation is not allowed. Please contact your administrator with questions')
873
      else
874
        _('Your project limit is %{limit} projects! Please contact your administrator to increase it')
875
      end
876 877

    self.errors.add(:limit_reached, error % { limit: limit })
gitlabhq's avatar
gitlabhq committed
878 879
  end

880 881 882 883 884 885 886 887 888 889 890 891 892
  def visibility_level_allowed_by_group
    return if visibility_level_allowed_by_group?

    level_name = Gitlab::VisibilityLevel.level_name(self.visibility_level).downcase
    group_level_name = Gitlab::VisibilityLevel.level_name(self.group.visibility_level).downcase
    self.errors.add(:visibility_level, "#{level_name} is not allowed in a #{group_level_name} group.")
  end

  def visibility_level_allowed_as_fork
    return if visibility_level_allowed_as_fork?

    level_name = Gitlab::VisibilityLevel.level_name(self.visibility_level).downcase
    self.errors.add(:visibility_level, "#{level_name} is not allowed since the fork source project has lower visibility.")
893 894
  end

895 896 897 898 899 900 901 902 903 904
  def check_wiki_path_conflict
    return if path.blank?

    path_to_check = path.ends_with?('.wiki') ? path.chomp('.wiki') : "#{path}.wiki"

    if Project.where(namespace_id: namespace_id, path: path_to_check).exists?
      errors.add(:name, 'has already been taken')
    end
  end

Rob Watson's avatar
Rob Watson committed
905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924
  def pages_https_only
    return false unless Gitlab.config.pages.external_https

    super
  end

  def pages_https_only?
    return false unless Gitlab.config.pages.external_https

    super
  end

  def validate_pages_https_only
    return unless pages_https_only?

    unless pages_domains.all?(&:https?)
      errors.add(:pages_https_only, "cannot be enabled unless all domains have TLS certificates")
    end
  end

925
  def to_param
926 927 928 929 930
    if persisted? && errors.include?(:path)
      path_was
    else
      path
    end
931 932
  end

933 934 935 936
  def to_reference_with_postfix
    "#{to_reference(full: true)}#{self.class.reference_postfix}"
  end

937
  # `from` argument can be a Namespace or Project.
938 939
  def to_reference(from = nil, full: false)
    if full || cross_namespace_reference?(from)
940
      full_path
941 942 943
    elsif cross_project_reference?(from)
      path
    end
944 945
  end

946 947
  def to_human_reference(from = nil)
    if cross_namespace_reference?(from)
948
      name_with_namespace
949
    elsif cross_project_reference?(from)
950 951
      name
    end
952 953
  end

954
  def web_url
955
    Gitlab::Routing.url_helpers.project_url(self)
956 957
  end

958
  def readme_url
959 960 961
    readme_path = repository.readme_path
    if readme_path
      Gitlab::Routing.url_helpers.project_blob_url(self, File.join(default_branch, readme_path))
962 963 964
    end
  end

965
  def new_issuable_address(author, address_type)
966
    return unless Gitlab::IncomingEmail.supports_issue_creation? && author
967

968 969 970
    # check since this can come from a request parameter
    return unless %w(issue merge_request).include?(address_type)

971 972
    author.ensure_incoming_email_token!

973 974 975 976 977
    suffix = address_type.dasherize

    # example: incoming+h5bp-html5-boilerplate-8-1234567890abcdef123456789-issue@localhost.com
    # example: incoming+h5bp-html5-boilerplate-8-1234567890abcdef123456789-merge-request@localhost.com
    Gitlab::IncomingEmail.reply_address("#{full_path_slug}-#{project_id}-#{author.incoming_email_token}-#{suffix}")
978 979
  end

980
  def build_commit_note(commit)
981
    notes.new(commit_id: commit.id, noteable_type: 'Commit')
gitlabhq's avatar
gitlabhq committed
982
  end
Nihad Abbasov's avatar
Nihad Abbasov committed
983

984
  def last_activity
985
    last_event
gitlabhq's avatar
gitlabhq committed
986 987 988
  end

  def last_activity_date
989
    [last_activity_at, last_repository_updated_at, updated_at].compact.max
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
990
  end
991

992 993 994
  def project_id
    self.id
  end
randx's avatar
randx committed
995

996
  def get_issue(issue_id, current_user)
997 998 999 1000 1001
    issue = IssuesFinder.new(current_user, project_id: id).find_by(iid: issue_id) if issues_enabled?

    if issue
      issue
    elsif external_issue_tracker
Robert Speicher's avatar
Robert Speicher committed
1002
      ExternalIssue.new(issue_id, self)
1003 1004 1005
    end
  end

Robert Speicher's avatar
Robert Speicher committed
1006
  def issue_exists?(issue_id)
1007
    get_issue(issue_id)
Robert Speicher's avatar
Robert Speicher committed
1008 1009
  end

1010
  def default_issue_tracker
1011
    gitlab_issue_tracker_service || create_gitlab_issue_tracker_service
1012 1013 1014 1015 1016 1017 1018 1019 1020 1021
  end

  def issues_tracker
    if external_issue_tracker
      external_issue_tracker
    else
      default_issue_tracker
    end
  end

1022
  def external_issue_reference_pattern
1023
    external_issue_tracker.class.reference_pattern(only_long: issues_enabled?)
1024 1025
  end

1026
  def default_issues_tracker?
1027
    !external_issue_tracker
1028 1029 1030
  end

  def external_issue_tracker
1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044
    if has_external_issue_tracker.nil? # To populate existing projects
      cache_has_external_issue_tracker
    end

    if has_external_issue_tracker?
      return @external_issue_tracker if defined?(@external_issue_tracker)

      @external_issue_tracker = services.external_issue_trackers.first
    else
      nil
    end
  end

  def cache_has_external_issue_tracker
1045
    update_column(:has_external_issue_tracker, services.external_issue_trackers.any?) if Gitlab::Database.read_write?
1046 1047
  end

1048 1049 1050 1051
  def has_wiki?
    wiki_enabled? || has_external_wiki?
  end

1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064
  def external_wiki
    if has_external_wiki.nil?
      cache_has_external_wiki # Populate
    end

    if has_external_wiki
      @external_wiki ||= services.external_wikis.first
    else
      nil
    end
  end

  def cache_has_external_wiki
1065
    update_column(:has_external_wiki, services.external_wikis.any?) if Gitlab::Database.read_write?
1066 1067
  end

1068 1069 1070
  def find_or_initialize_services(exceptions: [])
    available_services_names = Service.available_services_names - exceptions

1071
    available_services = available_services_names.map do |service_name|
1072
      find_or_initialize_service(service_name)
1073
    end
1074

1075
    available_services.compact
1076 1077 1078 1079
  end

  def disabled_services
    []
1080 1081
  end

1082
  def find_or_initialize_service(name)
1083 1084
    return if disabled_services.include?(name)

1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096
    service = find_service(services, name)
    return service if service

    # We should check if template for the service exists
    template = find_service(services_templates, name)

    if template
      Service.build_from_template(id, template)
    else
      # If no template, we should create an instance. Ex `build_gitlab_ci_service`
      public_send("build_#{name}_service") # rubocop:disable GitlabSecurity/PublicSend
    end
1097 1098
  end

1099
  # rubocop: disable CodeReuse/ServiceClass
1100 1101
  def create_labels
    Label.templates.each do |label|
Felipe Artur's avatar
Felipe Artur committed
1102
      params = label.attributes.except('id', 'template', 'created_at', 'updated_at', 'type')
1103
      Labels::FindOrCreateService.new(nil, self, params).execute(skip_authorization: true)
1104 1105
    end
  end
1106
  # rubocop: enable CodeReuse/ServiceClass
1107

1108 1109 1110
  def find_service(list, name)
    list.find { |service| service.to_param == name }
  end
1111

1112
  def c