Permalink
Browse files

Merge branch 'fix/export-att-inclusion' into 'master'

Fix attribute inclusion import/export config ignored in some cases

In the `import_export.yml` file we define the inclusion of some of the attributes. For some reason, this isn't working in certain cases - very unfortunate this includes `user`. This has been introduced in 8.10.3.

Related https://gitlab.com/gitlab-org/gitlab-ce/issues/20802

See merge request !1982
  • Loading branch information...
1 parent 1f6136b commit 4389f09e668c043c8a347c4c63f06795110dfbb3 @DouweM DouweM committed with tsigo Aug 15, 2016
View
@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.10.6
- Upgrade Rails to 4.2.7.1 for security fixes. !5781
+ - Fix privilege escalation via project export.
v 8.10.5
- Add a data migration to fix some missing timestamps in the members table. !5670
@@ -57,19 +57,16 @@ def handle_model_object(current_key, model_object, json_config_hash)
# +value+ existing model to be included in the hash
# +json_config_hash+ the original hash containing the root model
def create_model_value(current_key, value, json_config_hash)
- parsed_hash = { include: value }
- parse_hash(value, parsed_hash)
-
- json_config_hash[current_key] = parsed_hash
+ json_config_hash[current_key] = parse_hash(value) || { include: value }
end
# Calls attributes finder to parse the hash and add any attributes to it
#
# +value+ existing model to be included in the hash
# +parsed_hash+ the original hash
- def parse_hash(value, parsed_hash)
+ def parse_hash(value)
@attributes_finder.parse(value) do |hash|
- parsed_hash = { include: hash_or_merge(value, hash) }
+ { include: hash_or_merge(value, hash) }
end
end
@@ -12,7 +12,8 @@
except: [:iid],
include: [:merge_request_diff, :merge_request_test]
} },
- { commit_statuses: { include: :commit } }]
+ { commit_statuses: { include: :commit } },
+ { project_members: { include: { user: { only: [:email] } } } }]
}
end
@@ -7,13 +7,17 @@ project_tree:
- :merge_request_test
- commit_statuses:
- :commit
+ - project_members:
+ - :user
included_attributes:
project:
- :name
- :path
merge_requests:
- :id
+ user:
+ - :email
excluded_attributes:
merge_requests:

0 comments on commit 4389f09

Please sign in to comment.