VladPolskiy/gitlab-ce
1
0
Fork 0
mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-07-21 23:37:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
gitlab-ce/app/models/note.rb
GitLab Bot 27211da937 Add latest changes from gitlab-org/gitlab@master
2025-07-11 21:07:14 +00:00

881 lines
25 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
# A note on the root of an issue, merge request, commit, or snippet.
#
# A note of this type is never resolvable.
class Note < ApplicationRecord
extend ActiveModel::Naming
extend Gitlab::Utils::Override
include Notes::ActiveRecord
include Notes::Discussion
include Gitlab::Utils::StrongMemoize
include Participable
include Mentionable
include Awardable
include Importable
include Import::HasImportSource
include FasterCacheKeys
include Redactable
include CacheMarkdownField
include AfterCommitQueue
include ResolvableNote
include Editable
include Gitlab::SQL::Pattern
include ThrottledTouch
include FromUnion
include Sortable
include EachBatch
include Spammable
cache_markdown_field :note, pipeline: :note, issuable_reference_expansion_enabled: true
redact_field :note
TYPES_RESTRICTED_BY_PROJECT_ABILITY = {
branch: :download_code
}.freeze
TYPES_RESTRICTED_BY_GROUP_ABILITY = {
contact: :read_crm_contact
}.freeze
NON_DIFF_NOTE_TYPES = ['Note', 'DiscussionNote', nil].freeze
# Attribute containing rendered and redacted Markdown as generated by
# Banzai::ObjectRenderer.
attr_accessor :redacted_note_html
# Total of all references as generated by Banzai::ObjectRenderer
attr_accessor :total_reference_count
# Number of user visible references as generated by Banzai::ObjectRenderer
attr_accessor :user_visible_reference_count
# Attribute used to store the attributes that have been changed by quick actions.
attr_writer :commands_changes
# Attribute used to store the status of quick actions.
attr_accessor :quick_actions_status
# Attribute used to determine whether keep_around_commits will be skipped for diff notes.
attr_accessor :skip_keep_around_commits
# Attribute used to skip updates of `updated_at` for the noteable when it could impact database health.
attr_accessor :skip_touch_noteable
attribute :system, default: false
attr_spammable :note, spam_description: true
attr_mentionable :note, pipeline: :note
participant :author
belongs_to :namespace
belongs_to :project
belongs_to :noteable, polymorphic: true # rubocop:disable Cop/PolymorphicAssociations
belongs_to :review, inverse_of: :notes
# The delete_all definition is required here in order
# to generate the correct DELETE sql for
# suggestions.delete_all calls
has_many :suggestions, -> { order(:relative_order) },
inverse_of: :note, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
has_one :system_note_metadata
has_one :note_metadata, inverse_of: :note, class_name: 'Notes::NoteMetadata'
has_one :note_diff_file, inverse_of: :diff_note, foreign_key: :diff_note_id
has_many :diff_note_positions
# rubocop:disable Cop/ActiveRecordDependent -- polymorphic association
has_many :events, as: :target, dependent: :delete_all
# rubocop:enable Cop/ActiveRecordDependent
delegate :gfm_reference, :local_reference, to: :noteable
delegate :name, to: :project, prefix: true
delegate :title, to: :noteable, allow_nil: true
accepts_nested_attributes_for :note_metadata
validates :project, presence: true, if: :for_project_noteable?
validates :namespace, presence: true
validates :noteable_type, presence: true
validates :noteable_id, presence: true, unless: [:for_commit?, :importing?]
validates :commit_id, presence: true, if: :for_commit?
validate :ensure_noteable_can_have_confidential_note
validate :ensure_note_type_can_be_confidential
validate :ensure_confidentiality_not_changed, on: :update
validate :ensure_confidentiality_discussion_compliance
validate unless: [:for_commit?, :importing?, :skip_project_check?] do |note|
unless note.noteable.try(:project) == note.project
errors.add(:project, 'does not match noteable project')
end
end
validate :does_not_exceed_notes_limit?, on: :create, unless: [:system?, :importing?]
validates :position, :original_position, :change_position,
'notes/position_serialized_size': { max_bytesize: 100.kilobytes }
# Scopes
scope :for_commit_id, ->(commit_id) { where(noteable_type: "Commit", commit_id: commit_id) }
scope :system, -> { where(system: true) }
scope :user, -> { where(system: false) }
scope :not_internal, -> { where(internal: false) }
scope :common, -> { where(noteable_type: ["", nil]) }
scope :fresh, -> { order_created_asc.with_order_id_asc }
scope :updated_after, ->(time) { where('updated_at > ?', time) }
scope :with_suggestions, -> { joins(:suggestions) }
scope :inc_author, -> { includes(:author) }
scope :authored_by, ->(user) { where(author: user) }
scope :inc_note_diff_file, -> { includes(:note_diff_file) }
scope :with_api_entity_associations, -> { preload(:note_diff_file, :author) }
scope :inc_relations_for_view, ->(noteable = nil) do
relations = [
{ project: :group }, { author: :status }, :updated_by, :resolved_by,
:award_emoji, :note_metadata, :suggestions,
{ system_note_metadata: { description_version: [:issue, :merge_request] } }
]
if noteable.nil? || DiffNote.noteable_types.include?(noteable.class.name)
relations += [:note_diff_file, :diff_note_positions]
end
includes(relations)
end
scope :with_notes_filter, ->(notes_filter) do
case notes_filter
when UserPreference::NOTES_FILTERS[:only_comments]
user
when UserPreference::NOTES_FILTERS[:only_activity]
system
else
all
end
end
scope :diff_notes, -> { where(type: %w[LegacyDiffNote DiffNote]) }
scope :new_diff_notes, -> { where(type: 'DiffNote') }
scope :non_diff_notes, -> { where(type: NON_DIFF_NOTE_TYPES) }
scope :with_associations, -> do
# FYI noteable cannot be loaded for LegacyDiffNote for commits
includes(
:author, :noteable, :updated_by,
project: [:project_members, :namespace, { group: [:group_members] }]
)
end
scope :with_metadata, -> { includes(:system_note_metadata) }
scope :with_noteable_type, ->(type) { where(noteable_type: type) }
scope :with_noteable_ids, ->(ids) { where(noteable_id: ids) }
scope :with_note, ->(note) { where(note: note) }
scope :without_hidden, -> {
where_not_exists(Users::BannedUser.where('notes.author_id = banned_users.user_id'))
}
scope :for_note_or_capitalized_note, ->(text) { where(note: [text, text.capitalize]) }
scope :like_note_or_capitalized_note, ->(text) { where('(note LIKE ? OR note LIKE ?)', text, text.capitalize) }
scope :distinct_on_noteable_id, -> do
table = arel_table
select(
Arel.sql("DISTINCT ON (#{table[:noteable_id].name}) *")
)
end
scope :order_by_noteable_latest_first, -> do
table = arel_table
order(
table[:noteable_id].asc,
table[:created_at].desc,
table[:id].desc
)
end
before_validation :ensure_namespace_id, :nullify_blank_type, :nullify_blank_line_code
# Syncs `confidential` with `internal` as we rename the column.
# https://gitlab.com/gitlab-org/gitlab/-/issues/367923
before_create :set_internal_flag
after_save :keep_around_commit, if: :for_project_noteable?, unless: -> { importing? || skip_keep_around_commits }
after_save :touch_noteable, if: :touch_noteable?
after_commit :notify_after_create, on: :create
after_commit :notify_after_destroy, on: :destroy
after_commit :trigger_note_subscription_create, on: :create
after_commit :trigger_note_subscription_update, on: :update
after_commit :trigger_note_subscription_destroy, on: :destroy
after_commit :broadcast_noteable_notes_changed, unless: :importing?
after_commit :trigger_work_item_updated_subscription, on: :create, if: :system?
def trigger_note_subscription_create
return unless trigger_note_subscription?
GraphqlTriggers.work_item_note_created(noteable.to_work_item_global_id, self)
end
def trigger_note_subscription_update
return unless trigger_note_subscription?
GraphqlTriggers.work_item_note_updated(noteable.to_work_item_global_id, self)
end
def trigger_note_subscription_destroy
return unless trigger_note_subscription?
# when deleting a note, we cannot pass it on as a Note instance, as GitlabSchema.object_from_id
# would try to resolve the given Note and fetch it from DB which would raise NotFound exception.
# So instead we just pass over the string representations of the note and discussion IDs,
# so that the subscriber can identify the discussion and the note.
deleted_note_data = {
id: self.id,
model_name: self.class.name,
discussion_id: self.discussion_id,
last_discussion_note: discussion.notes == [self]
}
GraphqlTriggers.work_item_note_deleted(noteable.to_work_item_global_id, deleted_note_data)
end
def trigger_work_item_updated_subscription
return unless trigger_note_subscription?
return unless system_note_work_item_reference?
GraphqlTriggers.work_item_updated(noteable)
end
class << self
extend Gitlab::Utils::Override
def model_name
ActiveModel::Name.new(self, nil, 'note')
end
def parent_object_field
:noteable
end
# Group diff discussions by line code or file path.
# It is not needed to group by line code when comment is
# on an image.
def grouped_diff_discussions(diff_refs = nil)
groups = {}
diff_notes.fresh.discussions.each do |discussion|
group_key =
if discussion.on_image?
discussion.file_new_path
else
discussion.line_code_in_diffs(diff_refs)
end
if group_key
discussions = groups[group_key] ||= []
discussions << discussion
end
end
groups
end
def positions
where.not(position: nil)
.select(:id, :type, :position) # ActiveRecord needs id and type for typecasting.
.map(&:position)
end
def count_for_collection(ids, type, count_column = 'COUNT(*) as count')
user.select(:noteable_id, count_column)
.group(:noteable_id)
.where(noteable_type: type, noteable_id: ids)
end
def search(query)
fuzzy_search(query, [:note])
end
# Override the `Sortable` module's `.simple_sorts` to remove name sorting,
# as a `Note` does not have any property that correlates to a "name".
override :simple_sorts
def simple_sorts
super.except('name_asc', 'name_desc')
end
def cherry_picked_merge_requests(shas)
where(noteable_type: 'MergeRequest', commit_id: shas).select(:noteable_id)
end
def with_web_entity_associations
preload(:project, :author, :noteable)
end
end
# rubocop: disable CodeReuse/ServiceClass
def system_note_with_references?
return unless system?
if force_cross_reference_regex_check?
matches_cross_reference_regex?
else
::SystemNotes::IssuablesService.cross_reference?(note)
end
end
# rubocop: enable CodeReuse/ServiceClass
def diff_note?
false
end
def active?
true
end
def hook_attrs
Gitlab::HookData::NoteBuilder.new(self).build
end
def supports_suggestion?
false
end
def for_commit?
noteable_type == "Commit"
end
def for_issue?
noteable_type == "Issue"
end
def for_work_item?
noteable.is_a?(WorkItem)
end
def for_merge_request?
noteable_type == "MergeRequest"
end
def for_snippet?
noteable_type == "Snippet"
end
def for_alert_mangement_alert?
noteable_type == 'AlertManagement::Alert'
end
def for_vulnerability?
noteable_type == "Vulnerability"
end
def for_compliance_violation?
noteable_type == 'ComplianceManagement::Projects::ComplianceViolation'
end
def for_project_snippet?
noteable.is_a?(ProjectSnippet)
end
def for_personal_snippet?
noteable.is_a?(PersonalSnippet)
end
def for_wiki_page?
noteable_type == "WikiPage::Meta"
end
def for_project_noteable?
!(for_personal_snippet? || for_abuse_report? || group_level_issue?)
end
def group_level_issue?
(for_issue? || for_work_item?) && noteable&.project_id.blank?
end
def for_design?
noteable_type == DesignManagement::Design.name
end
def for_issuable?
for_issue? || for_merge_request?
end
def for_abuse_report?
noteable_type == AbuseReport.name
end
def skip_project_check?
!for_project_noteable?
end
def commit
@commit ||= project.commit(commit_id) if commit_id.present?
end
# Notes on merge requests and commits can be traced back to one or several
# MRs. This method returns a relation if the note is for one of these types,
# or nil if it is a note on some other object.
def merge_requests
if for_commit?
project.merge_requests.by_commit_sha(commit_id)
elsif for_merge_request?
MergeRequest.id_in(noteable_id)
end
end
# override to return commits, which are not active record
def noteable
return commit if for_commit?
super
rescue StandardError
# Temp fix to prevent app crash
# if note commit id doesn't exist
nil
end
# FIXME: Hack for polymorphic associations with STI
# For more information visit http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#label-Polymorphic+Associations
def noteable_type=(noteable_type)
super(noteable_type.to_s.classify.constantize.base_class.to_s)
end
def contributor?
project&.team&.contributor?(self.author_id)
end
# overridden in ee
def human_max_access
project&.team&.human_max_access(self.author_id)
end
def noteable_author?(noteable)
noteable.author == self.author
end
def project_name
project&.name
end
def confidential?(include_noteable: false)
return true if confidential
include_noteable && noteable.try(:confidential?)
end
def editable?
!system?
end
# We used `last_edited_at` as an alias of `updated_at` before.
# This makes it compatible with the previous way without data migration.
def last_edited_at
super || updated_at
end
# Since we used `updated_at` as `last_edited_at`, it could be touched by transforming / resolving a note.
# This makes sure it is only marked as edited when the note body is updated.
def edited?
return false if read_attribute(:last_edited_at).blank? && updated_by.blank?
super
end
def award_emoji?
can_be_award_emoji? && contains_emoji_only?
end
def emoji_awardable?
!system?
end
def can_be_award_emoji?
noteable.is_a?(Awardable) && !part_of_discussion?
end
def contains_emoji_only?
note =~ /\A#{Banzai::Filter::EmojiFilter.emoji_pattern}\s?\Z/
end
def noteable_ability_name
if for_snippet?
'snippet'
elsif for_alert_mangement_alert?
'alert_management_alert'
elsif for_vulnerability?
'security_resource'
elsif for_wiki_page?
'wiki_page'
elsif for_compliance_violation?
'compliance_violations_report'
else
noteable_type.demodulize.underscore
end
end
def can_be_discussion_note?
self.noteable.supports_discussions? && !part_of_discussion? && !system?
end
def can_create_todo?
# Skip system notes, and notes on snippets
!system? && !for_snippet?
end
def references
refs = [noteable]
if part_of_discussion?
refs += discussion.notes.take_while { |n| n.id < id }
end
refs
end
def bump_updated_at
# Instead of calling touch which is throttled via ThrottledTouch concern,
# we bump the updated_at column directly. This also prevents executing
# after_commit callbacks that we don't need.
attributes_to_update = { updated_at: Time.current }
# Notes that were edited before the `last_edited_at` column was added, fall back to `updated_at` for the edit time.
# We copy this over to the correct column so we don't erroneously change the edit timestamp.
if updated_by_id.present? && read_attribute(:last_edited_at).blank?
attributes_to_update[:last_edited_at] = updated_at
end
update_columns(attributes_to_update)
end
def broadcast_noteable_notes_changed
noteable&.broadcast_notes_changed
end
def touch(*args, **kwargs)
# We're not using an explicit transaction here because this would in all
# cases result in all future queries going to the primary, even if no writes
# are performed.
#
# We touch the noteable first so its SELECT query can run before our writes,
# ensuring it runs on a secondary (if no prior write took place).
touch_noteable
super
end
# By default Rails will issue an "SELECT *" for the relation, which is
# overkill for just updating the timestamps. To work around this we manually
# touch the data so we can SELECT only the columns we need.
def touch_noteable
# Commits are not stored in the DB so we can't touch them.
# Vulnerabilities should not be touched as they are tracked in the same manner as other issuable types
return if for_vulnerability? || for_commit?
assoc = association(:noteable)
noteable_object =
if assoc.loaded?
noteable
else
# If the object is not loaded (e.g. when notes are loaded async) we
# _only_ want the data we actually need.
assoc.scope.select(:id, :updated_at).take
end
noteable_object&.touch
# We return the noteable object so we can re-use it in EE for Elasticsearch.
noteable_object
end
def notify_after_create
noteable&.after_note_created(self)
end
def notify_after_destroy
noteable&.after_note_destroyed(self)
end
def banzai_render_context(field)
additional_attributes = { noteable: noteable, system_note: system?, label_url_method: noteable_label_url_method }
additional_attributes[:group] = namespace if namespace.is_a?(Group)
super.merge(additional_attributes)
end
def retrieve_upload(_identifier, paths)
Upload.find_by(model: self, path: paths)
end
def resource_parent
noteable.try(:resource_parent) || project
end
def user_mentions
return Note.none unless noteable.present?
noteable.user_mentions.where(note: self)
end
def system_note_visible_for?(user)
return true unless system?
system_note_viewable_by?(user) && all_referenced_mentionables_allowed?(user)
end
def parent_user
noteable.author if for_personal_snippet?
end
def skip_notification?
review.present? || !author.can_trigger_notifications?
end
def post_processed_cache_key
cache_key_items = [cache_key, author&.cache_key]
cache_key_items << project.team.human_max_access(author&.id) if author.present?
cache_key_items << Digest::SHA1.hexdigest(redacted_note_html) if redacted_note_html.present?
cache_key_items.join(':')
end
override :user_mention_class
def user_mention_class
return if noteable.blank?
noteable.user_mention_class
end
override :user_mention_identifier
def user_mention_identifier
return if noteable.blank?
noteable.user_mention_identifier.merge({
note_id: id
})
end
def show_outdated_changes?
return false unless for_merge_request?
return false unless system?
return false if change_position&.on_file?
return false unless change_position&.line_range
change_position.line_range["end"] || change_position.line_range["start"]
end
def commands_changes
@commands_changes&.slice(
:due_date,
:label_ids,
:remove_label_ids,
:add_label_ids,
:canonical_issue_id,
:clone_with_notes,
:confidential,
:create_merge_request,
:add_contacts,
:remove_contacts,
:assignee_ids,
:milestone_id,
:time_estimate,
:spend_time,
:discussion_locked,
:merge,
:rebase,
:wip_event,
:target_branch,
:reviewer_ids,
:health_status,
:promote_to_epic,
:weight,
:emoji_award,
:todo_event,
:subscription_event,
:state_event,
:title,
:tag_message,
:tag_name
)
end
def mentioned_users(current_user = nil)
users = super
return users unless confidential?
Ability.users_that_can_read_internal_notes(users, resource_parent)
end
def mentioned_filtered_user_ids_for(references)
return super unless confidential?
user_ids = references.mentioned_user_ids.presence
return [] if user_ids.blank?
users = User.where(id: user_ids)
Ability.users_that_can_read_internal_notes(users, resource_parent).pluck(:id)
end
def issuable_ability_name
confidential? ? :read_internal_note : :read_note
end
def exportable_record?(user)
return true unless system?
readable_by?(user)
end
# Override method defined in Spammable
# Wildcard argument because user: argument is not used
def check_for_spam?(*)
return false if system? || !spammable_attribute_changed? || confidential?
return false if noteable.try(:confidential?) == true || noteable.try(:public?) == false
return false if noteable.try(:group)&.public? == false || project&.public? == false
true
end
# Use attributes.keys instead of attribute_names to filter out the fields that are skipped during export:
#
# - note_html
# - cached_markdown_version
def attribute_names_for_serialization
attributes.keys
end
private
def touch_noteable?
!importing? && !skip_touch_noteable
end
def trigger_note_subscription?
for_issue? && noteable
end
def system_note_viewable_by?(user)
return true unless system_note_metadata
system_note_viewable_by_project_ability?(user) && system_note_viewable_by_group_ability?(user)
end
def system_note_viewable_by_project_ability?(user)
project_restriction = TYPES_RESTRICTED_BY_PROJECT_ABILITY[system_note_metadata.action.to_sym]
!project_restriction || Ability.allowed?(user, project_restriction, project)
end
def system_note_viewable_by_group_ability?(user)
group_restriction = TYPES_RESTRICTED_BY_GROUP_ABILITY[system_note_metadata.action.to_sym]
!group_restriction || Ability.allowed?(user, group_restriction, project&.group)
end
def keep_around_commit
project.repository.keep_around(self.commit_id, source: "#{noteable_type}/#{self.class.name}")
end
def ensure_namespace_id
return if namespace_id.present? && !noteable_changed? && !project_changed?
self.namespace_id = if for_issue?
# Some issues are not project noteables (e.g. group-level work items)
# so we need this separate condition
noteable&.namespace_id
elsif for_project_noteable?
project&.project_namespace_id
elsif for_personal_snippet?
noteable&.author&.namespace&.id
end
end
def nullify_blank_type
self.type = nil if self.type.blank?
end
def nullify_blank_line_code
self.line_code = nil if self.line_code.blank?
end
def all_referenced_mentionables_allowed?(user)
return true unless system_note_with_references?
if user_visible_reference_count.present? && total_reference_count.present?
# if they are not equal, then there are private/confidential references as well
user_visible_reference_count > 0 && user_visible_reference_count == total_reference_count
else
refs = all_references(user)
refs.all.present? && refs.all_visible?
end
end
def force_cross_reference_regex_check?
return unless system?
system_note_metadata&.cross_reference_types&.include?(system_note_metadata&.action)
end
def does_not_exceed_notes_limit?
return unless noteable
notes_count = noteable.persisted? ? noteable.notes.count : noteable.notes.size
errors.add(:base, _('Maximum number of comments exceeded')) if notes_count >= Noteable::MAX_NOTES_LIMIT
end
def noteable_label_url_method
for_merge_request? ? :project_merge_requests_url : :project_issues_url
end
def ensure_confidentiality_not_changed
return unless will_save_change_to_attribute?(:confidential)
return unless attribute_change_to_be_saved(:confidential).include?(true)
errors.add(:confidential, _('can not be changed for existing notes'))
end
def ensure_confidentiality_discussion_compliance
return if start_of_discussion?
if discussion.first_note.confidential? != confidential?
errors.add(:confidential, _('reply should have same confidentiality as top-level note'))
end
ensure
clear_memoization(:discussion)
end
def ensure_noteable_can_have_confidential_note
return unless confidential?
return if noteable_can_have_confidential_note?
errors.add(:confidential, _('can not be set for this resource'))
end
def ensure_note_type_can_be_confidential
return unless confidential?
return if NON_DIFF_NOTE_TYPES.include?(type)
errors.add(:confidential, _('can not be set for this type of note'))
end
def noteable_can_have_confidential_note?
for_issuable? || for_wiki_page?
end
def set_internal_flag
self.internal = confidential if confidential
end
def system_note_work_item_reference?
note.present? && system_note_metadata&.about_relation?
end
end
Note.prepend_mod
Reference in New Issue View Git Blame Copy Permalink