Allow comparisons of branches across projects [RUN ALL RSPEC] [RUN AS-IF-FOSS]
What does this MR do?
This is already permitted in the merge request view, for creating fork merge requests, so it should be permitted in the repository view too.
This MR is a precursor to the frontend MR, which is found in #14615 (closed) . It enhances the controller to accept a from_project_id
in the create
, show
, and diff_for_path
endpoints. If that parameter is available, and the user can see code in the referenced project, then we construct the diff against from_project:from_ref...to_project:to_ref
. If it isn't present, we construct the diff against to_project:from_ref...to_project:to_ref
, as before.
What is affected is the Project > Repository > Compare
functionality, e.g., this page: https://gitlab.com/gitlab-org/gitlab/-/compare . That is the index
action in this controller. The submit button there goes to the create
action, which doesn't create anything, merely validates references and redirects to the show
action.
There is no difference in the user experience until the frontend MR ( !52967 (merged) )is merged, so we have no changelog entry and no feature specs in this MR. The show
page also doesn't display any indication that the diff now comes from a different project. That will be handled in !53523 (merged) - since the new functionality can't be accessed yet, it should be fine.
Manual testing could append ?from_project_id=...
to any create or show page, or you could merge the frontend branch into this one to get some controls to use.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #14615 (closed)