delta/gitlab/gitlab-ce.git/app/controllers/application_controller.rb, branch multi-line-inline-diff

Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member

2016-06-18T04:06:34+00:00

This is a try for a new approach to put the access checks at the service level.

Signed-off-by: Rémy Coutable

Merge branch 'feature/project-export' into 'master'

2016-06-17T15:35:27+00:00


Export project functionality

This is a MR for the export functionality of https://gitlab.com/gitlab-org/gitlab-ce/issues/3050, which adds the ability to export single projects.

- [x] members
- DB data
  - [x] issues
  - [x] issue comments
  - [x] merge requests
  - [x] merge request diff
  - [x] merge request comments
  - [x] labels
  - [x] milestones
  - [x] snippets
  - [x] releases
  - [x] events
  - [x] commit statuses
  - [x] CI builds
- File system data
  - [x] Git repository
  - [x] wiki
  - [x] uploads
  - [ ] ~~CI build traces~~
  - [ ] ~~CI build artifacts~~
  - [ ] ~~LFS objects~~
- DB configuration
  - [x] services
  - [x] web hooks
  - [x] protected branches
  - [x] deploy keys
  - [x] CI variables
  - [x] CI triggers

See merge request !3114

Implement @DouweM's feedback.

2016-06-16T02:54:13+00:00

- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
  single "authenticate_from_private_token" method, both in the
  application and API. Move relevant logic to
  `User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
  separate constant for personal access tokens since the param is the
  same as for private tokens.

Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens

2016-06-14T03:36:53+00:00

Merge branches 'feature/project-export-ui-experimental' and 'feature/project-import' of gitlab.com:gitlab-org/gitlab-ce into feature/project-export-ui-experimental

2016-06-13T12:00:19+00:00

# Conflicts:
#	Gemfile.lock
#	app/helpers/todos_helper.rb
#	app/models/todo.rb
#	app/views/projects/edit.html.haml
#	lib/gitlab/import_export/import_service.rb

Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens

2016-06-09T09:10:14+00:00

Add workhorse controller and API helpers

2016-06-06T11:16:30+00:00

Implement U2F registration.

2016-06-06T07:20:31+00:00

- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
  the page is not used to create a single "two factor auth" anymore. We
  can have a single 2FA authenticator app, along with any number of U2F
  devices, in any combination, so the page will be accessed after the
  first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
  browser's U2F implementation.
- Add tests for the JS components

Add a `U2fRegistrations` table/model.

2016-06-06T07:20:31+00:00

- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.

Fix rubocop spec.

2016-06-03T04:41:36+00:00