delta/gitlab/gitlab-ce.git/app/controllers/dashboard/groups_controller.rb, branch fix/github-doc

Fixed default group sort option

2017-10-06T15:07:09+00:00

Closes #38808

Removes default scope from sortable

2017-09-07T12:01:59+00:00

Use group and project finders instead of direct ActiveRecord relations

2017-06-08T01:22:34+00:00

Serialize groups as json for Dashboard::GroupsController

2017-05-04T20:45:02+00:00

Signed-off-by: Dmitriy Zaporozhets

Add filter and sorting to dashboard groups page

2017-03-01T13:39:59+00:00

Signed-off-by: Dmitriy Zaporozhets

Store group and project full name and full path in routes table

2017-02-08T17:14:29+00:00

Signed-off-by: Dmitriy Zaporozhets

Fix an information disclosure when requesting access to a group containing private projects

2016-06-24T10:01:48+00:00

The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.

Signed-off-by: Rémy Coutable

Use the configured Kaminari "per page" default

2016-03-19T21:37:54+00:00

Add a page title to every page.

2015-04-30T17:12:15+00:00

Move group leave action from dashboard/groups to groups/group_members.

2015-03-15T12:52:28+00:00