delta/gitlab/gitlab-ce.git/app/controllers/groups/application_controller.rb, branch document-lambda-deploy gitlab.com: gitlab-org/gitlab-ce.git Enable more frozen string in app/controllers/ 2018-09-23T19:48:02+00:00 gfyoung gfyoung17@gmail.com 2018-09-23T19:44:14+00:00 be42c05054bda2417fdd26e86e0f4c80c9d0ccb6 Enables frozen string for the following: * app/controllers/dashboard/**/*.rb * app/controllers/explore/**/*.rb * app/controllers/google_api/**/*.rb * app/controllers/groups/**/*.rb * app/controllers/import/**/*.rb * app/controllers/instance_statistics/**/*.rb * app/controllers/ldap/**/*.rb * app/controllers/oauth/**/*.rb * app/controllers/profiles/**/*.rb Partially addresses #47424. 
Enables frozen string for the following:

* app/controllers/dashboard/**/*.rb
* app/controllers/explore/**/*.rb
* app/controllers/google_api/**/*.rb
* app/controllers/groups/**/*.rb
* app/controllers/import/**/*.rb
* app/controllers/instance_statistics/**/*.rb
* app/controllers/ldap/**/*.rb
* app/controllers/oauth/**/*.rb
* app/controllers/profiles/**/*.rb

Partially addresses #47424.
[Rails5] Use `safe_params` instead of `params` in `url_for` helpers 2018-04-28T10:35:16+00:00 blackst0ne blackst0ne.ru@gmail.com 2018-04-28T10:35:16+00:00 350e26b8a660f2d98ef874be3fa1a15b93965979 This commits replaces `params` with `safe_params` in `url_for` helpers to resolve security issues [1] and failing specs with the ``` ArgumentError: Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure. ``` error. [1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168 
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
Fix subgroup issue and MR pages empty states and counts 2018-02-27T10:32:29+00:00 Sean McGivern sean@gitlab.com 2018-02-23T12:10:57+00:00 868cb4307f93b2f8fa0d25d9e47e632d0855881e Previously, these wouldn't count issues or MRs in subgroups - meaning that if _this_ group had no issues or MRs, we'd show the empty state, which was wrong. 
Previously, these wouldn't count issues or MRs in subgroups - meaning that if
_this_ group had no issues or MRs, we'd show the empty state, which was wrong.
Port `read_cross_project` ability from EE 2018-02-22T16:11:36+00:00 Bob Van Landuyt bob@vanlanduyt.co 2017-12-11T14:21:06+00:00 148816cd67a314f17e79c107270cc708501bdd39 






Enable Layout/TrailingWhitespace cop and auto-correct offenses
2017-08-15T17:44:37+00:00

Robert Speicher
rspeicher@gmail.com

2017-08-15T17:44:37+00:00

4edfad96784e8f77ec8ead26f01b4012977ba58a












Refactor to more robust implementation
2017-05-19T16:13:27+00:00

Michael Kozono
mkozono@gmail.com

2017-05-18T23:23:05+00:00

49697bc8df613dfe8e88f5f7cd8eae57e26c786f

In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change:

When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.





In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change:

When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.







Resolve discussions
2017-05-05T19:12:50+00:00

Michael Kozono
mkozono@gmail.com

2017-05-05T00:06:01+00:00

f05469f99b8c52c4dab7ac9160b47676c87124f9












Dry up routable lookups. Fixes #30317
2017-05-05T19:12:50+00:00

Michael Kozono
mkozono@gmail.com

2017-05-04T21:20:13+00:00

9e48f02ea802814e4df1f1de5ed509942dca7581

Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.





Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.







Redirect from redirect routes to canonical routes
2017-05-05T19:11:57+00:00

Michael Kozono
mkozono@gmail.com

2017-05-01T20:46:30+00:00

7d02bcd2e0165a90a9f2c1edb34b064ff76afd69












ProjectsFinder should handle more options
2017-04-06T05:11:37+00:00

Jacopo
beschi.jacopo@gmail.com

2017-03-03T10:35:04+00:00

b996a82ff44e3bcad5e5fb70cabbfa808d06cf62

Extended ProjectFinder in order to handle the following options:
 - current_user - which user use
 - project_ids_relation: int[] - project ids to use
 - params:
   -  trending: boolean
   -  non_public: boolean
   -  starred: boolean
   -  sort: string
   -  visibility_level: int
   -  tags: string[]
   -  personal: boolean
   -  search: string
   -  non_archived: boolean

GroupProjectsFinder now inherits from ProjectsFinder.
Changed the code in order to use the new available options.





Extended ProjectFinder in order to handle the following options:
 - current_user - which user use
 - project_ids_relation: int[] - project ids to use
 - params:
   -  trending: boolean
   -  non_public: boolean
   -  starred: boolean
   -  sort: string
   -  visibility_level: int
   -  tags: string[]
   -  personal: boolean
   -  search: string
   -  non_archived: boolean

GroupProjectsFinder now inherits from ProjectsFinder.
Changed the code in order to use the new available options.