delta/gitlab/gitlab-ce.git/app/controllers/projects/application_controller.rb, branch docs/doc-README gitlab.com: gitlab-org/gitlab-ce.git Fix and expand Gitaly FindCommit caching 2019-04-04T20:42:58+00:00 Stan Hu stanhu@gmail.com 2019-04-04T20:22:11+00:00 f2fa7c32992db5a2b1b6acadc6c203c93c139f3b https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26248 added support for deduplicating FindCommit requests using Gitaly ref name caching. However, not all endpoints were covered, and in one case the Gitaly wrapper wasn't actually surrounding the serialization step. We can safely cache ref names between FindCommit calls for #index and #show endpoints for merge requests and pipelines. This can significantly reduce the number of FindCommit requests. 
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26248 added
support for deduplicating FindCommit requests using Gitaly ref name
caching. However, not all endpoints were covered, and in one case the
Gitaly wrapper wasn't actually surrounding the serialization step. We
can safely cache ref names between FindCommit calls for #index and #show
endpoints for merge requests and pipelines. This can significantly
reduce the number of FindCommit requests.
Adds the Rubocop ReturnNil cop 2019-03-06T15:51:56+00:00 Andrew Newdigate andrew@gitlab.com 2019-02-08T12:19:53+00:00 3288e1a874ec0184f9f27f932748e51c57babf17 This style change enforces `return if ...` instead of `return nil if ...` to save maintainers a few minor review points 
This style change enforces `return if ...` instead of
`return nil if ...` to save maintainers a few minor review points
Restore 403 functionality for external auth (EE) 2018-11-01T06:37:32+00:00 Thong Kuah tkuah@gitlab.com 2018-10-31T10:31:24+00:00 28dabc67f4db8271ac20c0db458ae2c86a906eee When we unhooked ClustersController from Project::ApplicationsController, we missed an EE override to handle_not_found_or_authorized. Rather than carry on with override RoutingActions, make a specific proc for Project that we override in EE instead. Use that proc in both Clusters::BaseController and Project::ApplicationsController. 
When we unhooked ClustersController from
Project::ApplicationsController, we missed an EE override to
handle_not_found_or_authorized.

Rather than carry on with override RoutingActions, make a specific proc
for Project that we override in EE instead. Use that proc in both
Clusters::BaseController and Project::ApplicationsController.
Enable even more frozen string in app/controllers 2018-09-26T05:43:49+00:00 gfyoung gfyoung17@gmail.com 2018-09-26T03:45:43+00:00 12ee2753c1e27c0c9480a8e79db2463ba51ba3ec Enables frozen string for some vestigial files as well as the following: * app/controllers/projects/**/*.rb * app/controllers/sherlock/**/*.rb * app/controllers/snippets/**/*.rb * app/controllers/users/**/*.rb Partially addresses #47424. 
Enables frozen string for some vestigial files as
well as the following:

* app/controllers/projects/**/*.rb
* app/controllers/sherlock/**/*.rb
* app/controllers/snippets/**/*.rb
* app/controllers/users/**/*.rb

Partially addresses #47424.
Set issuable_sort and diff_view cookies to secure when possible 2018-09-04T05:37:36+00:00 Stan Hu stanhu@gmail.com 2018-08-30T20:39:56+00:00 b9cee4ba3c5e22766de771edde2b8d523ee84993 Closes #49120 
Closes #49120
Updates from `rubocop -a` 2018-07-09T13:13:08+00:00 Lin Jen-Shin godfat@godfat.org 2018-07-02T10:43:06+00:00 4ee08b77bc5ae11553d59c182ea8292b77699115 






[Rails5] Use `safe_params` instead of `params` in `url_for` helpers
2018-04-28T10:35:16+00:00

blackst0ne
blackst0ne.ru@gmail.com

2018-04-28T10:35:16+00:00

350e26b8a660f2d98ef874be3fa1a15b93965979

This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168





This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168







Share collaboration check between view and presenter
2018-04-11T08:51:15+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-04-06T14:02:36+00:00

12dd2b0cc0cf6dd8dc43ff8b8df8687268ba4af5












Rename `create_merge_request` permissions
2018-04-11T08:51:15+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-04-06T12:18:58+00:00

8ad9c4e873f2185e8bbfa6f363db32dbbba27141

So we can distinguish between the permissions on the source and the
target project.

- `create_merge_request_from` indicates a user can create a merge
  request with the project as a source_project
- `create_merge_request_in` indicates a user can create a merge
  request with the project as a target_project





So we can distinguish between the permissions on the source and the
target project.

- `create_merge_request_from` indicates a user can create a merge
  request with the project as a source_project
- `create_merge_request_in` indicates a user can create a merge
  request with the project as a target_project







Prevent new merge requests for archived projects
2018-04-11T08:51:14+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-04-06T10:47:52+00:00

ec43e3644436e0ae90f6fb6a64256c38ceb68cc9

This prevents creating merge requests targeting archived projects.

This could happen when a project was already forked, but then the
source was archived.





This prevents creating merge requests targeting archived projects.

This could happen when a project was already forked, but then the
source was archived.