delta/gitlab/gitlab-ce.git/app/models/user.rb, branch tests-for-diff-notes gitlab.com: gitlab-org/gitlab-ce.git Move to project dropdown with infinite scroll for better performance 2016-08-17T05:33:51+00:00 Paco Guzman pacoguzmanp@gmail.com 2016-08-05T13:29:20+00:00 03386633a42bd56b0b0b31b70eebaaaa33e1494e Use just SQL to check is a user can admin_issue on a project Tradeoff - we duplicate how we check admin_issue in a SQL relation in the Ability class 
Use just SQL to check is a user can admin_issue on a project

Tradeoff

- we duplicate how we check admin_issue in a SQL relation in the Ability class
Use cache for todos counter calling TodoService 2016-08-12T15:40:03+00:00 Paco Guzman pacoguzmanp@gmail.com 2016-07-08T16:42:47+00:00 1f2253545ba7a902212bace29f144a2246eeedab 






Store OTP secret key in secrets.yml
2016-08-03T14:46:37+00:00

Sean McGivern
sean@gitlab.com

2016-07-15T12:19:29+00:00

405379bbfcb7821b3dae77e5254362f2d696bb7d

.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.





.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.







Merge branch '18586-user-authorized_projects-is-slow' into 'master'

2016-07-20T20:35:11+00:00

Yorick Peterse
yorickpeterse@gmail.com

2016-07-20T20:35:11+00:00

9de377267dc7ea9b72e02e6dc5a083cdc3ee980b


Refactor user authorization check for a single project to avoid querying all user projects

See merge request !5102





Refactor user authorization check for a single project to avoid querying all user projects

See merge request !5102






Merge branch 'email-domain-blacklist' into 'master'

2016-07-20T20:26:00+00:00

Robert Speicher
robert@gitlab.com

2016-07-20T20:26:00+00:00

22c8e21bf432a68f05bd81685d76acc0a3c9607f


Added the ability to block sign ups using a domain blacklist.

As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.

Fixes #19749 

Related to #5573

See merge request !5259





Added the ability to block sign ups using a domain blacklist.

As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.

Fixes #19749 

Related to #5573

See merge request !5259






Refactor user authorization check for a single project to avoid querying all user projects
2016-07-20T19:14:31+00:00

Alejandro Rodríguez
alejorro70@gmail.com

2016-07-07T20:08:06+00:00

ea63346df5a420cebbc44491eef8e2d2a0fb5ad7

Currently, even when searching for all authorized issues of *one* project, we run the
`Users#authorized_projects` query (which can be rather slow). This update checks if
we are handling issues of just one project and does the authorization check locally.
It does have the downside of basically repeating the logic of `Users#authorized_projects`
on `Project#authorized_for_user`.





Currently, even when searching for all authorized issues of *one* project, we run the
`Users#authorized_projects` query (which can be rather slow). This update checks if
we are handling issues of just one project and does the authorization check locally.
It does have the downside of basically repeating the logic of `Users#authorized_projects`
on `Project#authorized_for_user`.







Ensure Owners are included in the scope for authorized_projects
2016-07-19T19:19:04+00:00

Robert Speicher
rspeicher@gmail.com

2016-07-19T19:19:04+00:00

17bac49154a399d34e7b884551d2fb78dff3cea3

Prior, when providing a `min_access_level` parameter to this method, we
called `Gitlab::Access.values` instead of `all_values`, mistakenly
omitting the `OWNER` level.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19878





Prior, when providing a `min_access_level` parameter to this method, we
called `Gitlab::Access.values` instead of `all_values`, mistakenly
omitting the `OWNER` level.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19878







Refactor `match_domain` to a predicate: `domain_matches?`
2016-07-18T22:53:43+00:00

Patricio Cano
suprnova32@gmail.com

2016-07-16T16:44:50+00:00

23afb02aaa957dd1a5ce35a141e4e8ecd80052ca












Refactor and rename `restricted_signup_domains` to `domain_whitelist` to better conform to its behavior and newly introduced behavior.
2016-07-18T22:53:43+00:00

Patricio Cano
suprnova32@gmail.com

2016-07-15T23:30:38+00:00

c71e658ccac85f111517e04b79d915c10867c7e3












Make sure email domain validation method is private.
2016-07-18T22:52:29+00:00

Patricio Cano
suprnova32@gmail.com

2016-07-15T14:54:04+00:00

e15fa67c9894ccb52aeb1f0116e083c9dbba24f5