delta/gitlab/gitlab-ce.git/app/views/admin/users, branch scroll-code-blocks

Fix confusing description of a blocked user.

2016-08-02T11:10:02+00:00

Remove unnecesary CSS class

2016-07-14T20:36:53+00:00

Add min attribute to project_limit field on user's form

2016-07-08T16:22:19+00:00

Revert "Revert "Merge branch 'issue_3946' into 'master' ""

2016-07-08T03:48:02+00:00

This reverts commit bf2a86b73cce332ff8f4392ffc8df501193f32ec.

Revert "Merge branch 'issue_3946' into 'master' "

2016-07-07T22:25:05+00:00

This reverts commit 68155ee73b549a4f79744bb325542c29d45c71ea, reversing
changes made to 7ebd011ed1de7aee706f07a53c63c90f1c8aa5d4.

Rephrase deletion alert message

2016-07-07T18:25:58+00:00

Layout for Users Groups and Projects on admin area

2016-07-07T18:25:58+00:00

Remove unnecessary parens

2016-06-30T13:01:26+00:00

Fix an information disclosure when requesting access to a group containing private projects

2016-06-24T10:01:48+00:00

The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.

Signed-off-by: Rémy Coutable

Add sub links to overview

2016-06-15T14:10:16+00:00