delta/gitlab/gitlab-ce.git/spec/controllers/concerns, branch backport-gitlab-database

Preload ancestors after pagination when filtering

2018-07-06T12:09:36+00:00

We need to preload the ancestors of search results after applying
pagination limits. This way the search results itself are paginated,
but not the ancestors.

If we don't do this, we might not preload a parent group of a search
result as it has been cut off by pagination.

Backport InternalRedirect#sanitize_redirect

2018-06-13T23:02:32+00:00

Render a 403 when showing an access denied message

2018-06-05T08:29:27+00:00

When we want to show an access denied message to a user, we don't have
to hide the resource's existence.

So in that case we render a 403, this 403 is not handled by nginx on
omnibus installs, making sure the message is visible to the user.

Fix cross-origin errors when attempting to download JavaScript attachments

2018-05-14T04:49:51+00:00

If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.

Closes #45826

Reuses `InternalRedirect` when possible

2018-05-04T11:54:43+00:00

`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.

Enforces terms in the web application

2018-05-04T11:54:43+00:00

This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.

Share collaboration check between view and presenter

2018-04-11T08:51:15+00:00

Backport ee-40781-os-to-ce

2018-03-22T12:49:04+00:00

Add proxy_download to perform proxied sending of all files

2018-03-09T14:16:06+00:00

Port `read_cross_project` ability from EE

2018-02-22T16:11:36+00:00