delta/gitlab/gitlab-ce.git/spec/controllers/projects, branch 25264-ref-commit

fix blob controller spec failure - updated not to use file-path-

2016-11-29T09:40:56+00:00

Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'

2016-11-29T00:25:46+00:00

Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested

- [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030

Merge branch 'jej-22869' into 'security'

2016-11-29T00:25:18+00:00

Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023

Rephrase some system notes to be compatible with new system note style

2016-11-24T10:26:29+00:00

Updated code based on feedback

2016-11-21T16:29:07+00:00

Adds a flag to reflect whether or not there is data in cycle analytics

2016-11-21T16:19:18+00:00

Merge remote-tracking branch 'origin/master' into 22539-display-folders

2016-11-18T19:20:30+00:00

Merge branch 'fix-singin-redirect-for-fork-new' into 'master'

2016-11-17T19:35:30+00:00


Fixing the issue of visiting a project fork url giving 500 error when not signed…

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24302

See merge request !7392

Add helper method to toggle label subscription on labels controller spec

2016-11-17T17:10:13+00:00

Remove default value for `project` argument on subscribable concern

2016-11-17T17:10:13+00:00