delta/gitlab/gitlab-ce.git/spec/controllers, branch 25264-ref-commit

Fix URL rewritting in the Help section

2016-12-01T15:40:48+00:00

Signed-off-by: Rémy Coutable

Do not raise error in AutocompleteController#users when not authorized

2016-11-30T05:09:14+00:00

https://gitlab.com/gitlab-org/gitlab-ce/issues/25031

Merge branch 'ee-1137-follow-up-protected-branch-users-and-groups' into 'master'

2016-11-30T03:18:10+00:00


CE-specific changes for gitlab-org/gitlab-ee#1137

## What does this MR do?

- gitlab-org/gitlab-ee#1137 is a `technical debt` issue to clean up the EE protected branch access levels (for users and groups) implementation.
- Some of this cleanup bleeds over to code shared by CE and EE, which is why this MR is required.
- An EE-specific MR has also been created: gitlab-org/gitlab-ee!927

See merge request !7821

CE-specific changes gitlab-org/gitlab-ee#1137

2016-11-29T12:08:45+00:00

- Extract all common {push,merge} access level model code into the
  `ProtectedBranchAccess` module

- Use the HTTP verb to define controller specs

fix blob controller spec failure - updated not to use file-path-

2016-11-29T09:40:56+00:00

Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'

2016-11-29T00:25:46+00:00

Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested

- [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030

Merge branch 'jej-22869' into 'security'

2016-11-29T00:25:18+00:00

Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023

Ensure user is authenticated to create a new snippet

2016-11-28T15:57:49+00:00

Signed-off-by: Rémy Coutable

Merge branch 'fix-dead-help-link' into 'master'

2016-11-28T09:01:08+00:00


Fix a broken link and avoid potential creation of future broken links on the help page.

See merge request !7582

Merge branch 'rephrase-system-notes' into 'master'

2016-11-25T04:36:13+00:00


Rephrase some system notes to be compatible with new system note style

See merge request !7692