delta/gitlab/gitlab-ce.git/spec/controllers, branch frozen_string_spec_models gitlab.com: gitlab-org/gitlab-ce.git Allow ref name caching CommitService#find_commit 2019-03-27T19:46:39+00:00 Stan Hu stanhu@gmail.com 2019-03-17T06:23:11+00:00 db759c5d9ca3ba9c1610b05d6725c1427d653bef For a given merge request, it's quite common to see duplicate FindCommit Gitaly requests because the Gitaly CommitService caches the request by the commit SHA, not by the ref name. However, most of the duplicate requests use the ref name, so the cache is never actually used in practice. This leads to unnecessary requests that slow performance. This commit allows certain callers to bypass the ref name to OID conversion in the cache. We don't do this by default because it's possible the tip of the branch changes during the commit, which would cause the caller to get stale data. This commit also forces the Ci::Pipeline to use the full ref name so that caching can work for merge requests. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57083 
For a given merge request, it's quite common to see duplicate FindCommit
Gitaly requests because the Gitaly CommitService caches the request by
the commit SHA, not by the ref name. However, most of the duplicate
requests use the ref name, so the cache is never actually used in
practice. This leads to unnecessary requests that slow performance.

This commit allows certain callers to bypass the ref name to
OID conversion in the cache. We don't do this by default because it's
possible the tip of the branch changes during the commit, which
would cause the caller to get stale data.

This commit also forces the Ci::Pipeline to use the full ref name
so that caching can work for merge requests.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57083
Add API access check to Graphql 2019-03-27T14:59:02+00:00 Felipe Artur fcardozo@gitlab.com 2019-03-27T14:59:02+00:00 73b553a42a1dec7bd38e0aeeb5514c2a566a98c9 Check if user can access API on GraphqlController 
Check if user can access API on GraphqlController
Merge remote-tracking branch 'dev/master' 2019-03-20T20:57:19+00:00 Alex Hanselka alex@gitlab.com 2019-03-20T20:57:19+00:00 c7fc0bf5319aacfc8d8f399202e2f0785d844fcc * dev/master: Update CHANGELOG.md for 11.8.3 Update CHANGELOG.md for 11.7.7 Only return `commands_changes` used in frontend 
* dev/master:
  Update CHANGELOG.md for 11.8.3
  Update CHANGELOG.md for 11.7.7
  Only return `commands_changes` used in frontend
Merge branch 'security-2826-fix-project-serialization-in-quick-actions' into 'master' 2019-03-20T20:56:40+00:00 Alex Hanselka alex@gitlab.com 2019-03-20T20:56:40+00:00 d8dfd330de71e54633995103103b0a6573ae298c Fix project serialization in quick actions response Closes #2826 See merge request gitlab/gitlabhq!3001 
Fix project serialization in quick actions response

Closes #2826

See merge request gitlab/gitlabhq!3001
 Merge branch 'create-identity-provider-policy' into 'master' 2019-03-20T16:08:05+00:00 Nick Thomas nick@gitlab.com 2019-03-20T16:08:05+00:00 4249eac3058fbc57724feb04b98a547732ca5959 Move out link\unlink ability checks to a policy See merge request gitlab-org/gitlab-ce!26278 
Move out link\unlink ability checks to a policy

See merge request gitlab-org/gitlab-ce!26278
 Reject HEAD requests to info/refs endpoint 2019-03-19T18:23:51+00:00 Stan Hu stanhu@gmail.com 2019-03-19T17:02:17+00:00 d165754400cd68f116babc1b0f50cf6109e85009 In production, we see high error rates due to clients attempting to use the dumb Git HTTP protocol with HEAD /foo/bar.git/info/refs endpoint. This isn't supported and causes Error 500s because Workhorse doesn't send along its secret because it's not proxying this request. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54579 
In production, we see high error rates due to clients attempting to use
the dumb Git HTTP protocol with HEAD /foo/bar.git/info/refs
endpoint. This isn't supported and causes Error 500s because Workhorse
doesn't send along its secret because it's not proxying this request.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54579
Move out link\unlink ability checks to a policy 2019-03-19T12:38:16+00:00 Pavel Shutsin pshutsin@gitlab.com 2019-03-18T14:36:34+00:00 8ee1927db90d43205b4e6f8bd13f209c74b41bd1 We can extend the policy in EE for additional behavior 
We can extend the policy in EE for additional behavior
Introduce ApplicationSettingImplementation yay 2019-03-19T05:01:37+00:00 Lin Jen-Shin godfat@godfat.org 2019-03-06T12:12:04+00:00 6b0d493350ed9288c4a68a35dbbb4a4b91bd9637 So the fake can enjoy it, too. We don't use `prepend` because that'll require we change `allow_any_instance_of` to `expect_next_instance_of`, but that's not very easy to do. We can do that later. 
So the fake can enjoy it, too. We don't use `prepend`
because that'll require we change `allow_any_instance_of` to
`expect_next_instance_of`, but that's not very easy to do.
We can do that later.
Fix undefined variable error on json project views 2019-03-19T00:27:28+00:00 Alejandro Rodríguez alejorro70@gmail.com 2019-03-19T00:01:49+00:00 585fcfb9e7be7300af04cd2f9c6d1d97d5333cf5 This mistake seems to have always been there, but it only resulted in errors on the `/explore*.json` since they were the one that _actually_ relied on the local variables. 
This mistake seems to have always been there, but it only resulted in
errors on the `/explore*.json` since they were the one that _actually_
relied on the local variables.
Only return `commands_changes` used in frontend 2019-03-18T18:28:35+00:00 Heinrich Lee Yu heinrich@gitlab.com 2019-03-15T00:07:52+00:00 3d85406734fc31bb9c9fb95ce26898b65b60b3ea When executing quick actions, this limits the `commands_changes` response to only those used by the frontend 
When executing quick actions, this limits the `commands_changes`
response to only those used by the frontend