delta/gitlab/gitlab-ce.git/spec/helpers, branch api-shared-projects

Represent DiffRefs as proper class instead of tuple array

2016-07-06T22:50:58+00:00

New :request_access ability to replace a ugly helper

2016-07-05T12:35:26+00:00

- Group / project members cannot request access
- Group members cannot request access to a group's project

This addresses an issue where project owners could request access
to their own project, leading to UI inconsistency where their requester
status would replace their owner status.

Signed-off-by: Rémy Coutable

Merge branch 'explicit-requesters-scope' into 'master'

2016-07-01T22:23:26+00:00


Exclude requesters from Project#members, Group#members and User#members

## What does this MR do?

It excludes requesters from the `Project#members`, `Group#members` and `User#members` associations, and adds new `Project#requesters` and `Group#requesters` associations.

## Are there points in the code the reviewer needs to double check?

No.

## Why was this MR needed?

Without this, if you call `project.members`, requesters are included in the results! This is at best misleading, and at worst can lead to security issues. By excluding requesters from the `#members` associations, we avoid introducing security inadvertently since you have to call the `#requesters` association explicitly to get requesters.

## What are the relevant issue numbers?

This is something I realized while fixing the security issue #19102.

## Does this MR meet the acceptance criteria?

- [x] I don't think this needs a CHANGELOG since this is an internal change
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4946

Enable Style/EmptyLines cop, remove redundant ones

2016-07-01T19:56:17+00:00

Exclude requesters from Project#members, Group#members and User#members

2016-07-01T15:44:46+00:00

And create new Project#requesters, Group#requesters scopes.

Signed-off-by: Rémy Coutable

Refactor repository paths handling to allow multiple git mount points

2016-06-30T02:30:31+00:00

Be explicit which project and user ID are memoized

2016-06-29T20:42:15+00:00

Memoize the maximum access level for the author of notes

2016-06-29T13:26:00+00:00

In #19273, we saw that retrieving ProjectTeam#human_max_access for each
note takes the bulk of the time when rendering certain issues or merge requests.
We observe that most of the comments in an issue are typically done by the
same users. This MR memoizes the max access level by user ID.

Remove Haml helpers from the visibility level spec.

2016-06-22T22:10:26+00:00

Correctly adds commit ID into dropdown

2016-06-18T20:49:20+00:00

Removes un-used method
Fixes other Ruby issues