delta/gitlab/gitlab-ce.git/spec/requests/api/users_spec.rb, branch fix-commit-status

Don't expose a user's private token in the `/api/v3/user` API.

2016-08-31T07:03:24+00:00

- This would allow anyone with a personal access token (even a read-only
  token, once scopes are implemented) to escalate their access by
  obtaining the private token.

Fix bug where destroying a namespace would not always destroy projects

2016-08-11T22:36:35+00:00

There is a race condition in DestroyGroupService now that projects are deleted asynchronously:

1. User attempts to delete group
2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project
3. DestroyGroupService destroys the Group, leaving all its projects without a namespace
4. Projects::DestroyService runs later but the can?(current_user,
   :remove_project) is `false` because the user no longer has permission to
   destroy projects with no namespace.
5. This leaves the project in pending_delete state with no namespace/group.

Projects without a namespace or group also adds another problem: it's not possible to destroy the container
registry tags, since container_registry_path_with_namespace is the wrong value.

The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService.

Closes #17893

Fix Grape tests.

2016-08-09T15:43:57+00:00

adds second batch of tests changed to active tense

2016-08-09T14:11:39+00:00

Enable Style/EmptyLines cop, remove redundant ones

2016-07-01T19:56:17+00:00

Use HTTP matchers if possible

2016-06-27T18:10:42+00:00

Add leading comment space cop

2016-05-31T22:33:46+00:00

Insert users check into api

2016-04-18T14:12:27+00:00

API support for setting External flag on existing users

2016-03-17T08:36:00+00:00

External Users

2016-03-13T18:08:04+00:00

The user has the rights of a public user execpt it can never create a project,
 group, or team. Also it cant view internal projects.