summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Disable Metrics/CyclomaticComplexity for Ability.allowedenable-shared-runners-with-adminsLin Jen-Shin2016-06-301-0/+1
| | | | There's little point to cut that down.
* Use warning for locked runners:Lin Jen-Shin2016-06-302-2/+2
| | | | | Feedback from: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4961#note_12794221
* Use Ability to check pre-requisite. Change back to 403 because:Lin Jen-Shin2016-06-292-2/+14
| | | | If we're using `can?` it would look weird to use 409
* Admins should be able to assign locked runners as wellLin Jen-Shin2016-06-281-0/+10
|
* They're projects, so we shouldn't show lock iconLin Jen-Shin2016-06-281-3/+0
|
* Allow admins to assign locked runners:Lin Jen-Shin2016-06-284-2/+8
| | | | | | And show information about locked status. Help! This looks bad :o
* Use 409 to indicate that interface might be outdatedLin Jen-Shin2016-06-281-2/+2
| | | | Because invalid actions shouldn't be shown on the page.
* Rename to assignable runner for shared examples:Lin Jen-Shin2016-06-281-3/+3
| | | | | Feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4961#note_12738607
* Admin should be able to turn shared runners into specific ones:Lin Jen-Shin2016-06-282-9/+25
| | | | | | | | | | | | | | The regression was introduced by: https://gitlab.com/gitlab-org/gitlab-ce/commit/1b8f52d9206bdf19c0dde04505c4c0b1cf46cfbe I did that because there's a test specifying that a shared runner cannot be enabled, in the API. So I assume that is the case for non-admin, but admins should be able to do so anyway. Also added a test to make sure this won't regress again. Closes #19039
* Merge remote-tracking branch 'dev/master'Robert Speicher2016-06-2710-9/+154
|\
| * Merge branch 'fix-18997' into 'master' Robert Speicher2016-06-274-2/+113
| |\ | | | | | | | | | | | | | | | | | | Fix visibility of snippets when searching Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997 See merge request !1972
| | * Update CHANGELOGDouglas Barbosa Alexandre2016-06-221-0/+3
| | |
| | * Fix visibility of private project snippets for members when searchingDouglas Barbosa Alexandre2016-06-223-20/+68
| | |
| | * Fix internal snippets can be searched by anyoneDouglas Barbosa Alexandre2016-06-223-2/+62
| | |
| * | Merge branch '19102-fix' into 'master' Robert Speicher2016-06-276-6/+42
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix an information disclosure when requesting access to a group containing private projects Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102. The commit speaks for itself: Fix an information disclosure when requesting access to a group containing private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. See merge request !1973
| | * | Fix an information disclosure when requesting access to a group containing ↵Rémy Coutable2016-06-246-6/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | | Merge branch 'rename_license_template_api' into 'master' Robert Speicher2016-06-273-4/+4
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename Licenses API to License Templates API ## What does this MR do? Earlier I renamed this in EE, thinking license templates was an EE-only feature. This backports that change to CE. Thanks to @vsizov for pointing out this error. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/400 for the EE merge request. See merge request !4957
| * | | | Rename Licenses API to License Templates APIDrew Blessing2016-06-273-4/+4
|/ / / /
* | | | Merge branch 'issue_18398' into 'master' Douwe Maan2016-06-273-0/+33
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check for conflict with wiki projects when creating a new project. ## What does this MR do? Check for conflict with wiki projects when creating a new project ## Are there points in the code the reviewer needs to double check? No ## Why was this MR needed? To avoid exposing the information from the wiki repository of other project ## What are the relevant issue numbers? #18398 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_6.03.49_PM](/uploads/7bf55e5159bf0c2b653b8f4f941f72fc/Screen_Shot_2016-06-24_at_6.03.49_PM.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4918
| * | | | Check for conflict with wiki projects when creating a new project.issue_18398Ruben Davila2016-06-273-0/+33
| | | | | | | | | | | | | | | | | | | | This fix avoids exposing the information from the wiki repository of other project.
* | | | | Merge branch 'regex-find-replace-http-matcher' into 'master' Robert Speicher2016-06-2767-1015/+1015
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Use `have_http_status` matcher where possible See merge request !4955
| * | | | | Use HTTP matchers if possibleZ.J. van de Weg2016-06-2767-1015/+1015
| | | | | |
* | | | | | Merge branch 'cherry-pick-5734e266' into 'master' Robert Speicher2016-06-272-1/+9
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | Fix rendering of commit notes See merge request !4953
| * | | | | Update CHANGELOGDouwe Maan2016-06-271-0/+1
| | | | | |
| * | | | | Fix rendering of commit notesDouwe Maan2016-06-271-1/+8
| | | | | |
* | | | | | Merge branch 'emoji-menu-stick-search' into 'master' Jacob Schatz2016-06-276-19/+17
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Made the search bar on emoji menu sticky ## What does this MR do? When scrolling down the emoji menu, the search bar disappears. For better UX, the search bar no stays at the top when scrolling. ## Screenshots (if relevant) ![emoji-sticky](/uploads/a5b4773547d3d67342ddcfc07c8f1568/emoji-sticky.gif) See merge request !4743
| * | | | | Updated award emoji testsemoji-menu-stick-searchPhil Hughes2016-06-241-3/+1
| | | | | |
| * | | | | Fixed award emoji testsPhil Hughes2016-06-202-2/+1
| | | | | |
| * | | | | Made the search bar on emoji menu stickyPhil Hughes2016-06-203-14/+15
| | | | | |
* | | | | | Merge branch 'update-omniauth-saml' into 'master' Stan Hu2016-06-273-6/+8
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml ## What does this MR do? Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951
| * | | | | | Updated CHANGELOGPatricio Cano2016-06-271-0/+3
| | | | | | |
| * | | | | | Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-samlPatricio Cano2016-06-272-6/+5
| | | | | | |
* | | | | | | Merge branch 'mark-done-todo-id' into 'master' Robert Speicher2016-06-271-1/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Correctly return todo ID after creating todo See merge request !4941
| * | | | | | | Correctly returns todo ID after creating todomark-done-todo-idPhil Hughes2016-06-271-1/+2
| | | | | | | |
* | | | | | | | Merge branch '19075-new-wiki' into 'master' Fatih Acet2016-06-272-3/+5
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove duplicate new page btn from edit wiki ## What does this MR do? Removes duplicate button on wiki page ## What are the relevant issue numbers? Closes #19075 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_9.45.28_AM](/uploads/8dca96c3e75b428d63acaaba6dede9a6/Screen_Shot_2016-06-24_at_9.45.28_AM.png) ![Screen_Shot_2016-06-24_at_9.45.57_AM](/uploads/e6ea97b07e48d2fe6f108d8c5a943583/Screen_Shot_2016-06-24_at_9.45.57_AM.png) See merge request !4904
| * | | | | | | | Removed duplicate Changelog entriesAnnabel Dunstone2016-06-271-12/+0
| | | | | | | | |
| * | | | | | | | Add conditional for new pag linkAnnabel Dunstone2016-06-271-0/+4
| | | | | | | | |
| * | | | | | | | Update changelogAnnabel Dunstone2016-06-271-0/+13
| | | | | | | | |
| * | | | | | | | Remove duplicate new page btn from edit wikiAnnabel Dunstone2016-06-271-3/+0
| | |_|_|_|/ / / | |/| | | | | |
* | | | | | | | Merge branch 'workhorse-gmake' into 'master' Stan Hu2016-06-271-0/+4
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mention gmake Fixes https://gitlab.com/gitlab-org/gitlab-workhorse/issues/46 See merge request !4945
| * | | | | | | | Mention gmakeJacob Vosmaer2016-06-271-0/+4
| | | | | | | | |
* | | | | | | | | Merge branch 'new-branch-check-fix' into 'master' Fatih Acet2016-06-272-1/+2
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix check for existence of New Branch button on Issue page ## What does this MR do? The condition in [`initCanCreateBranch`][initCanCreateBranch] mistakenly checks `$container` (the New Branch button) for falsy. However JQuery returns an empty array if no matching element was found, so this condition is never met. ## Why was this MR needed? The wrong condition causes: * `$.getJSON($container.data('path'))` to be called where `$container.data('path')` is `undefined` * in this case `$.getJSON` uses `location.href` * if the current page has a JSON representation, it is fetched and cached by browser and displayed the next time the page is visited (#17365) * otherwise "Failed to check if new branch can be created" is displayed (#17264) ## What are the relevant issue numbers? Fixes #17264 and #17365. [initCanCreateBranch]: https://gitlab.com/gitlab-org/gitlab-ce/blob/v8.8.4/app/assets/javascripts/issue.js.coffee#L102 See merge request !4630
| * | | | | | | | Fix check for existence of new branch button (!4630)winniehell2016-06-272-1/+2
| | |/ / / / / / | |/| | | | | |
* | | | | | | | Merge branch 'revert-sri' into 'master' Jacob Schatz2016-06-273-5/+4
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation. Per the discussion in #18230, Firefox support is broken :( cc: @jschatz1 See merge request !4943
| * | | | | | | Revert Subresource Integrity pending a fix for Firefox's incorrect hashing ↵revert-sriConnor Shea2016-06-273-5/+4
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | implementation.
* | | | | | | Merge branch 'fix/sidekiq-mem-killer-debug' into 'master' Rémy Coutable2016-06-271-2/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Better debugging for memory killer middleware This adds more info to the warning messages output by `MemoryKiller`. Previously only the PID was showed, making it difficult to debug issues like https://gitlab.com/gitlab-org/gitlab-ce/issues/19124 This adds the worker class and job ID to the log messages. See merge request !4936
| * \ \ \ \ \ \ Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into ↵James Lopez2016-06-2795-292/+1546
| |\ \ \ \ \ \ \ | | | |/ / / / / | | |/| | | | | | | | | | | | | fix/sidekiq-mem-killer-debug
| * | | | | | | better debugging for memory killer middlewarefix/sidekiq-mem-killer-debugJames Lopez2016-06-271-2/+2
| | |_|_|_|/ / | |/| | | | |
* | | | | | | Merge branch 'image-sizing' into 'master' Rémy Coutable2016-06-277-2/+19
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Image sizing ## What does this MR do? Limits image height to fit the screen. The wrapping div is so the image is guaranteed to be a block element without the link area growing to be larger than the image itself. ## Are there points in the code the reviewer needs to double check? Make sure this can't be done in a more performant or concise way with Banzai. ## Why was this MR needed? Images were displayed at their full resolution, which made it difficult to read issues when the image height was greater than the viewport height (see #18861). ## What are the relevant issue numbers? Fixes #18861. ## Screenshots (if relevant) Before: ![Screen_Shot_2016-06-20_at_3.25.26_PM](/uploads/158424375ade95adcd337ccd34c48747/Screen_Shot_2016-06-20_at_3.25.26_PM.png) After: ![Screen_Shot_2016-06-20_at_3.24.57_PM](/uploads/f1a3b5f6442e4e3b1067332a547fb1c8/Screen_Shot_2016-06-20_at_3.24.57_PM.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) cc: @jschatz1 @dzaporozhets @rspeicher See merge request !4810
| * | | | | | Wrap images in divs with Banzai and limit max-height.image-sizingConnor Shea2016-06-277-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add max-height to prevent images from displaying larger than the provided screen size. Also fix a failing test and add a new one.
View Lorry Controller Status