| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Exclude requesters from Project#members, Group#members and User#members
## What does this MR do?
It excludes requesters from the `Project#members`, `Group#members` and `User#members` associations, and adds new `Project#requesters` and `Group#requesters` associations.
## Are there points in the code the reviewer needs to double check?
No.
## Why was this MR needed?
Without this, if you call `project.members`, requesters are included in the results! This is at best misleading, and at worst can lead to security issues. By excluding requesters from the `#members` associations, we avoid introducing security inadvertently since you have to call the `#requesters` association explicitly to get requesters.
## What are the relevant issue numbers?
This is something I realized while fixing the security issue #19102.
## Does this MR meet the acceptance criteria?
- [x] I don't think this needs a CHANGELOG since this is an internal change
- Tests
- [x] Added for this feature/bug
- [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4946
|
| | |
| |
| |
| |
| |
| | |
And create new Project#requesters, Group#requesters scopes.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |/ |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
enable-shared-runners-with-admins
* upstream/master: (120 commits)
Update CHANGELOG for 8.9.4, 8.8.7, and 8.7.9.
Remove additional entries from CHANGELOG
Catch permission denied errors and ignore the disk
Remove coveralls lines
Make GH one-off auth the default again for importing GH projects
Import from Github using Personal Access Tokens.
Remove hardcoded gitlab-shell version in test env now that the required tag is published
Updated breakpoint for sidebar pinning
Expire branch/tag git data when needed.
Remove unnecessary parens
Enable Style/UnneededCapitalW Rubocop cop
Expiry date on pinned nav cookie
Fix broken spec in git_push_service_spec by stubbing an external issue tracker
Handle external issues in IssueReferenceFilter
Move Changelog entry for build retry fix to 8.9.4
Add Changelog entry for build sidebar retry link fix
Improve method that tells if build is retryable
Do not show build retry link when build is active
Remove coveralls as its unused
Move changelot item "Add sub nav to file page view" to 8.9.4
...
|
| | | |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
Loop all disks when displaying system info. Closes #18886
See merge request !4983
|
| | | | |
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
And show information about locked status.
Help! This looks bad :o
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The regression was introduced by:
https://gitlab.com/gitlab-org/gitlab-ce/commit/1b8f52d9206bdf19c0dde04505c4c0b1cf46cfbe
I did that because there's a test specifying that a shared runner cannot
be enabled, in the API. So I assume that is the case for non-admin, but
admins should be able to do so anyway.
Also added a test to make sure this won't regress again.
Closes #19039
|
| |\
| |
| |
| |
| |
| |
| | |
Fix admin appearance settings preview
Render appearance settings preview in devise layout instead of implementing it 2 times.
See merge request !4792
|
| | |
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | | |
|
| | |
| |
| |
| | |
Again! For admin.
|
| | |
| |
| |
| |
| | |
Feedback:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4641#note_12444891
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Add a new application setting, after_sign_up_text. This is text to be
rendered as Markdown and shown on the 'almost there' page after a user
signs up, but before they've confirmed their account.
Tweak the styles for that page so that centered lists look reasonable.
|
| |
|
|
| |
(default 5min)
|
| | |
|
| | |
|
| |\
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
| |
| |
| |
| | |
`render nothing: true` has been deprecated.
For more information see [pr](https://github.com/rails/rails/pull/20336)
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Toggle email signup confirmation in admin settings
Implements toggling verification email #14684
See merge request !3862
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| | |
When an admin changes a user's password for them, force the user to
reset the password after logging in by expiring the new password
immediately.
|
| |\ \
| | |
| | |
| | |
| | | |
# Conflicts:
# db/schema.rb
|
| | | |
| | |
| | |
| | | |
and drop exception handling around HealthCheck::Utils.process_checks, it wasn't needed
|
| | | |
| | |
| | |
| | | |
Also added a health check page to the admin section for resetting the token.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
enabled_oauth_sign_in_sources
just delete enabled_oauth_sign_in_sources and get it's value
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
sources instead of the disabled ones
|
| | |/ /
| | |
| | |
| | | |
ApplicationSettingsController
|
| |/ / |
|
| | |
| |
| |
| | |
Closes gitlab-org/gitlab-ee#536
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| | |
Codestyle changes to easy EE merge
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows users to configure the number of points stored in a single
UDP packet. This in turn can be used to reduce the number of UDP packets
being sent at the cost of these packets being somewhat larger.
The default setting is 1 point per packet so nothing changes for
existing users.
|
