summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'separate-banzai-references' into 'master' Douwe Maan2016-06-011-0/+22
|\ | | | | | | | | | | | | | | | | Separate reference gathering from rendering This is a required step to allow batch processing when gathering references. This in turn would allow grabbing (for example) all mentioned users of an issue/merge request using a single query. cc @rspeicher @DouweM See merge request !3969
| * Refactor ParticipableYorick Peterse2016-06-011-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several changes to this module: 1. The use of an explicit stack in Participable#participants 2. Proc behaviour has been changed 3. Batch permissions checking == Explicit Stack Participable#participants no longer uses recursion to process "self" and all child objects, instead it uses an Array and processes objects in breadth-first order. This allows us to for example create a single Gitlab::ReferenceExtractor instance and pass this to any Procs. Re-using a ReferenceExtractor removes the need for running potentially many SQL queries every time a Proc is called on a new object. == Proc Behaviour Changed Previously a Proc in Participable was expected to return an Array of User instances. This has been changed and instead it's now expected that a Proc modifies the Gitlab::ReferenceExtractor passed to it. The return value of the Proc is ignored. == Permissions Checking The method Participable#participants uses Ability.users_that_can_read_project to check if the returned users have access to the project of "self" _without_ running multiple SQL queries for every user.
* | Enable Lint/LiteralInCondition rubocop coprubocop/enable-literal-in-condition-copGrzegorz Bizon2016-05-301-7/+6
|/ | | | | | Checks of literals used in conditions. See #17478
* Allow anonymous user to access pipelinesKamil Trzcinski2016-05-231-0/+1
|
* Merge remote-tracking branch 'origin/master' into with-pipeline-viewKamil Trzcinski2016-05-161-1/+10
|\
| * Rename JWT to JSONWebTokenKamil Trzcinski2016-05-141-6/+6
| |
| * Fix authentication serviceKamil Trzcinski2016-05-141-0/+1
| |
| * Rename `images` to `container_registry`Kamil Trzcinski2016-05-091-4/+8
| |
| * Added authentication service for docker registryKamil Trzcinski2016-04-291-2/+6
| |
* | Merge remote-tracking branch 'origin/master' into with-pipeline-viewKamil Trzcinski2016-04-261-7/+22
|\ \ | |/
| * Fix documentation and improve permissions codeFelipe Artur2016-04-181-0/+1
| |
| * Remove group members checkFelipe Artur2016-04-181-5/+3
| |
| * Insert users check into apiFelipe Artur2016-04-181-3/+3
| |
| * Code fixesFelipe Artur2016-04-181-8/+2
| |
| * Fix specsFelipe Artur2016-04-181-2/+2
| |
| * Fix codeFelipe Artur2016-04-181-4/+0
| |
| * Add specs and fix codeFelipe Artur2016-04-181-11/+14
| |
| * Move verification to abilitiesFelipe Artur2016-04-181-5/+28
| |
* | WIPKamil Trzcinski2016-04-131-1/+6
|/
* Ensure project snippets have their own access levelRémy Coutable2016-03-251-15/+31
|
* Ensure private project snippets are not viewable by unauthorized peopleRémy Coutable2016-03-251-0/+10
| | | | Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/14607.
* Address feedbackDouwe Maan2016-03-221-3/+8
|
* Merge branch 'master' into issue_12658Douwe Maan2016-03-211-1/+3
|\ | | | | | | | | | | | | | | | | # Conflicts: # app/models/issue.rb # app/views/projects/_home_panel.html.haml # app/views/shared/projects/_project.html.haml # db/schema.rb # spec/models/project_spec.rb
| * Minor improvements on IssuableActionsZeger-Jan van de Weg2016-03-211-2/+2
| |
| * Dry destroy action on issuablesZeger-Jan van de Weg2016-03-191-1/+3
| |
* | Tweaks, refactoring, and specsDouwe Maan2016-03-201-12/+11
| |
* | Merge branch 'master' into issue_12658Douwe Maan2016-03-201-1/+16
|\ \ | |/
| * Restrict access to confidential issuesDouglas Barbosa Alexandre2016-03-171-1/+16
| |
* | Improve group visibility level featureZeger-Jan van de Weg2016-03-181-1/+1
| |
* | Code fixesFelipe Artur2016-03-171-5/+2
| |
* | Block internal groups/projects visibility to external usersFelipe Artur2016-03-161-2/+5
| |
* | Merge 4009-external-users into issue_12658Felipe Artur2016-03-161-17/+17
|\ \ | |/
| * External UsersZeger-Jan van de Weg2016-03-131-17/+17
| | | | | | | | | | The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
* | Code improvements and add Create group serviceFelipe Artur2016-03-161-2/+2
| |
* | Add security specsFelipe Artur2016-03-101-1/+1
| |
* | Prevent projects to have higher visibility than groupsFelipe Artur2016-03-101-2/+1
| | | | | | | | | | | | Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements
* | Code improvementsFelipe Artur2016-03-101-7/+11
| |
* | Add permission level to groupsFelipe Artur2016-03-101-2/+3
|/
* Handle permissions for ExternalIssue instancesfix-git-push-service-specsYorick Peterse2016-03-091-0/+5
| | | | This fixes the remainder of the GitPushService specs.
* Move `update_merge_request` ability to DeveloperRobert Speicher2016-03-041-1/+1
| | | | Closes #13663
* Use `delete` instead of assignment operator when filtering build abilitiesKamil Trzcinski2016-02-041-1/+1
|
* Update ability model after commentsKamil Trzcinski2016-02-041-24/+15
|
* Rename allow_guest_to_access_builds to public_buildsKamil Trzcinski2016-02-041-5/+5
|
* Simplify abilitiesKamil Trzcinski2016-02-041-16/+23
|
* Properly handle commit status permissions (for a build)Kamil Trzcinski2016-02-031-0/+22
|
* Fix build errorsKamil Trzcinski2016-02-031-3/+3
|
* Add CI setting: allow_guest_to_access_buildsKamil Trzcinski2016-02-021-6/+8
| | | | Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
* Make the CI permission model simplerKamil Trzcinski2016-02-021-8/+26
| | | | | | | | | | | | | This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - create_build: allows to create builds from gitlab-ci.yml (not yet implemented) - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the overall of builds) - create_commit_status: allows to create a new commit status using API Remove all extra methods to manage permission. Made all controllers to use explicitly the new permissions.
* Give reporters the ability to download artifacts.Andrew Johnson2016-01-151-1/+1
| | | | Also fix a few places where page_404 should be render_404.
* Improvements, readability for artifacts browserGrzegorz Bizon2016-01-141-1/+1
|
View Lorry Controller Status