| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Also added relevant specs and refactored to_references in a bunch of places to be more consistent.
|
| |\
| |
| |
| |
| | |
Inherit permissions from parent group
See merge request !8071
|
| | |
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
This adds counters for build artifacts and LFS objects, and moves
the preexisting repository_size and commit_count from the projects
table into a new project_statistics table.
The counters are displayed in the administration area for projects
and groups, and also available through the API for admins (on */all)
and normal users (on */owned)
The statistics are updated through ProjectCacheWorker, which can now
do more granular updates with the new :statistics argument.
|
| |
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
|
| |
|
|
| |
authorized project records
|
| |
|
|
| |
Closes #23150
|
| |
|
|
|
|
| |
than "/twitter".""
This reverts commit 9dbd5b3cfad10b214ae5ef27c39246bbb74a5077.
|
| |
|
|
|
|
| |
They were Rails' default and are unnecessarily overridden.
Signed-off-by: David Wagner <david@marvid.fr>
|
| |
|
|
|
|
| |
"/twitter"."
This reverts commit c81ff152e08d58c13efbd50c40dd2e083ac65083.
|
| |
|
|
|
| |
Bring back the old behaviour which was changed by 6b90ccb9.
Fixes #23527.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes include:
- Ensure Member.add_user is not called directly when not necessary
- New GroupMember.add_users_to_group to have the same abstraction level as for Project
- Refactor Member.add_user to take a source instead of an array of members
- Fix Rubocop offenses
- Always use Project#add_user instead of project.team.add_user
- Factorize users addition as members in Member.add_users_to_source
- Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects
- Destroy any requester before adding them as a member
- Improve the way we handle access requesters in Member.add_user
Instead of removing the requester and creating a new member,
we now simply accepts their access request. This way, they will
receive a "access request granted" email.
- Fix error that was previously silently ignored
- Stop raising when access level is invalid in Member, let Rails validation do their work
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
| |
Groups can enable/disable LFS, but this setting can be overridden at the project level. Admin only
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`avatar.present?` goes through CarrierWave, and checks that the file
exists on disk and checks its filesize. Because we're hitting the disk,
this adds extra overhead to something where the worst-case scenario is
rendering a broken image.
Instead, we now just check that the _database attribute_ is present,
which is good enough for our purposes.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/19273
|
| |
|
|
|
|
| |
And create new Project#requesters, Group#requesters scopes.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
private projects
The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.
Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.
Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...
My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.
Now they are all secure.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
| |
This allows the owners to be eager loaded where needed.
|
| |
|
|
|
|
|
|
|
| |
+ Move 'Edit Project/Group' out of membership-related partial
+ Show the access request buttons only to logged-in users
+ Put the request access buttons out of in a more visible button
+ Improve the copy in the #remove_member_message helper
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
|
|
|
|
|
| |
In 8278b763d96ef10c6494409b18b7eb541463af29 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.
Fixes: #17382
|
| | |
|
| |
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bring from EE: Share Project with Group
- [x] Models and migrations
- [x] Logic, UI
- [x] Tests
- [x] Documentation
- [x] Share with group lock
- [x] Api feature
- [x] Api docs
- [x] Api tests
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
For #12831
cc @DouweM @rspeicher @vsizov
See merge request !3186
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
We can just use "arel_table" in these cases instead of
"SomeClass.arel_table".
|
| | |/ |
|
| | |
| |
| |
| |
| |
| | |
Prevent Groups to have smaller visibility than projects
Add default_group_visibility_level to configuration
Code improvements
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
These methods will be used to get a list of groups, optionally
restricted to only those visible to a given user.
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | | |
|
| | |
| |
| |
| | |
place (has_owners concern)
|
