summaryrefslogtreecommitdiff
path: root/lib/api/helpers.rb
Commit message (Collapse)AuthorAgeFilesLines
* Remove "subscribed" field from API responses returning list of issues or ↵api-drop-subscribedAdam Niedzielski2017-03-061-8/+0
| | | | merge requests
* Rename query parameter to `membership`28865-filter-by-authorized-projects-in-v4Toon Claes2017-03-031-1/+1
| | | | The query parameter `membership` should be more self-explaining.
* Add filter param for authorized projects for current_user for V4Oswaldo Ferreira2017-03-031-0/+4
|
* Enable filtering milestones by search criteria in the APIMark Fletcher2017-03-021-0/+4
| | | | - Also remove a redundant test
* Return 202 with JSON body on async removals on V4 API3874-correctly-return-json-on-delete-responsesOswaldo2017-02-231-0/+4
|
* Enable Style/MutableConstantDouwe Maan2017-02-231-1/+1
|
* Merge branch '28093-snippet-and-issue-spam-check-on-edit' into 'master'Sean McGivern2017-02-221-0/+4
|\ | | | | | | | | | | | | Spam check and reCAPTCHA improvements Closes #28093 See merge request !9248
| * Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-editOswaldo Ferreira2017-02-211-0/+4
| |
* | No more and/orDouwe Maan2017-02-211-1/+1
|/
* Use grape validation for datesapi-grape-datetimeRobert Schilling2017-02-201-16/+0
|
* API: Consolidate /projects endpointToon Claes2017-02-141-0/+8
| | | | | | | | | | | It consolidates these endpoints: - /projects - /projects/owned - /projects/visible - /projects/starred - /projects/all Into the /projects endpoint using query parameters.
* API: Fix file downloadingRobert Schilling2017-02-031-1/+1
|
* replace `find_with_namespace` with `find_by_full_path`Adam Pahlevi2017-02-031-1/+1
| | | | add complete changelog for !8949
* Merge branch 'fix-api-mr-permissions' into 'security'Robert Speicher2017-01-231-0/+6
| | | | | | Ensure that only privileged users can access merge requests in the API See merge request !2053
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Merge remote-tracking branch 'origin/master' into 21698-redis-runner-last-buildKamil Trzcinski2017-01-191-51/+9
|\
| * Merge branch 'time-tracking-api' into 'master' Sean McGivern2017-01-181-0/+4
| |\ | | | | | | | | | | | | | | | | | | Time tracking API Closes #25861 See merge request !8483
| | * Add some API endpoints for time tracking.Ruben Davila2017-01-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New endpoints are: POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/add_spent_time" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_spent_time" GET :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_stats"
| * | Fix a API deprecation warningfix-deprecation-warningRobert Schilling2017-01-161-1/+1
| |/
| * fix pipelines/index.html.haml merge conflictRegis2017-01-021-2/+2
| |\
| | * Merge branch 'fix-api-deprecation' into 'master' Robert Schilling2016-12-281-1/+1
| | |\ | | | | | | | | | | | | | | | | Fix a Grape deprecation, use `#request_method` instead of `#route_method` See merge request !8297
| | | * Fix a Grape deprecation, use `#request_method` instead of `#route_method`fix-api-deprecationRémy Coutable2016-12-231-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| | * | Add more storage statisticsMarkus Koller2016-12-211-1/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds counters for build artifacts and LFS objects, and moves the preexisting repository_size and commit_count from the projects table into a new project_statistics table. The counters are displayed in the administration area for projects and groups, and also available through the API for admins (on */all) and normal users (on */owned) The statistics are updated through ProjectCacheWorker, which can now do more granular updates with the new :statistics argument.
| * | Remove redundant pagination helpers after a bad mergeGrzegorz Bizon2016-12-211-32/+0
| | | | | | | | | | | | [ci skip]
| * | Merge branch 'master' into auto-pipelines-vueGrzegorz Bizon2016-12-211-12/+3
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (367 commits) Set “Remove branch” button to default size remove unused helper method reduce common code even further to satisfy rake flay remove button class size alteration from revert and cherry pick links factor out common code to satisfy rake flay homogenize revert and cherry-pick button styles generated by commits_helper apply margin on alert banners only when there is one or more alerts Rename MattermostNotificationService back to MattermostService Rename SlackNotificationService back to SlackService Fix stage and pipeline specs and rubocop offenses Added QueryRecorder to test N+1 fix on Milestone#show Use gitlab-workhorse 1.2.1 Make 'unmarked as WIP' message more consistent Improve specs for Files API Allow unauthenticated access to Repositories Files API GET endpoints Add isolated view spec for pipeline stage partial Move test for HTML stage endpoint to controller specs Fix sizing of avatar circles; add border Fix broken test Fix broken test Changes after review ... Conflicts: app/assets/stylesheets/pages/pipelines.scss app/controllers/projects/pipelines_controller.rb app/views/projects/pipelines/index.html.haml spec/features/projects/pipelines/pipelines_spec.rb
| | * Calls to the API are checked for scope.Timothy Andrew2016-12-161-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
| * | merge masterRegis2016-12-131-62/+106
| |\ \ | | |/
| * | Merge branch 'master' into auto-pipelines-vueGrzegorz Bizon2016-12-091-20/+11
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (76 commits) Update "Installation from source" guide for 8.15.0 Group links spec update Updates the font weight of button styles because of the change to system fonts Refactor SSH keys docs Improvements to setting up ssh Do not reload diff for merge request made from fork when target branch in fork is updated Add 8.12.10, 8.12.11, and 8.12.12 CHANGELOG.md items Changes after review Fix broken test Adds CHANGELOG entry Adds tests Uniformize props name format Replace commit icon svg logic Replace play icon svg logic Updated JS based on review Fixed group links dropdown to match Update docs to reflect new defaults on omnibus Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' Merge branch 'html-safe-diff-line-content' into 'security' Merge branch 'rs-filter-authentication_token' into 'security' Merge branch 'destroy-session' into 'security' ... Conflicts: app/models/ci/pipeline.rb app/models/commit_status.rb app/views/projects/ci/pipelines/_pipeline.html.haml app/views/projects/commit/_pipeline.html.haml app/views/projects/pipelines/_with_tabs.html.haml app/views/projects/pipelines/index.html.haml lib/api/helpers.rb
| * | | Extract API pagination code to a separete moduleGrzegorz Bizon2016-12-071-38/+1
| | | |
* | | | WIP: Add tests and make sure that headers are set21698-redis-runner-last-buildLin Jen-Shin2017-01-041-1/+1
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | * We realized that headers were not set whenever we give 204 because `render_api_error!` doesn't preserve the headers. * We also realized that `update_runner_info` would be called in POST /builds/register every time therefore runner is updated every time, ticking the queue, making this last_update didn't work very well, and the test would be failing due to that.
* | | Merge branch '25482-fix-api-sudo' into 'master' Sean McGivern2016-12-131-53/+76
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | API: Memoize the current_user so that the sudo can work properly Closes #25482 See merge request !8017
| * | | Be smarter when finding a sudoed user in API::Helpers25482-fix-api-sudoRémy Coutable2016-12-131-13/+11
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| * | | API: Memoize the current_user so that the sudo can work properlyRémy Coutable2016-12-121-53/+78
| | |/ | |/| | | | | | | | | | | | | | | | | | | The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'grapify-service-api' into 'master' Rémy Coutable2016-12-121-11/+0
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Grapify the service API Related to #22928 See merge request !7970
| * | Grapify the service APIRobert Schilling2016-12-091-11/+0
| |/
* | Merge branch 'dz-nested-groups' into 'master' Douwe Maan2016-12-091-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add nested groups support on data level ## What does this MR do? - [x] Add `parent_id` field to `Namespace`model. - [x] Create new database table `routes` that keeps information about full path to each group or project - [x] Remove uniq index from `namespaces.path` - [x] Add uniq index on `routes.path` - [x] Fill routes table with path data from namespaces and projects - [x] Change Namespace/Project URL lookup by routes table - [x] Rename related routes (nested groups, projects) when parent path changes This is solely backend preparation. UI, Permissions and API support will be added in separate merge request. ## Are there points in the code the reviewer needs to double check? migrations, Route model, Routable concern Will require downtime. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121#note_19490281 discussion ## Why was this MR needed? One step further to full nested groups support ## Screenshots (if relevant) No UI changes in this merge request so far ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added~~ - ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/2772 See merge request !7121
| * | Add nested groups support on data leveldz-nested-groupsDmitriy Zaporozhets2016-12-081-1/+1
| |/ | | | | | | | | | | | | | | * add parent_id field to namespaces table to store relation with nested groups * create routes table to keep information about full path of every group and project * project/group lookup by full path from routes table Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Merge branch '24537-reenable-private-token-with-sudo' into 'master' Douwe Maan2016-12-081-3/+10
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reenables /user API request to return private-token if user is admin and requested with sudo ## What does this MR do? Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin. ## Screenshots (if relevant) Without **sudo**: ![Screen_Shot_2016-11-21_at_11.44.49](/uploads/ebecf95dbadaf4a159b80c61c75771d9/Screen_Shot_2016-11-21_at_11.44.49.png) With **sudo**: ![Screen_Shot_2016-11-21_at_11.45.52](/uploads/f25f9ddffcf2b921e9694e5a250191d3/Screen_Shot_2016-11-21_at_11.45.52.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24537 See merge request !7615
| * | adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudotiagonbotelho2016-12-071-3/+10
| |/
* | Grapify the issues APIgrapify-issues-apiRobert Schilling2016-12-071-16/+0
|/
* Allow public access to some Project API endpoints4269-public-apiRémy Coutable2016-12-011-0/+5
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'grapify-projects-api' into 'master' Rémy Coutable2016-11-301-24/+2
|\ | | | | | | | | | | | | Grapify the projects API Related to #22928 See merge request !7456
| * Grapify the projects APIgrapify-projects-apiRobert Schilling2016-11-281-24/+2
| |
* | Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security' Douwe Maan2016-11-281-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
* | Merge branch 'zj-fix-label-creation-non-members' into 'security'Douwe Maan2016-11-281-14/+0
|/ | | | | | | | Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
* API: Introduce `#find_group!` which also check access permission22373-reduce-queries-in-api-helpers-find_projectRémy Coutable2016-11-241-1/+9
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* API: Introduce `#find_project!` which also check access permissionRémy Coutable2016-11-241-7/+10
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Make API::Helpers find a project with only one queryRémy Coutable2016-11-241-1/+6
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Improve style, add more testsZ.J. van de Weg2016-11-181-11/+2
|
View Lorry Controller Status