summaryrefslogtreecommitdiff
path: root/lib/api/helpers.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Merge remote-tracking branch 'origin/master' into 21698-redis-runner-last-buildKamil Trzcinski2017-01-191-51/+9
|\
| * Merge branch 'time-tracking-api' into 'master' Sean McGivern2017-01-181-0/+4
| |\ | | | | | | | | | | | | | | | | | | Time tracking API Closes #25861 See merge request !8483
| | * Add some API endpoints for time tracking.Ruben Davila2017-01-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New endpoints are: POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/add_spent_time" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_spent_time" GET :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_stats"
| * | Fix a API deprecation warningfix-deprecation-warningRobert Schilling2017-01-161-1/+1
| |/
| * fix pipelines/index.html.haml merge conflictRegis2017-01-021-2/+2
| |\
| | * Merge branch 'fix-api-deprecation' into 'master' Robert Schilling2016-12-281-1/+1
| | |\ | | | | | | | | | | | | | | | | Fix a Grape deprecation, use `#request_method` instead of `#route_method` See merge request !8297
| | | * Fix a Grape deprecation, use `#request_method` instead of `#route_method`fix-api-deprecationRémy Coutable2016-12-231-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| | * | Add more storage statisticsMarkus Koller2016-12-211-1/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds counters for build artifacts and LFS objects, and moves the preexisting repository_size and commit_count from the projects table into a new project_statistics table. The counters are displayed in the administration area for projects and groups, and also available through the API for admins (on */all) and normal users (on */owned) The statistics are updated through ProjectCacheWorker, which can now do more granular updates with the new :statistics argument.
| * | Remove redundant pagination helpers after a bad mergeGrzegorz Bizon2016-12-211-32/+0
| | | | | | | | | | | | [ci skip]
| * | Merge branch 'master' into auto-pipelines-vueGrzegorz Bizon2016-12-211-12/+3
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (367 commits) Set “Remove branch” button to default size remove unused helper method reduce common code even further to satisfy rake flay remove button class size alteration from revert and cherry pick links factor out common code to satisfy rake flay homogenize revert and cherry-pick button styles generated by commits_helper apply margin on alert banners only when there is one or more alerts Rename MattermostNotificationService back to MattermostService Rename SlackNotificationService back to SlackService Fix stage and pipeline specs and rubocop offenses Added QueryRecorder to test N+1 fix on Milestone#show Use gitlab-workhorse 1.2.1 Make 'unmarked as WIP' message more consistent Improve specs for Files API Allow unauthenticated access to Repositories Files API GET endpoints Add isolated view spec for pipeline stage partial Move test for HTML stage endpoint to controller specs Fix sizing of avatar circles; add border Fix broken test Fix broken test Changes after review ... Conflicts: app/assets/stylesheets/pages/pipelines.scss app/controllers/projects/pipelines_controller.rb app/views/projects/pipelines/index.html.haml spec/features/projects/pipelines/pipelines_spec.rb
| | * Calls to the API are checked for scope.Timothy Andrew2016-12-161-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
| * | merge masterRegis2016-12-131-62/+106
| |\ \ | | |/
| * | Merge branch 'master' into auto-pipelines-vueGrzegorz Bizon2016-12-091-20/+11
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (76 commits) Update "Installation from source" guide for 8.15.0 Group links spec update Updates the font weight of button styles because of the change to system fonts Refactor SSH keys docs Improvements to setting up ssh Do not reload diff for merge request made from fork when target branch in fork is updated Add 8.12.10, 8.12.11, and 8.12.12 CHANGELOG.md items Changes after review Fix broken test Adds CHANGELOG entry Adds tests Uniformize props name format Replace commit icon svg logic Replace play icon svg logic Updated JS based on review Fixed group links dropdown to match Update docs to reflect new defaults on omnibus Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' Merge branch 'html-safe-diff-line-content' into 'security' Merge branch 'rs-filter-authentication_token' into 'security' Merge branch 'destroy-session' into 'security' ... Conflicts: app/models/ci/pipeline.rb app/models/commit_status.rb app/views/projects/ci/pipelines/_pipeline.html.haml app/views/projects/commit/_pipeline.html.haml app/views/projects/pipelines/_with_tabs.html.haml app/views/projects/pipelines/index.html.haml lib/api/helpers.rb
| * | | Extract API pagination code to a separete moduleGrzegorz Bizon2016-12-071-38/+1
| | | |
* | | | WIP: Add tests and make sure that headers are set21698-redis-runner-last-buildLin Jen-Shin2017-01-041-1/+1
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | * We realized that headers were not set whenever we give 204 because `render_api_error!` doesn't preserve the headers. * We also realized that `update_runner_info` would be called in POST /builds/register every time therefore runner is updated every time, ticking the queue, making this last_update didn't work very well, and the test would be failing due to that.
* | | Merge branch '25482-fix-api-sudo' into 'master' Sean McGivern2016-12-131-53/+76
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | API: Memoize the current_user so that the sudo can work properly Closes #25482 See merge request !8017
| * | | Be smarter when finding a sudoed user in API::Helpers25482-fix-api-sudoRémy Coutable2016-12-131-13/+11
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| * | | API: Memoize the current_user so that the sudo can work properlyRémy Coutable2016-12-121-53/+78
| | |/ | |/| | | | | | | | | | | | | | | | | | | The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'grapify-service-api' into 'master' Rémy Coutable2016-12-121-11/+0
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Grapify the service API Related to #22928 See merge request !7970
| * | Grapify the service APIRobert Schilling2016-12-091-11/+0
| |/
* | Merge branch 'dz-nested-groups' into 'master' Douwe Maan2016-12-091-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add nested groups support on data level ## What does this MR do? - [x] Add `parent_id` field to `Namespace`model. - [x] Create new database table `routes` that keeps information about full path to each group or project - [x] Remove uniq index from `namespaces.path` - [x] Add uniq index on `routes.path` - [x] Fill routes table with path data from namespaces and projects - [x] Change Namespace/Project URL lookup by routes table - [x] Rename related routes (nested groups, projects) when parent path changes This is solely backend preparation. UI, Permissions and API support will be added in separate merge request. ## Are there points in the code the reviewer needs to double check? migrations, Route model, Routable concern Will require downtime. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121#note_19490281 discussion ## Why was this MR needed? One step further to full nested groups support ## Screenshots (if relevant) No UI changes in this merge request so far ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added~~ - ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/2772 See merge request !7121
| * | Add nested groups support on data leveldz-nested-groupsDmitriy Zaporozhets2016-12-081-1/+1
| |/ | | | | | | | | | | | | | | * add parent_id field to namespaces table to store relation with nested groups * create routes table to keep information about full path of every group and project * project/group lookup by full path from routes table Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Merge branch '24537-reenable-private-token-with-sudo' into 'master' Douwe Maan2016-12-081-3/+10
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reenables /user API request to return private-token if user is admin and requested with sudo ## What does this MR do? Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin. ## Screenshots (if relevant) Without **sudo**: ![Screen_Shot_2016-11-21_at_11.44.49](/uploads/ebecf95dbadaf4a159b80c61c75771d9/Screen_Shot_2016-11-21_at_11.44.49.png) With **sudo**: ![Screen_Shot_2016-11-21_at_11.45.52](/uploads/f25f9ddffcf2b921e9694e5a250191d3/Screen_Shot_2016-11-21_at_11.45.52.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24537 See merge request !7615
| * | adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudotiagonbotelho2016-12-071-3/+10
| |/
* | Grapify the issues APIgrapify-issues-apiRobert Schilling2016-12-071-16/+0
|/
* Allow public access to some Project API endpoints4269-public-apiRémy Coutable2016-12-011-0/+5
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'grapify-projects-api' into 'master' Rémy Coutable2016-11-301-24/+2
|\ | | | | | | | | | | | | Grapify the projects API Related to #22928 See merge request !7456
| * Grapify the projects APIgrapify-projects-apiRobert Schilling2016-11-281-24/+2
| |
* | Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security' Douwe Maan2016-11-281-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
* | Merge branch 'zj-fix-label-creation-non-members' into 'security'Douwe Maan2016-11-281-14/+0
|/ | | | | | | | Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
* API: Introduce `#find_group!` which also check access permission22373-reduce-queries-in-api-helpers-find_projectRémy Coutable2016-11-241-1/+9
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* API: Introduce `#find_project!` which also check access permissionRémy Coutable2016-11-241-7/+10
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Make API::Helpers find a project with only one queryRémy Coutable2016-11-241-1/+6
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Improve style, add more testsZ.J. van de Weg2016-11-181-11/+2
|
* More coverage on service levelZ.J. van de Weg2016-11-181-0/+9
|
* Merge branch 'adam-build-missing-services-when-necessary' into 'master' Douwe Maan2016-11-161-16/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Defer saving project services to the database if there are no user changes ## What does this MR do? It defers saving project services to the database as long as it is possible. It creates a project service when creating a project only if this project service has an active template. After that project services are saved on the first edit. ## Are there points in the code the reviewer needs to double check? - tests that used `build_missing_services` before the change - number of queries executed ## Why was this MR needed? Motivation in #22281 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #22281 See merge request !6958
| * Defer saving project services to the database if there are no user changesadam-build-missing-services-when-necessaryAdam Niedzielski2016-11-161-16/+1
| |
* | Use #to_h to convert params to a hashgrapify-to-hRobert Schilling2016-11-141-0/+5
|/
* Fix project features default valuesFelipe Artur2016-11-011-8/+2
|
* API: Fix booleans not recognized as such when using the `to_boolean` helper23890-api-should-accepts-booleanRémy Coutable2016-10-271-0/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Validate label params against all labels available to project on the APIDouglas Barbosa Alexandre2016-10-191-10/+9
|
* Merge branch 'memoize_shell_secret_token' into 'master' Rémy Coutable2016-10-071-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Memoize Github::Shell's secret token ## What does this MR do? `API::Helpers#secret_token` was reading the secret file on every invocation. This MR reads the file in the `gitlab_shell_secret_token.rb` initializer and saves it as a class variable at `Gitlab::Shell.secret_token` ## Are there points in the code the reviewer needs to double check? - I'm not sure if the use of `cattr_accessor` is the best approach, or if should be moved into the `class << self` block? - Should `API::Helpers#secret_token` be removed in favor of using `Gitlab::Shell.secret_token`? ## Why was this MR needed? Performance optimization. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22510 See merge request !6599
| * Load Github::Shell's secret token from file on initialization instead of ↵Justin DiPierro2016-10-061-1/+1
| | | | | | | | every request.
* | Switch from request to env in ::API::HelpersNick Thomas2016-10-061-1/+1
|/ | | | | | Per https://gitlab.com/gitlab-org/gitlab-ce/issues/22820, this helper is mixed in to classes that lack a `request` method. They do include `env`, so use it instead.
* API: disable rails session auth for non-GET/HEAD requestsNick Thomas2016-09-231-1/+4
|
* Enable Warden for the Grape APINick Thomas2016-09-191-3/+20
| | | | | | | | | | | | | | The practical effect of this commit is to make the API check the Rails session cookie for authentication details. If the cookie is present and valid, it will be used to authenticate. The API now has several authentication options for users. They follow in this order of precedence: * Authentication token * Personal access token * OAuth2 Bearer token (Doorkeeper - application access) * Rails session cookie
* Change response for /ci/api/v1/builds/register.json from 404 to 204Tomasz Maczukin2016-09-131-0/+4
|
* use a nil subject when we want to check global abilitieshttp://jneen.net/2016-08-301-1/+1
|
View Lorry Controller Status