summaryrefslogtreecommitdiff
path: root/lib/api/helpers.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add group milestones API endpointissue_34622Felipe Artur2017-07-211-0/+4
|
* Add user projects APIvanadium232017-07-061-1/+2
|
* Implement review comments from @dbalexandre for !12300.Timothy Andrew2017-06-281-2/+2
|
* When verifying scopes, manually include scopes from `API::API`.Timothy Andrew2017-06-281-4/+19
| | | | | | | | - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases.
* Allow API scope declarations to be applied conditionally.Timothy Andrew2017-06-281-1/+1
| | | | | | | | | | | - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests.
* Initial attempt at refactoring API scope declarations.Timothy Andrew2017-06-281-2/+4
| | | | | | | | | | - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set.
* Enable the Style/PreferredHashMethods coprc/enable-PreferredHashMethods-copRémy Coutable2017-06-021-1/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add missing specsKamil Trzcinski2017-06-011-0/+10
|
* Add :owned param to ProjectFinderToon Claes2017-05-301-5/+2
| | | | And use it in the API.
* Use helper to construct Finder paramsToon Claes2017-05-301-0/+10
| | | | | | | The ProjectsFinder and GroupFinder both support the same set of params. And the `/api/v4/projects` and `/api/v4/group/:id/projects` also support the same set of params. But they do not match the Finder params. So use a helper method to transform them.
* Use ProjectFinder to filter the projectsToon Claes2017-05-301-13/+0
| | | | | Instead of trying to do the heavy lifting in the API itself, use the existing features of the ProjectFinder.
* Handle `membership` in ProjectFinderToon Claes2017-05-301-4/+0
| | | | | The ProjectFinder supports the `non_public` parameter. This can be used to find only projects the user is member of.
* Merge branch '27144-enforce-rubocop-trailing_commas-no_comma-style' into ↵Robert Speicher2017-05-101-1/+1
|\ | | | | | | | | | | | | | | | | | | 'master' Resolve "Use consistent style for trailing commas" Closes #27144 See merge request !11063
| * Enable the Style/TrailingCommaInArguments copRémy Coutable2017-05-101-1/+1
| | | | | | | | | | | | Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Use new SnippetsFinder signature in APIbvl-security-patchesBob Van Landuyt2017-05-101-2/+2
|/
* Allow admins to sudo to blocked users.29505-allow-admins-sudo-to-blocked-usersTimothy Andrew2017-04-261-1/+1
| | | | | | | | | | - Currently, (for example) admins can't delete snippets for blocked users, which is an unexpected limitation. - We modify `authenticate!` to conduct the `access_api` policy check against the `initial_current_user`, instead of the user being impersonated. - Update CHANGELOG for !10842
* Remove the User#is_admin? methodblackst0ne2017-04-091-2/+2
|
* API: Make the /notes endpoint work with noteable iid instead of idToon Claes2017-03-271-0/+5
| | | | | | | | | | | | | | | | In API V4 all endpoints were changed so Merge Requests and Issues should be referred by iid, instead of id. Except the /notes endpoint was forgotten. So change the endpoints from: - /projects/:id/issues/:issue_id/notes - /projects/:id/merge_requests/:merge_request_id/notes To: - /projects/:id/issues/:issue_iid/notes - /projects/:id/merge_requests/:merge_request_iid/notes For Project Snippets nothing changes.
* use the policy stack to protect loginshttp://jneen.net/2017-03-091-1/+1
|
* use a magic default :global symbol instead of nilhttp://jneen.net/2017-03-091-2/+2
| | | | to make sure we mean the global permissions
* API routes referencing a specific merge request should use the MR `iid`Timothy Andrew2017-03-071-4/+4
| | | | | | - As opposed to the `id` that was previously being used. - This brings the API routes closer to the web interface's routes. - This is specific to API v4.
* API routes referencing a specific issue should use the issue `iid`Timothy Andrew2017-03-071-2/+2
| | | | | | - As opposed to the issue `id` that was previously being used. - This brings the API routes closer to the web interface's routes. - This is specific to API v4.
* Test various login scenarios if the limit gets enforcedPawel Chojnacki2017-03-061-7/+8
|
* Remove "subscribed" field from API responses returning list of issues or ↵api-drop-subscribedAdam Niedzielski2017-03-061-8/+0
| | | | merge requests
* Rename query parameter to `membership`28865-filter-by-authorized-projects-in-v4Toon Claes2017-03-031-1/+1
| | | | The query parameter `membership` should be more self-explaining.
* Add filter param for authorized projects for current_user for V4Oswaldo Ferreira2017-03-031-0/+4
|
* Enable filtering milestones by search criteria in the APIMark Fletcher2017-03-021-0/+4
| | | | - Also remove a redundant test
* Return 202 with JSON body on async removals on V4 API3874-correctly-return-json-on-delete-responsesOswaldo2017-02-231-0/+4
|
* Enable Style/MutableConstantDouwe Maan2017-02-231-1/+1
|
* Merge branch '28093-snippet-and-issue-spam-check-on-edit' into 'master'Sean McGivern2017-02-221-0/+4
|\ | | | | | | | | | | | | Spam check and reCAPTCHA improvements Closes #28093 See merge request !9248
| * Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-editOswaldo Ferreira2017-02-211-0/+4
| |
* | No more and/orDouwe Maan2017-02-211-1/+1
|/
* Use grape validation for datesapi-grape-datetimeRobert Schilling2017-02-201-16/+0
|
* API: Consolidate /projects endpointToon Claes2017-02-141-0/+8
| | | | | | | | | | | It consolidates these endpoints: - /projects - /projects/owned - /projects/visible - /projects/starred - /projects/all Into the /projects endpoint using query parameters.
* API: Fix file downloadingRobert Schilling2017-02-031-1/+1
|
* replace `find_with_namespace` with `find_by_full_path`Adam Pahlevi2017-02-031-1/+1
| | | | add complete changelog for !8949
* Merge branch 'fix-api-mr-permissions' into 'security'Robert Speicher2017-01-231-0/+6
| | | | | | Ensure that only privileged users can access merge requests in the API See merge request !2053
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Fix specsKamil Trzcinski2017-01-191-1/+1
|
* Merge remote-tracking branch 'origin/master' into 21698-redis-runner-last-buildKamil Trzcinski2017-01-191-51/+9
|\
| * Merge branch 'time-tracking-api' into 'master' Sean McGivern2017-01-181-0/+4
| |\ | | | | | | | | | | | | | | | | | | Time tracking API Closes #25861 See merge request !8483
| | * Add some API endpoints for time tracking.Ruben Davila2017-01-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New endpoints are: POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/add_spent_time" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_spent_time" GET :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_stats"
| * | Fix a API deprecation warningfix-deprecation-warningRobert Schilling2017-01-161-1/+1
| |/
| * fix pipelines/index.html.haml merge conflictRegis2017-01-021-2/+2
| |\
| | * Merge branch 'fix-api-deprecation' into 'master' Robert Schilling2016-12-281-1/+1
| | |\ | | | | | | | | | | | | | | | | Fix a Grape deprecation, use `#request_method` instead of `#route_method` See merge request !8297
| | | * Fix a Grape deprecation, use `#request_method` instead of `#route_method`fix-api-deprecationRémy Coutable2016-12-231-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| | * | Add more storage statisticsMarkus Koller2016-12-211-1/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds counters for build artifacts and LFS objects, and moves the preexisting repository_size and commit_count from the projects table into a new project_statistics table. The counters are displayed in the administration area for projects and groups, and also available through the API for admins (on */all) and normal users (on */owned) The statistics are updated through ProjectCacheWorker, which can now do more granular updates with the new :statistics argument.
| * | Remove redundant pagination helpers after a bad mergeGrzegorz Bizon2016-12-211-32/+0
| | | | | | | | | | | | [ci skip]
| * | Merge branch 'master' into auto-pipelines-vueGrzegorz Bizon2016-12-211-12/+3
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (367 commits) Set “Remove branch” button to default size remove unused helper method reduce common code even further to satisfy rake flay remove button class size alteration from revert and cherry pick links factor out common code to satisfy rake flay homogenize revert and cherry-pick button styles generated by commits_helper apply margin on alert banners only when there is one or more alerts Rename MattermostNotificationService back to MattermostService Rename SlackNotificationService back to SlackService Fix stage and pipeline specs and rubocop offenses Added QueryRecorder to test N+1 fix on Milestone#show Use gitlab-workhorse 1.2.1 Make 'unmarked as WIP' message more consistent Improve specs for Files API Allow unauthenticated access to Repositories Files API GET endpoints Add isolated view spec for pipeline stage partial Move test for HTML stage endpoint to controller specs Fix sizing of avatar circles; add border Fix broken test Fix broken test Changes after review ... Conflicts: app/assets/stylesheets/pages/pipelines.scss app/controllers/projects/pipelines_controller.rb app/views/projects/pipelines/index.html.haml spec/features/projects/pipelines/pipelines_spec.rb
| | * Calls to the API are checked for scope.Timothy Andrew2016-12-161-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
View Lorry Controller Status