summaryrefslogtreecommitdiff
path: root/lib/api
Commit message (Collapse)AuthorAgeFilesLines
...
* | Modified lib/api/entities.rb to expose Project class tag_list property to ↵Cristian Medina2015-04-031-1/+1
| | | | | | | | | | | | | | | | the API Updated projects.md to show tag_list field when performing GETs Updated projects_spec.rb to include check for tag_list key in project list Added changes to the CHANGELOG
* | Merge branch 'repository-archive-worker' into 'master'Dmitriy Zaporozhets2015-04-021-5/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Archive repositories in background worker. Depends on https://gitlab.com/gitlab-org/gitlab_git/merge_requests/17 being merged, a new `gitlab_git` being released and this MR's `Gemfile.lock` being updated.. See private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2173. To do after this is merged: Update https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb in omnibus. See merge request !436
| * | Archive repositories in background worker.Douwe Maan2015-03-311-5/+6
| |/
* | Merge pull request #9023 from dantudor/patch-1Dmitriy Zaporozhets2015-03-311-3/+3
|\ \ | |/ |/| Allow ability to delete branches with '/` in name
| * Added the missing commaDan Tudor2015-03-311-1/+1
| |
| * Allow ability to delete branches with '/` in nameDan Tudor2015-03-251-3/+3
| |
* | Merge branch 'events-paginate' into 'master'Douwe Maan2015-03-301-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Events paginate Updated the api method for /project/:id/events, to use the paginate method instead of limiting and offsetting the recent events in the method itself. This will also change the first page to be 1 instead of 0, but using 0 will still work and will give back the first page. This also add's the link headers (next/first/last). See merge request !267
| * | Updated api method GET /projects/:id/events to use paginate instead of a ↵Stephan van Leeuwen2015-03-241-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | self-implementation Also updated example request url Added changelog item
* | | properly paginate project events in APINihad Abbasov2015-03-291-4/+1
| | |
* | | Merge branch 'master' into 'master'Dmitriy Zaporozhets2015-03-261-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change ordering so that confirm is removed from attrs before attempting to User.build_user Possible fix gitlab-org/gitlab-ce#1296 See merge request !445
| * | | Change ordering so that confirm is removed from attrs before attempting to ↵RICKETTM@uk.ibm.com2015-03-241-2/+2
| |/ / | | | | | | | | | User.build_user
* | | Merge branch 'more-rubocop-styles' into 'master'Dmitriy Zaporozhets2015-03-251-2/+2
|\ \ \ | |_|/ |/| | | | | | | | | | | More rubocop styles See merge request !449
| * | Enable more rubocop style checksDmitriy Zaporozhets2015-03-241-2/+2
| | |
* | | Merge branch 'api-internal-errors' into 'master'Dmitriy Zaporozhets2015-03-252-21/+20
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
| * | Respond with full GitAccess error if user has project read access.api-internal-errorsDouwe Maan2015-03-241-1/+1
| | |
| * | Refactor GitAccess to use instance variables.Douwe Maan2015-03-242-20/+19
| |/
* | Unescape branch param to deleteDan Tudor2015-03-241-1/+2
|/ | | | Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F` This patch will unescape the param prior to executing the delete action.
* Merge branch 'fix-restricted-visibility' into 'master'Dmitriy Zaporozhets2015-03-163-15/+19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restricted visibility levels - bug fix and new feature This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903. ## Move configuration location I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked: ![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png) ## Allow admins to override To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level. The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected. Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level. ## TODO * [x] Add more tests for restricted visibility functionality cc @sytse @dzaporozhets See merge request !1655
| * Merge branch 'master' into fix-restricted-visibilityVinnie Okada2015-03-141-1/+4
| |\ | | | | | | | | | | | | Conflicts: db/schema.rb
| * | More restricted visibility changesVinnie Okada2015-03-101-4/+4
| | | | | | | | | | | | Bug fixes and new tests for the restricted visibility changes.
| * | Enforce restricted visibilities for snippetsVinnie Okada2015-03-081-9/+13
| | | | | | | | | | | | | | | | | | Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users.
| * | Allow admins to override restricted visibilityVinnie Okada2015-03-082-4/+4
| | | | | | | | | | | | | | | Allow admins to use restricted visibility levels when creating or updating projects.
* | | Use `project_member` instead of `team_member`.Douwe Maan2015-03-151-14/+14
| | |
* | | Use `group_member` instead of `users_group` or `membership`.Douwe Maan2015-03-151-5/+5
| |/ |/|
* | use constant-time string compare for internal api authenticationJörg Thalheim2015-03-061-1/+4
|/ | | | | | | Ruby str_equal uses memcmp internally to compare String. Memcmp is vunerable to timing attacks because it returns early on mismatch (on most x32 platforms memcmp uses a bytewise comparision). Devise.secure_compare implements a constant time comparision instead.
* Merge branch 'project-existence-leak' into 'master'Dmitriy Zaporozhets2015-03-031-17/+22
|\ | | | | | | | | | | | | | | | | | | Don't leak information about private project existence via Git-over-SSH/HTTP. Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343. Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it. See merge request !1578
| * Don't leak information about private project existence via Git-over-SSH/HTTP.Douwe Maan2015-03-021-17/+22
| |
* | Enable ParenthesesAsGroupedExpression ruleDmitriy Zaporozhets2015-03-021-1/+1
| |
* | Merge pull request #8890 from sue445/feature/project_api_avatar_urlJeroen van Baarsen2015-03-011-0/+1
|\ \ | |/ |/| Expose avatar_url in projects API
| * Expose avatar_url in projects APIsue4452015-03-011-0/+1
| | | | | | | | | | | | * Impl Project#avatar_url * Refactor ApplicationHelper: Use Project#avatar_url * Update changelog
* | Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirmDmitriy Zaporozhets2015-02-2721-151/+614
|\ \ | |/ | | | | | | Conflicts: lib/api/users.rb
| * Improve error messages when file editing failsVinnie Okada2015-02-221-1/+2
| | | | | | | | | | Give more specific errors in API responses and web UI flash messages when a file update fails.
| * Improve broadcast message APIDmitriy Zaporozhets2015-02-182-2/+4
| |
| * Dont send 404 if no broadcast messages now because it flood gitlab-shell ↵Dmitriy Zaporozhets2015-02-181-2/+0
| | | | | | | | logs with 404 errors :(
| * Remove Group#owner_id from API since it is not used any moreDmitriy Zaporozhets2015-02-172-2/+2
| |
| * Edit group members via APIVinnie Okada2015-02-113-10/+31
| | | | | | | | | | Add an API endpoint to update the access level of an existing group member.
| * Add internal broadcast message API.Douwe Maan2015-02-072-0/+12
| |
| * Refactor and improve sorting objects in API for projects, issues and merge ↵Dmitriy Zaporozhets2015-02-054-58/+72
| | | | | | | | requests
| * Explicitly define ordering in models using default_scopeDmitriy Zaporozhets2015-02-051-2/+0
| |
| * Merge pull request #8712 from jvanbaarsen/add-merge-request-files-endpointDmitriy Zaporozhets2015-02-042-5/+27
| |\ | | | | | | Added a way to retrieve MR files
| | * Added a way to retrieve MR filesJeroen van Baarsen2015-02-042-5/+27
| | | | | | | | | | | | Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
| * | Merge pull request #8723 from jubianchi/api-groups-pathDmitriy Zaporozhets2015-02-033-34/+23
| |\ \ | | | | | | | | Access groups using path
| | * | Acces groups with their path in APIjubianchi2015-02-033-34/+23
| | | |
| * | | Rubocop: Style/CaseIndentation enabledDmitriy Zaporozhets2015-02-021-5/+2
| | | |
| * | | Avoid using {...} for multi-line blocksDmitriy Zaporozhets2015-02-024-9/+7
| | | |
| * | | Rubocop enabled for: Use spaces inside hash literal bracesDmitriy Zaporozhets2015-02-024-5/+5
| |/ /
| * | Convert hashes to ruby 1.9 styleDmitriy Zaporozhets2015-02-022-3/+3
| |/
| * Merge pull request #8609 from ↵Dmitriy Zaporozhets2015-01-271-8/+29
| |\ | | | | | | | | | | | | jubianchi/issues/6289-api-handle-error-project-repo Handle errors on API when a project does not have a repository
| | * Handle errors on API when a project does not have a repository (Closes #6289)jubianchi2015-01-191-8/+29
| | |
| * | Merge branch 'feature_api_project_edit' into 'master'Dmitriy Zaporozhets2015-01-221-0/+43
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Implement edit via API for projects I've picked up https://github.com/gitlabhq/gitlabhq/pull/8055 fixed the few hound warnings and replaced all double quotes in the spec file where possible. # From the original PR: Implements edit via API for projects. Edit was part of missing features in feature request Full CRUD operations via API for projects. http://feedback.gitlab.com/forums/176466-general/suggestions/3904506-full-crud-operations-via-api-for-projects Feature is implemented using existing UpdateService for projects. Permission to change visibility level and name are checked in addition to check for permission to administer project. Doesn't allow updating project namespace id, because there was existing API-method for transferring project to a group. Documentation added to doc/api/projects.md. Uses API request PUT /projects/:id . Tests included for: 1. Success for changing path 2. Success for changing name 3. Success for changing visibility level 4. Success for changing all other attributes 5. Success for changing name & path to existing name & path but in different namespace 6. Failure if not authenticated 7. Failure if path exists in project's namespace 8. Failure if name exists in project's namespace 9. Failure if not sufficient permission to change name 10. Failure if not sufficient permission to change visibility level 11. Failure if not sufficient permission to change other attributes Allows updating following parameters: * name * path * visibility_level * public * default_branch * issues_enabled * wiki_enabled * snippets_enabled * merge_requests_enabled * description See merge request !310
View Lorry Controller Status