summaryrefslogtreecommitdiff
path: root/lib/api
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Enforce restricted visibilities for snippetsVinnie Okada2015-03-081-9/+13
| | | | | | | | | | | | | | | | | | Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users.
| * | Allow admins to override restricted visibilityVinnie Okada2015-03-082-4/+4
| | | | | | | | | | | | | | | Allow admins to use restricted visibility levels when creating or updating projects.
* | | Use `project_member` instead of `team_member`.Douwe Maan2015-03-151-14/+14
| | |
* | | Use `group_member` instead of `users_group` or `membership`.Douwe Maan2015-03-151-5/+5
| |/ |/|
* | use constant-time string compare for internal api authenticationJörg Thalheim2015-03-061-1/+4
|/ | | | | | | Ruby str_equal uses memcmp internally to compare String. Memcmp is vunerable to timing attacks because it returns early on mismatch (on most x32 platforms memcmp uses a bytewise comparision). Devise.secure_compare implements a constant time comparision instead.
* Merge branch 'project-existence-leak' into 'master'Dmitriy Zaporozhets2015-03-031-17/+22
|\ | | | | | | | | | | | | | | | | | | Don't leak information about private project existence via Git-over-SSH/HTTP. Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343. Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it. See merge request !1578
| * Don't leak information about private project existence via Git-over-SSH/HTTP.Douwe Maan2015-03-021-17/+22
| |
* | Enable ParenthesesAsGroupedExpression ruleDmitriy Zaporozhets2015-03-021-1/+1
| |
* | Merge pull request #8890 from sue445/feature/project_api_avatar_urlJeroen van Baarsen2015-03-011-0/+1
|\ \ | |/ |/| Expose avatar_url in projects API
| * Expose avatar_url in projects APIsue4452015-03-011-0/+1
| | | | | | | | | | | | * Impl Project#avatar_url * Refactor ApplicationHelper: Use Project#avatar_url * Update changelog
* | Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirmDmitriy Zaporozhets2015-02-2721-151/+614
|\ \ | |/ | | | | | | Conflicts: lib/api/users.rb
| * Improve error messages when file editing failsVinnie Okada2015-02-221-1/+2
| | | | | | | | | | Give more specific errors in API responses and web UI flash messages when a file update fails.
| * Improve broadcast message APIDmitriy Zaporozhets2015-02-182-2/+4
| |
| * Dont send 404 if no broadcast messages now because it flood gitlab-shell ↵Dmitriy Zaporozhets2015-02-181-2/+0
| | | | | | | | logs with 404 errors :(
| * Remove Group#owner_id from API since it is not used any moreDmitriy Zaporozhets2015-02-172-2/+2
| |
| * Edit group members via APIVinnie Okada2015-02-113-10/+31
| | | | | | | | | | Add an API endpoint to update the access level of an existing group member.
| * Add internal broadcast message API.Douwe Maan2015-02-072-0/+12
| |
| * Refactor and improve sorting objects in API for projects, issues and merge ↵Dmitriy Zaporozhets2015-02-054-58/+72
| | | | | | | | requests
| * Explicitly define ordering in models using default_scopeDmitriy Zaporozhets2015-02-051-2/+0
| |
| * Merge pull request #8712 from jvanbaarsen/add-merge-request-files-endpointDmitriy Zaporozhets2015-02-042-5/+27
| |\ | | | | | | Added a way to retrieve MR files
| | * Added a way to retrieve MR filesJeroen van Baarsen2015-02-042-5/+27
| | | | | | | | | | | | Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
| * | Merge pull request #8723 from jubianchi/api-groups-pathDmitriy Zaporozhets2015-02-033-34/+23
| |\ \ | | | | | | | | Access groups using path
| | * | Acces groups with their path in APIjubianchi2015-02-033-34/+23
| | | |
| * | | Rubocop: Style/CaseIndentation enabledDmitriy Zaporozhets2015-02-021-5/+2
| | | |
| * | | Avoid using {...} for multi-line blocksDmitriy Zaporozhets2015-02-024-9/+7
| | | |
| * | | Rubocop enabled for: Use spaces inside hash literal bracesDmitriy Zaporozhets2015-02-024-5/+5
| |/ /
| * | Convert hashes to ruby 1.9 styleDmitriy Zaporozhets2015-02-022-3/+3
| |/
| * Merge pull request #8609 from ↵Dmitriy Zaporozhets2015-01-271-8/+29
| |\ | | | | | | | | | | | | jubianchi/issues/6289-api-handle-error-project-repo Handle errors on API when a project does not have a repository
| | * Handle errors on API when a project does not have a repository (Closes #6289)jubianchi2015-01-191-8/+29
| | |
| * | Merge branch 'feature_api_project_edit' into 'master'Dmitriy Zaporozhets2015-01-221-0/+43
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Implement edit via API for projects I've picked up https://github.com/gitlabhq/gitlabhq/pull/8055 fixed the few hound warnings and replaced all double quotes in the spec file where possible. # From the original PR: Implements edit via API for projects. Edit was part of missing features in feature request Full CRUD operations via API for projects. http://feedback.gitlab.com/forums/176466-general/suggestions/3904506-full-crud-operations-via-api-for-projects Feature is implemented using existing UpdateService for projects. Permission to change visibility level and name are checked in addition to check for permission to administer project. Doesn't allow updating project namespace id, because there was existing API-method for transferring project to a group. Documentation added to doc/api/projects.md. Uses API request PUT /projects/:id . Tests included for: 1. Success for changing path 2. Success for changing name 3. Success for changing visibility level 4. Success for changing all other attributes 5. Success for changing name & path to existing name & path but in different namespace 6. Failure if not authenticated 7. Failure if path exists in project's namespace 8. Failure if name exists in project's namespace 9. Failure if not sufficient permission to change name 10. Failure if not sufficient permission to change visibility level 11. Failure if not sufficient permission to change other attributes Allows updating following parameters: * name * path * visibility_level * public * default_branch * issues_enabled * wiki_enabled * snippets_enabled * merge_requests_enabled * description See merge request !310
| | * | Implement edit via API for projectsMika Mäenpää2015-01-221-0/+43
| | | |
| * | | Fix the test and add documentation for the "per-milestone issues API call"Hannes Rosenögger2015-01-221-1/+1
| | | |
| * | | Add per-milestone issues API callJustin Whear2015-01-221-0/+15
| |/ /
| * | developer can push to protected branchesValery Sizov2015-01-201-6/+2
| |/
| * Merge pull request #8464 from dserodio/group-api-descriptionDmitriy Zaporozhets2015-01-182-2/+2
| |\ | | | | | | Add description attribute to group API (GET and POST)
| | * Add description attribute to group API (GET and POST)Daniel Serodio2015-01-162-2/+2
| | |
| * | Merge pull request #8307 from cirosantilli/project-api-comment-typoJeroen van Baarsen2015-01-181-1/+1
| |\ \ | | |/ | |/| Typo in project API events comment
| | * Typo in project API events commentCiro Santilli2014-11-141-1/+1
| | |
| * | Merge pull request #8096 from cirosantilli/regex-to-stringDmitriy Zaporozhets2015-01-151-2/+2
| |\ \ | | | | | | | | Replace regex methods by string ones since faster and more readable
| | * | Replace regex methods by string ones since fasterCiro Santilli2014-12-281-2/+2
| | | | | | | | | | | | | | | | and more readable.
| * | | Add search filter option on project api for authorized projects.Marin Jankovski2015-01-121-3/+4
| | | |
| * | | Fix failing tests due to updates on the return messages.Marin Jankovski2015-01-074-8/+8
| | | |
| * | | Add a message when unable to save an object through api.Marin Jankovski2015-01-078-15/+15
| | | |
| * | | Forward the messages in api response.Marin Jankovski2014-12-306-8/+8
| | | |
| * | | Message for api files and groups.Marin Jankovski2014-12-303-5/+5
| | | |
| * | | Clearer message if adding comment to commit via api fails.Marin Jankovski2014-12-301-1/+1
| | | |
| * | | Update branch api not found messages to 'Branch not found'.Marin Jankovski2014-12-302-5/+6
| | | |
| * | | Add group filtering by name for APIDmitriy Zaporozhets2014-12-301-5/+8
| | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * | | Merge pull request #7675 from yglukhov/patch_notes_apiDmitriy Zaporozhets2014-12-291-0/+33
| |\ \ \ | | | | | | | | | | Implemented notes (body) patching in API.
| | * | | Implemented notes (body) patching in API.uran2014-12-251-0/+33
| | | | |
View Lorry Controller Status