summaryrefslogtreecommitdiff
path: root/spec/controllers
Commit message (Collapse)AuthorAgeFilesLines
* fix blob controller spec failure - updated not to use file-path-fix/blob-controller-specJames Lopez2016-11-291-1/+1
|
* Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'Douwe Maan2016-11-282-2/+33
| | | | | | | | | | | | | | | | | | | | | | | | Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested - [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030
* Merge branch 'jej-22869' into 'security'Douwe Maan2016-11-281-0/+49
| | | | | | | | | | | | | | | | | | Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023
* Ensure user is authenticated to create a new snippet25026-authenticate-user-for-new-snippetRémy Coutable2016-11-281-0/+22
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'fix-dead-help-link' into 'master' Rémy Coutable2016-11-281-11/+3
|\ | | | | | | | | Fix a broken link and avoid potential creation of future broken links on the help page. See merge request !7582
| * Fix broken external links in help/index.htmlDavid Wagner2016-11-201-11/+3
| | | | | | | | | | | | | | | | | | | | | | An external link was recently added but was broken because 'https://gitlab.com/help/' was prepended to every link in the page. Since no link in the main help readme begins with "help" and since doing so wouldn't make sense, the substitution conditionaly prepending "help" can be simplified and reused. Signed-off-by: David Wagner <david@marvid.fr>
* | Merge branch 'rephrase-system-notes' into 'master' Robert Speicher2016-11-251-1/+1
|\ \ | | | | | | | | | | | | Rephrase some system notes to be compatible with new system note style See merge request !7692
| * | Rephrase some system notes to be compatible with new system note stylerephrase-system-notesDouwe Maan2016-11-241-1/+1
| | |
* | | Merge branch 'dz-allow-nested-group-routing' into 'master' Douwe Maan2016-11-241-4/+19
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add nested groups support to the routing ## What does this MR do? It allows routing with `/` in namespace name ## Why was this MR needed? For nested groups feature(https://gitlab.com/gitlab-org/gitlab-ce/issues/2772). We need URI like `/group/subgroup/project` be routed correctly ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/2772 See merge request !7459
| * | Add nested groups support to the routingdz-allow-nested-group-routingDmitriy Zaporozhets2016-11-231-4/+19
| | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | Merge branch 'rs-project-team-helpers' into 'master' Sean McGivern2016-11-221-15/+15
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add shortcuts for adding users to a project team with a specific role Closes #20944 See merge request !7565
| * | | Add shortcuts for adding users to a project team with a specific rolers-project-team-helpersRobert Speicher2016-11-181-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944
* | | | Merge branch '24576_cant_stop_impersonating' into 'master' Sean McGivern2016-11-221-7/+21
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | Allow admins to stop impersonating users without e-mail addresses Closes #24576 See merge request !7550
| * | | Allow admins to stop impersonating users without e-mail addressesOren Kanner2016-11-171-7/+21
| |/ / | | | | | | | | | | | | | | | | | | | | | Resolves #24576 Modify the guard clause of the `ApplicationController#require_email` before action to skip requests where an admin is impersonating the current user.
* | | Updated code based on feedbackfix/cycle-analytics-no-dataJames Lopez2016-11-211-2/+2
| | |
* | | Adds a flag to reflect whether or not there is data in cycle analyticsJames Lopez2016-11-211-0/+43
| |/ |/|
* | Merge remote-tracking branch 'origin/master' into 22539-display-foldersKamil Trzcinski2016-11-187-19/+115
|\ \ | |/
| * Merge branch 'fix-singin-redirect-for-fork-new' into 'master' Sean McGivern2016-11-171-0/+58
| |\ | | | | | | | | | | | | | | | | | | Fixing the issue of visiting a project fork url giving 500 error when not signed… Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24302 See merge request !7392
| | * Remove newlines between context and it in addition to testing redirection ↵Cagdas Gerede2016-11-151-6/+1
| | | | | | | | | | | | for create action to import path
| | * Add authentication for for create action. Add more tests for for new and ↵Cagdas Gerede2016-11-151-6/+55
| | | | | | | | | | | | create actions
| | * Move sign_out out of it into beforeCagdas Gerede2016-11-131-2/+1
| | |
| | * Replace tabs with spacesEarth2016-11-131-1/+1
| | |
| | * Add a unit test for redirecting to sign-in page when user is not logged in ↵Earth2016-11-131-0/+15
| | | | | | | | | | | | and user visits the new fork page
| * | Add toggle_subscription action to Groups::LabelsControllerDouglas Barbosa Alexandre2016-11-171-0/+22
| | |
| * | Add helper method to toggle label subscription on labels controller specDouglas Barbosa Alexandre2016-11-171-2/+6
| | |
| * | Remove default value for `project` argument on subscribable concernDouglas Barbosa Alexandre2016-11-172-8/+8
| | |
| * | Allow users to subscribe to group labels at project-levelDouglas Barbosa Alexandre2016-11-171-7/+19
| | |
| * | Fix specs to pass a project when creating subscriptionsDouglas Barbosa Alexandre2016-11-171-2/+2
| | |
| * | Merge branch '21992-disable-access-requests-by-default' into 'master' Robert Speicher2016-11-162-2/+2
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable the "request access" functionality by default for new groups and projects Currently this feature is enabled by default, and additional action is required to disable it. Closes #21992 Closes !7011 See merge request !7425
| | * | Make access request specs explicitly enable or disable access requests as ↵Nick Thomas2016-11-112-2/+2
| | |/ | | | | | | | | | required
* | | Add controller specs for environments index actionGrzegorz Bizon2016-11-161-6/+27
|/ /
* | Merge branch '21076-deleted-merged-branches' into 'master' Douwe Maan2016-11-151-4/+54
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add button to delete all merged branches ## What does this MR do? It adds a button to the branches page that the user can use to delete all the branches that are already merged. This can be used to clean up all the branches that were forgotten to delete while merging MRs. **Note** ~~This MR is WIP until MR !6408 is merged.~~ ## Are there points in the code the reviewer needs to double check? The UX of the actual "Delete merged branches" button. ## Why was this MR needed? Fixes #21076 ## Screenshots ![Branches page without "Delete all merged" button](/uploads/3a2936a83c3547a0fce92a74af880a2d/Screen_Shot_2016-10-17_at_20.06.30.png) Before: ![Screen_Shot_2016-10-17_at_20.07.11](/uploads/55efcebf4e0a45dbfc70ba4a11ca152c/Screen_Shot_2016-10-17_at_20.07.11.png) After: ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #21076 See merge request !6449
| * | Add button to delete all merged branchesToon Claes2016-11-091-4/+54
| | | | | | | | | | | | | | | | | | | | | | | | It adds a button to the branches page that the user can use to delete all the branches that are already merged. This can be used to clean up all the branches that were forgotten to delete while merging MRs. Fixes #21076.
* | | Merge branch 'fix-help-page-links' into 'master' Rémy Coutable2016-11-141-0/+38
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix error links in help index page when access it with url `http://gitlab.example.com/help/` which have an extra slash Fixes #24349 See merge request !7396
| * | | fix error links in help pageFu Xu2016-11-121-0/+38
| | |/ | |/|
* | | Ensure labels are loaded on "show" methods of MRAlex Sanford2016-11-111-0/+25
|/ / | | | | | | | | Previously, they were only being loaded on the actual `show` action, but not the actions representing the tabs (commits, builds, etc).
* | Merge branch 'use-separate-token-for-incoming-email' into 'master' Douwe Maan2016-11-081-0/+27
|\ \ | | | | | | | | | | | | Use separate email-friendly token for incoming email See merge request !5914
| * | implements reset incoming email token on issues modal and account page,use-separate-token-for-incoming-emailtiagonbotelho2016-11-071-0/+27
| |/ | | | | | | reactivates all tests and writes more tests for it
* | Add tests for project#index routingDmitriy Zaporozhets2016-11-071-0/+20
|/ | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Complete and improve specsRémy Coutable2016-11-041-14/+54
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add setting to only allow merge requests to be merged when all discussions ↵Rodolfo Santos2016-11-041-0/+26
| | | | | | are resolved Signed-off-by: Rémy Coutable <remy@rymai.me>
* Implement CreateMembers service to make controller thinrefactor_group_membersValery Sizov2016-11-011-34/+34
|
* Merge branch '23106-events-default-scope-results-in-a-slow-query' into 'master' Yorick Peterse2016-10-311-1/+1
|\ | | | | | | | | Optimize Event queries by removing default order See merge request !7130
| * Optimize Event queries by removing default order23106-events-default-scope-results-in-a-slow-queryAlejandro Rodríguez2016-10-271-1/+1
| |
* | Merge branch 'adam-fix-labels-find-or-create' into 'master' Douwe Maan2016-10-281-5/+16
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pass user instance to Labels::FindOrCreateService or skip_authorization: true ## What does this MR do? It fixes a bug described in #23694 when `project.owner` was passed to `Labels::FindOrCreateService`. `Labels::FindOrCreateService` expected a user instance and `project.owner` may return a group as well. This MR makes sure that we either pass a user instance or `skip_authorization: true`. ## Are there points in the code the reviewer needs to double check? - places where we pass `skip_authorization: true` ## Does this MR meet the acceptance criteria? - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #23694 See merge request !7093
| * | Pass user instance to Labels::FindOrCreateService or skip_authorization: trueadam-fix-labels-find-or-createAdam Niedzielski2016-10-281-5/+16
| |/ | | | | | | | | | | Do not pass project.owner because it may return a group and Labels::FindOrCreateService throws an error in this case. Fixes #23694.
* | Merge branch 'master' into 5905-duplicate-email-errorsSteve Halasz2016-10-272-74/+86
|\ \ | |/ | | | | Getting latest CHANGELOG so I can resolve merge conflict
| * Merge branch 'master' into issue-board-sidebarissue-board-sidebarPhil Hughes2016-10-265-74/+226
| |\
| | * Merge branch 'add-test-for-snippet-download' into 'master' Rémy Coutable2016-10-251-73/+83
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | Adds test for feature in this MR https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6720 https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6720 See merge request !6854
| | | * Add missing tests for download snippetSemyon Pupkov2016-10-131-73/+83
| | | | | | | | | | | | | | | | ref: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6720
View Lorry Controller Status