| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This refactors Gitlab::Identifier so it uses fewer queries and is
actually tested. Queries are reduced by caching the output as well as
using 1 query (instead of 2) to find a user using an SSH key.
|
| | |
|
| |
|
|
| |
source project
|
| |
|
|
|
|
|
|
| |
Use just SQL to check is a user can admin_issue on a project
Tradeoff
- we duplicate how we check admin_issue in a SQL relation in the Ability class
|
| |
|
|
| |
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5620#note_13671791
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* upstream/master: (233 commits)
Fix awardable button mutuality loading spinners
Update CHANGELOG for 8.10.5
Clean up project destruction
Small refactor of doc/development/README.md
Avoid commit lookup on diff_helper
Removed extra newline from redis_spec.rb
Used cached value of project count to reduce DB load
Remove duplicate link_to statements
Mention add_column_with_default in downtime guide
Add missing space to generic badge template
Rename `run` task helper method to prevent conflict with StateMachine
Add a method in Project to return a cached value of total count of projects
spellcheck
Add svg guidelines to ui guide
Add Changelog entry for Grape upgrade [ci skip]
Fix Grape tests.
Retain old behavior
Update Grape from 0.13.0 to 0.15.0.
adds second batch of tests changed to active tense
fixes part1 of files to start using active tense
...
|
| | | |
|
| | | |
|
| |/
|
|
| |
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5620#note_13540099
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added the ability to block sign ups using a domain blacklist.
As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.
Fixes #19749
Related to #5573
See merge request !5259
|
| | |
| |
| |
| | |
tests.
|
| | |
| |
| |
| | |
better conform to its behavior and newly introduced behavior.
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
| |
Prior, when providing a `min_access_level` parameter to this method, we
called `Gitlab::Access.values` instead of `all_values`, mistakenly
omitting the `OWNER` level.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19878
|
| | |
|
| | |
|
| |
|
|
|
|
| |
As requested by the issue #14508 this adds an option in the application
settings to set newly registered users by default as external. The
default setting is set to false to stay backward compatible.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
private projects
The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.
Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.
Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...
My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.
Now they are all secure.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
|
| |
Feedback from:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12301563
|
| |
|
|
| |
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12274602
|
| |
|
|
|
| |
Feedback:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12217415
|
| | |
|
| |
|
|
|
| |
Feedback from:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12194552
|
| |
|
|
|
| |
Feedback from:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12194489
|
| |
|
|
|
| |
Feedback from:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4404#note_12194471
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
`otp_required_for_login` column on `users`.
- This commit changes things a bit:
- `User#two_factor_enabled` is not a method anymore
- `User#two_factor_enabled?` checks both the
`otp_required_for_login` column, as well as `U2fRegistration`s
- Change all instances of `User#two_factor_enabled` to
`User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
model level.
|
| |\ |
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| | |
# Conflicts:
# app/controllers/projects/merge_requests_controller.rb
# app/models/note.rb
# db/schema.rb
# spec/models/note_spec.rb
|
| | | |
|
| |\ \
| |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:
1. It assumes a user can always view all of their starred projects in
perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
can view. This is currently the case, but bugs happen.
Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In 8278b763d96ef10c6494409b18b7eb541463af29 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.
Fixes: #17382
|
| |/ |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
This reverts commit 01160fc06182de89c400af174861f6545ad6ceb8, reversing
changes made to 4bff9daf8b6d85e9c78565e21cfaa3f6d36f0282.
|
| | |
| |
| |
| | |
Also incorporates the review into this, mainly spec changes.
|
| |/
|
|
|
| |
The user has the rights of a public user execpt it can never create a project,
group, or team. Also it cant view internal projects.
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Only validate avatar cropping values when avatar is present AND changed
Closes #13905
See merge request !3018
|
| | |
| |
| |
| | |
Closes #13905
|
| |/
|
|
|
|
| |
Prior, if the user enabled 2FA, then disabled it and came back some time
after the grace period expired, they would be forced to enable 2FA
immediately.
|
| | |
|
| | |
|
