summaryrefslogtreecommitdiff
path: root/spec/policies
Commit message (Collapse)AuthorAgeFilesLines
* Rephrase "maintainer" to more precise "members who can merge to the target ↵42751-rename-mr-maintainer-pushMark Chao2018-06-013-3/+3
| | | | | | branch" "Maintainer" will be freed to be used for #42751
* Enable update_(build|pipeline) for maintainersJan Provaznik2018-05-153-1/+26
|
* Allows `access_(git|api)` to anonymous usersBob Van Landuyt2018-05-101-13/+39
| | | | | | | | | | | The `access_git` and `access_api` were currently never checked for anonymous users. And they would also be allowed access: An anonymous user can clone and pull from a public repo An anonymous user can request public information from the API So the policy didn't actually reflect what we were enforcing.
* Block access to API & git when terms are enforcedBob Van Landuyt2018-05-101-0/+64
| | | | | | When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms.
* Enforces terms in the web applicationBob Van Landuyt2018-05-041-0/+2
| | | | | | | | | | | | | | | | | | | | This enforces the terms in the web application. These cases are specced: - Logging in: When terms are enforced, and a user logs in that has not accepted the terms, they are presented with the screen. They get directed to their customized root path afterwards. - Signing up: After signing up, the first screen the user is presented with the screen to accept the terms. After they accept they are directed to the dashboard. - While a session is active: - For a GET: The user will be directed to the terms page first, after they accept the terms, they will be directed to the page they were going to - For any other request: They are directed to the terms, after they accept the terms, they are directed back to the page they came from to retry the request. Any information entered would be persisted in localstorage and available on the page.
* Allow a user to accept/decline termsBob Van Landuyt2018-05-041-0/+50
| | | | | When a user accepts, we store this in the agreements to keep track of which terms they accepted. We also update the flag on the user.
* Make the user dropdown reusableBob Van Landuyt2018-05-041-5/+13
| | | | | | | We will reuse the the dropdown, but exclude some menu items based on permissions. So moving the menu to a partial, and adding checks for each menu item here.
* Fix users not seeing labels from private groups when being a member of a ↵Felipe Artur2018-04-231-2/+25
| | | | child project
* Prevent awarding emoji when a project is archivedBob Van Landuyt2018-04-112-1/+14
| | | | This prevents performing the requests, and disables all emoji reaction buttons
* Rename `create_merge_request` permissionsBob Van Landuyt2018-04-111-6/+7
| | | | | | | | | | So we can distinguish between the permissions on the source and the target project. - `create_merge_request_from` indicates a user can create a merge request with the project as a source_project - `create_merge_request_in` indicates a user can create a merge request with the project as a target_project
* Prevent new merge requests for archived projectsBob Van Landuyt2018-04-111-1/+16
| | | | | | | This prevents creating merge requests targeting archived projects. This could happen when a project was already forked, but then the source was archived.
* Update policies to make archived projects completely read-onlyDouwe Maan2018-04-101-2/+65
|
* Remove edit_note and update_note abilities in favor of admin_noteDouwe Maan2018-04-101-4/+0
|
* Rename delete_protected_branch ability to push_to_delete_protected_branch to ↵Douwe Maan2018-04-101-1/+1
| | | | prevent confusion with destroy_protected_branch
* Increase test suite around deploy tokens behaviorMayra Cabrera2018-04-061-1/+1
| | | | Also, fixes broken specs
* Include ProjectDeployTokensMayra Cabrera2018-04-061-1/+1
| | | | | | Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs
* Support Deploy Tokens properly without hacking abilitiesKamil Trzciński2018-04-061-2/+2
|
* Addreses backend review suggestionsMayra Cabrera2018-04-061-0/+45
| | | | | | - Remove extra method for authorize_admin_project - Ensure project presence - Rename 'read_repo' to 'read_repository' to be more verbose
* Removes logic from Jwt and handle different scenarios on Gitlab::AuthMayra Cabrera2018-04-061-2/+2
| | | | | | | - When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token
* Fix N+1 in MergeRequestParserSean McGivern2018-04-051-6/+6
| | | | | | | | read_project can be prevented by a very expensive condition, which we want to avoid, while still not writing manual SQL queries. read_project_for_iids is used by read_issue_iid and read_merge_request_iid to satisfy both of those constraints, and allow the declarative policy runner to use its normal caching strategy.
* Revert exploratory branch restriction policyjej/add-protected-branch-policyJames Edwards-Jones2018-03-261-44/+6
|
* DestroyService for protected tags/branches used from controllerJames Edwards-Jones2018-03-261-1/+1
|
* Branch unprotection restriction starting pointJames Edwards-Jones2018-03-261-0/+60
| | | | Explored Policy framework to create something I can use as a starting point.
* Limit queries to a user-branch combinationBob Van Landuyt2018-03-071-1/+1
| | | | | The query becomes a lot simpler if we can check the branch name as well instead of having to load all branch names.
* Allow abilities on forks while MR is openBob Van Landuyt2018-03-071-0/+37
| | | | | | | | When an MR is created using `allow_maintainer_to_push`, we enable some abilities while the MR is open. This should allow every user with developer abilities on the target project, to push to the source project.
* Port `read_cross_project` ability from EEBob Van Landuyt2018-02-222-47/+49
|
* Merge branch ↵Douwe Maan2018-02-092-0/+2
| | | | | | 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4' [Port for security-10-4]: Makes SnippetFinder ensure feature visibility
* Merge branch '35285-user-interface-bugs-for-schedule-pipelines' into 'master'Rémy Coutable2018-02-011-0/+14
|\ | | | | | | | | | | | | Hide pipeline schedule 'take ownership' for current owner Closes #35285 See merge request gitlab-org/gitlab-ce!12986
| * Hide pipeline schedule 'take ownership' for current ownerMark Fletcher2018-02-011-0/+14
| |
* | Make user/author use project.creator in most factoriesRémy Coutable2018-01-311-1/+1
|/ | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Replace '.team << [user, role]' with 'add_role(user)' in specs36782-replace-team-user-role-with-add_role-user-in-specsblackst0ne2017-12-224-16/+16
|
* Refactor common protected ref checkStan Hu2017-12-121-0/+92
|
* Support uploads for groupsJarka Kadlecova2017-12-071-12/+15
|
* Update policies unit testsTomasz Maczukin2017-11-272-14/+37
| | | | | This commit also makes spec/policies/namespace_policy_spec.rb file to be compatible with the same file in GitLab EE.
* Improve specShinya Maeda2017-11-071-9/+27
|
* Merge branch 'master' into fix/sm/31771-do-not-allow-jobs-to-be-erased-newShinya Maeda2017-11-071-3/+3
|\
| * specs for policies.Shinya Maeda2017-10-311-3/+3
| |
* | Add doc. Fix spec. Add erase_build in protected_ref ruleShinya Maeda2017-11-071-11/+29
| |
* | Fix spec. Revert update check.Shinya Maeda2017-11-061-6/+5
| |
* | Do not allow jobs to be erasedShinya Maeda2017-11-061-0/+42
|/
* Merge branch ↵Kamil Trzciński2017-10-061-0/+28
|\ | | | | | | | | | | | | | | | | 'feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service' into 'master' Create Kubernetes cluster on GKE from k8s service Closes #35954 See merge request gitlab-org/gitlab-ce!14470
| * authorizations_controller_spec. cluster_policy_spec.Shinya Maeda2017-10-051-0/+28
| |
* | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into ↵Jarka Kadlecova2017-10-032-0/+57
|\ \ | |/ | | | | | | | | | | 18608-lock-issues-v2 # Conflicts: # db/schema.rb
| * moved fork checks into policiesfork-btn-enabled-user-groupsPhil Hughes2017-09-292-0/+43
| |
| * Support custom attributes on usersMarkus Koller2017-09-281-0/+14
| |
* | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into 18608-lock-issuesJarka Kadlecova2017-09-251-47/+86
|\ \ | |/ | | | | | | # Conflicts: # app/assets/javascripts/notes/components/issue_comment_form.vue
| * Refactor spec/policies/project_policy_spec.rb to minimize the diff with EErc/refactor-project_policy_spec-ceRémy Coutable2017-09-221-47/+86
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Merge remote-tracking branch 'origin/master' into 18608-lock-issuesLuke "Jared" Bennett2017-09-202-4/+18
|\ \ | |/
| * Allow DEVELOPER role to admin milestonesissue_32215Felipe Artur2017-09-182-4/+18
| |
* | Create system notes for MR too, improve doc + clean up codeJarka Kadlecova2017-09-142-4/+21
| |
View Lorry Controller Status