| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Hide project variables values by default
Add a button to reveal/hide the values to help prevent accidental disclosure of sensitive information from wandering on a page.
Closes #21358
See merge request !7731
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
into 'master'
Add diff hunks to notification emails
Add diff hunks to notification emails. Continued from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5855 - thanks @hoopes!
This also fixes an issue where the + / - prefixes were missing from diffs in emails.
Screenshots (from my browser) of the HTML emails, along with text screenshots :stuck_out_tongue:
```
New comment for Merge Request !1 on app/views/admin/builds/index.html.haml:
http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1023
> Finished
This is a comment at the top of a match section.
```
```
New comment for Merge Request !1 on app/views/admin/builds/index.html.haml:
http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1022
> Finished
> %span.badge.js-running-count= @all_builds.finished.count(:id)
>
> - %li{class: ('active' if @scope == 'all')}
> - = link_to admin_builds_path(scope: :all) do
> - All
> - %span.badge.js-totalbuilds-count= @all_builds.count(:id)
> -
> .gray-content-block
> #{(@scope || 'running').capitalize} builds
>
This is a comment at the bottom of a match section.
```
```
New comment for Merge Request !1 on app/views/admin/builds/index.html.haml:
http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1024
> = link_to 'Cancel all', cancel_all_admin_builds_path, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post
>
> %ul.center-top-menu
> - %li{class: ('active' if @scope.nil?)}
> + %li{class: ('active' if @scope == 'all')}
> = link_to admin_builds_path do
> + All
This is a comment with some deleted and added lines above it.
```
Closes #21027, closes #24340.
See merge request !7660
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* Added keyword arguments to truncated_diff_lines method to allow for using highlighting or not (html templates vs. text)
* Tweaked templates for consistency and format appropriateness
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Previously the `truncated_diff_lines` method for outputting a discussion diff took in already highlighted lines, which meant it wasn't reuseable for truncating ANY lines. In the way it was used, it also meant that for any email truncation, the whole diff was being highlighted before being truncated, meaning wasted time highlighting lines that wouldn't even be used (granted, they were being memoized, so perhaps this wasn't that great of an issue). I refactored truncation away from highlighting, in order to truncate formatted diffs for text templates in email, using `>`s to designate each line, but otherwise retaining the parsing already done to create `diff_lines`.
Additionally, while notes on merge requests or commits had already been tested, there was no existing test for notes on a diff on an MR or commit. Added mailer tests for such, and a unit test for truncating diff lines.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently comments on commits and merge requests do not require merge request- or commit-specific information, but can use the same template. Rather than change the method which calls the template, I opted to keep the templates separate and create a new template to highlight their identicality, while preserving the option to distinguish them from each other in the future.
Also removed some of the inconsistencies between text and html email versions.
Still needed is a text-only version of git diffs and testing.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Added diff hunks to notification emails of messages on merge requests. This
provides code context to the note. Uses existing template for formatting
a diff for email (from repository push notifications).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replace issue access checks with use of IssuableFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
## Which fixes are in this MR?
:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested
### Issue lookup with access check
Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells).
- [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`]
- [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`]
- [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`]
- [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`]
- CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone
- [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too?
- [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`]
### Previous discussions
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87
See merge request !2031
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix missing access checks on issue lookup using IssuableFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested
- [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39
- `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
confidential issues, issues only visible to team, etc.
- [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19
- [x] Potential double render in app/controllers/projects/todos_controller.rb
- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24
See merge request !2030
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix information disclosure in `Projects::BlobController#update`
It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
- [x] Added for this feature/bug
- [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
https://gitlab.com/gitlab-org/gitlab-ce/issues/22869
See merge request !2023
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix label creation non members
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416
See merge request !2006
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ensure user is authenticated to create a new snippet
Closes #25026
See merge request !7786
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Replace static fixture for zen_mode_spec
## What does this MR do?
Replace `zen_mode.html.haml` for `zen_mode_spec.js` by already existing dynamically generated fixture.
## What are the relevant issue numbers?
#24753
See merge request !7686
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add `.find` poly
## What does this MR do?
Adds `[].find()` poly
## Are there points in the code the reviewer needs to double check?
## Why was this MR needed?
## Screenshots (if relevant)
## Does this MR meet the acceptance criteria?
- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
See merge request !7710
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Create dynamic fixture for build_spec
## What does this MR do?
Replace `spec/javascripts/fixtures/build.html.haml` by a dynamically created fixture (using `rake teaspoon:fixtures`).
## Why was this MR needed?
The existing fixture was not representing the real page.
## What are the relevant issue numbers?
#24614 would have been avoided
following !6059
See merge request !7589
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
'24813-project-members-with-developer-access-can-no-longer-create-tags' into 'master'
Create tag after running pre-hooks and pass updated SHA to post-hooks
Closes #24813
See merge request !7700
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We only know the tag SHA after we create the tag.
This means that we pass a different value to the hooks that happen before
creating the tag, and a different value to the hooks that happen after
creating the tag.
This is not an ideal situation, but it is a trade-off we decided to
make. For discussion of the alternatives please refer to
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7700#note_18982873
"pre-receive" and "update" hooks always get the SHA of the commit
that the tag points to. "post-receive" gets the tag SHA if it is
an annotated tag or the commit SHA if it is an lightweight tag.
Currently we always create annotated tags if UI is used.
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This reverts commit ae51774bc45d2e15ccc61b01a30d1b588f179f85.
|
| |\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
'24860-actionview-template-error-undefined-method-size-for-nil-nilclass' into 'master'
Prevent error when submitting a merge request and pipeline is not defined
Closes #24860
See merge request !7707
|
| | |/ / / / / / |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Refactor issuable_filters_present to reduce duplications
See https://gitlab.com/gitlab-org/gitlab-ce/issues/23546
See merge request !7776
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
https://gitlab.com/gitlab-org/gitlab-ce/issues/23546
|
| |\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Pass `--load-images=no` to PhantomJS via Capybara/Poltergeist
We were unintentionally hitting `gravatar.com` whenever a test that used
Poltergeist was run. This was certainly wasting their resources and
slowing down our tests even further, for no reason.
Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899
See merge request !7781
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We were unintentionally hitting `gravatar.com` whenever a test that used
Poltergeist was run. This was certainly wasting their resources and
slowing down our tests even further, for no reason.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Speed up Project security access specs
Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.
Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.
Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899
See merge request !7779
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.
Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix a broken link and avoid potential creation of future broken links on the help page.
See merge request !7582
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The links in the help page may be modified. This new test checks that
URLs in this page are absolute and do not depend on the presence of a
trailing slash in the URL.
Signed-off-by: David Wagner <david@marvid.fr>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
An external link was recently added but was broken because
'https://gitlab.com/help/' was prepended to every link in the page.
Since no link in the main help readme begins with "help" and since doing
so wouldn't make sense, the substitution conditionaly prepending "help"
can be simplified and reused.
Signed-off-by: David Wagner <david@marvid.fr>
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Refresh project authorizations using a Redis lease
This MR changes `User#refresh_authorized_projects` so it uses a Redis lease instead of relying on serializable transactions. See the commit message(s) for more details.
See merge request !7733
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
When I proposed using serializable transactions I was hoping we would be
able to refresh data of individual users concurrently. Unfortunately
upon closer inspection it was revealed this was not the case. This could
result in a lot of queries failing due to serialization errors,
overloading the database in the process (given enough workers trying to
update the target table).
To work around this we're now using a Redis lease that is cancelled upon
completion. This ensures we can update the data of different users
concurrently without overloading the database.
The code will try to obtain the lease until it succeeds, waiting at
least 1 second between retries. This is necessary as we may otherwise
end up _not_ updating the data which is not an option.
|
| |\ \ \ \ \ \ \ \ \
| |_|_|/ / / / / /
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Remove caching of events data
This MR removes the caching of events data as this was deemed unnecessary while increasing load on the database. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6578#note_18864037 and 5371da341e9d7768ebab8e159b3e2cc8fad1d827 for more information.
See merge request !6578
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
With events no longer being cached this is no longer needed.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Expose coverage on GET pipelines/:id
Closes gitlab-org/gitlab-ce#24801
See merge request !7670
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The coverage wasn't exposed yet, now it is but only for detailed
requests to save queries on the database.
|
| |\ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / / /
|/| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Fix: Timeout creating and viewing merge request for binary file
See merge request !7713
|
