BigW Consortium Gitlab

  1. 07 Nov, 2016 1 commit
    • Add User#projects_with_reporter_access_limited_to · 467b346f
      Yorick Peterse authored
      This method can be used to retrieve a list of projects for a user that
      said user has reporter access to. This list is then be reduced down to
      a specific set of projects. This allows you to reduce a list of projects
      to a list of projects you have reporter access to in an efficient
      manner.
  2. 04 Nov, 2016 1 commit
  3. 01 Nov, 2016 1 commit
    • Allow to search for user by secondary email address in the admin interface · f8530580
      Yar authored
      It is not possible to search for a user by his secondary email address in
      the Users search bar in the admin interface(/admin/users). A use-case could
       be that an admin wants to remove a specific secondary email address of an
      user, because it interferes with another user. Issue #23761
      
      This commit adds ability to search not only by main email, but also
      by any secondary email in the admin interface.
  4. 24 Oct, 2016 1 commit
  5. 05 Oct, 2016 1 commit
    • Refactor Gitlab::Identifier · 16ed9b61
      Yorick Peterse authored
      This refactors Gitlab::Identifier so it uses fewer queries and is
      actually tested. Queries are reduced by caching the output as well as
      using 1 query (instead of 2) to find a user using an SSH key.
  6. 01 Sep, 2016 1 commit
  7. 24 Aug, 2016 1 commit
  8. 17 Aug, 2016 1 commit
  9. 12 Aug, 2016 1 commit
  10. 09 Aug, 2016 1 commit
  11. 04 Aug, 2016 1 commit
  12. 02 Aug, 2016 1 commit
  13. 19 Jul, 2016 1 commit
  14. 18 Jul, 2016 4 commits
  15. 15 Jul, 2016 1 commit
  16. 12 Jul, 2016 1 commit
  17. 07 Jul, 2016 1 commit
    • Added setting to set new users by default as external · a0a9494e
      Dravere authored
      As requested by the issue #14508 this adds an option in the application
      settings to set newly registered users by default as external. The
      default setting is set to false to stay backward compatible.
  18. 24 Jun, 2016 1 commit
    • Fix an information disclosure when requesting access to a group containing private projects · aec3475d
      Rémy Coutable authored
      The issue was with the `User#groups` and `User#projects` associations
      which goes through the `User#group_members` and `User#project_members`.
      
      Initially I chose to use a secure approach by storing the requester's
      user ID in `Member#created_by_id` instead of `Member#user_id` because I
      was aware that there was a security risk since I didn't know the
      codebase well enough.
      
      Then during the review, we decided to change that and directly store the
      requester's user ID into `Member#user_id` (for the sake of simplifying
      the code I believe), meaning that every `group_members` / `project_members`
      association would include the requesters by default...
      
      My bad for not checking that all the `group_members` / `project_members`
      associations and the ones that go through them (e.g. `Group#users` and
      `Project#users`) were made safe with the `where(requested_at: nil)` /
      `where(members: { requested_at: nil })` scopes.
      
      Now they are all secure.
      Signed-off-by: 's avatarRémy Coutable <remy@rymai.me>
  19. 07 Jun, 2016 8 commits
  20. 06 Jun, 2016 1 commit
    • Add a `U2fRegistrations` table/model. · 791cc913
      Timothy Andrew authored
      - To hold registrations from U2F devices, and to authenticate them.
      - Previously, `User#two_factor_enabled` was aliased to the
        `otp_required_for_login` column on `users`.
      - This commit changes things a bit:
          - `User#two_factor_enabled` is not a method anymore
          - `User#two_factor_enabled?` checks both the
            `otp_required_for_login` column, as well as `U2fRegistration`s
          - Change all instances of `User#two_factor_enabled` to
            `User#two_factor_enabled?`
      - Add the `u2f` gem, and implement registration/authentication at the
        model level.
  21. 03 Jun, 2016 2 commits
  22. 28 May, 2016 1 commit
  23. 16 May, 2016 1 commit
  24. 11 May, 2016 1 commit
  25. 10 May, 2016 2 commits
    • Restrict starred projects to viewable ones · 97424ea5
      Sean McGivern authored
      `User#starred_projects` doesn't perform any visibility checks. This has
      a couple of problems:
      
      1. It assumes a user can always view all of their starred projects in
         perpetuity (project not changed to private, access revoked, etc.).
      2. It assumes that we'll only ever allow a user to star a project they
         can view. This is currently the case, but bugs happen.
      
      Add `User#viewable_starred_projects` to filter the starred projects by
      those the user either has explicit access to, or are public or
      internal. Then use that in all places where we list the user's starred
      projects.
  26. 09 May, 2016 1 commit
    • Remove the annotate gem and delete old annotations · f1479b56
      Jeroen van Baarsen authored
      In 8278b763 the default behaviour of annotation
      has changes, which was causing a lot of noise in diffs. We decided in #17382
      that it is better to get rid of the whole annotate gem, and instead let people
      look at schema.rb for the columns in a table.
      
      Fixes: #17382
  27. 31 Mar, 2016 1 commit
  28. 15 Mar, 2016 1 commit