- 30 May, 2016 2 commits
-
-
Connor Shea authored
attr_encrypted (1.3.4 => 3.0.1) Changelog: https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m d attr_encrypted 2.x included a vulnerability, so that major version is skipped. 3.x requires that the algorithm and mode used by each encrypted attribute is specified explicitly. `nil` is no longer a valid value for the encrypted_value_iv field, so it’s changed to a randomly generated string.
-
Connor Shea authored
Devise (3.5.4 => 4.1.1) Changelog: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md devise-two-factor (2.0.1 => 3.0.0) Changelog: https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md These are reliant on each other, so they have to be upgraded together. devise-async is no longer necessary as Devise 4.1 fixes a bug with the ActiveJob integration.
-
- 20 May, 2016 1 commit
-
-
Long Nguyen authored
-
- 19 May, 2016 2 commits
-
-
Felipe Artur authored
-
Stan Hu authored
This reverts merge request !3647
-
- 18 May, 2016 4 commits
-
-
Rémy Coutable authored
These methods seems to be unused. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
- 16 May, 2016 3 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
- 14 May, 2016 1 commit
-
-
Long Nguyen authored
-
- 11 May, 2016 1 commit
-
-
Sean McGivern authored
-
- 10 May, 2016 1 commit
-
-
Sean McGivern authored
`User#starred_projects` doesn't perform any visibility checks. This has a couple of problems: 1. It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.). 2. It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen. Add `User#viewable_starred_projects` to filter the starred projects by those the user either has explicit access to, or are public or internal. Then use that in all places where we list the user's starred projects.
-
- 09 May, 2016 1 commit
-
-
Jeroen van Baarsen authored
In 8278b763 the default behaviour of annotation has changes, which was causing a lot of noise in diffs. We decided in #17382 that it is better to get rid of the whole annotate gem, and instead let people look at schema.rb for the columns in a table. Fixes: #17382
-
- 06 May, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 04 May, 2016 1 commit
-
-
Jakub Jirutka authored
Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case.
-
- 03 May, 2016 1 commit
-
-
Connor Shea authored
This reverts commit 1cc614f2. It was causing the ActiveJob integration to fail, so unfortunately we'll have to add the gem again.
-
- 26 Apr, 2016 1 commit
-
-
Connor Shea authored
The extra gem isn’t necessary anymore since Rails 4.2 has ActiveJob integration. Resolves #15575.
-
- 19 Apr, 2016 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 18 Apr, 2016 2 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
- 11 Apr, 2016 1 commit
-
-
P.S.V.R authored
send_devise_notification pre-maturely enqueued the task when the user instance has not yet been committed into the database, causing a record-not-found in the other sidekiq process. devise-async has already been taking care of asynchronous mail sending, we just need to run it inside queue `mailers` instead of `mailer` to enable it.
-
- 08 Apr, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 31 Mar, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 30 Mar, 2016 3 commits
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
* visiting project will create notification setting if missing * change notification setting per project even without membership * use notification settings instead of membership on profile page Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 24 Mar, 2016 1 commit
-
-
Elias Werberich authored
Fixes #14585.
-
- 19 Mar, 2016 2 commits
-
-
Zeger-Jan van de Weg authored
-
Zeger-Jan van de Weg authored
-
- 17 Mar, 2016 1 commit
-
-
Grzegorz Bizon authored
This also refactores ProjectSelect adding some decorator-like functions.
-
- 15 Mar, 2016 1 commit
-
-
Rémy Coutable authored
This reverts commit 01160fc0, reversing changes made to 4bff9daf.
-
- 13 Mar, 2016 2 commits
-
-
Zeger-Jan van de Weg authored
Also incorporates the review into this, mainly spec changes.
-
Zeger-Jan van de Weg authored
The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
-
- 12 Mar, 2016 1 commit
-
-
Yorick Peterse authored
GitLab EE adds an extra relation that selects a "project_id" column instead of an "id" column, making it very hard for this method to be re-used in EE. Since using User#authorized_groups in ProjectsFinder#all_groups apparently has no performance impact we can just use it and keep everything compatible with EE.
-
- 11 Mar, 2016 3 commits
-
-
Yorick Peterse authored
We can just use "arel_table" in these cases instead of "SomeClass.arel_table".
-
Yorick Peterse authored
We don't need the extra layer of nesting of UNION queries here (as User#authorized_projects already returns a UNION'd query).
-
Yorick Peterse authored
-