BigW Consortium Gitlab

  1. 05 May, 2017 1 commit
  2. 02 May, 2017 1 commit
  3. 05 Apr, 2017 7 commits
  4. 01 Mar, 2017 1 commit
  5. 28 Feb, 2017 1 commit
  6. 08 Feb, 2017 1 commit
  7. 11 Jan, 2017 1 commit
  8. 15 Dec, 2016 1 commit
    • Merge branch 'jej-note-search-uses-finder' into 'security' · 12db4cc0
      Douwe Maan authored
      Fix missing Note access checks in by moving Note#search to updated NoteFinder
      
      Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
      
      ## Which fixes are in this MR?
      
      :warning: - Potentially untested  
      :bomb: - No test coverage  
      :traffic_light: - Test coverage of some sort exists (a test failed when error raised)  
      :vertical_traffic_light: - Test coverage of return value (a test failed when nil used)  
      :white_check_mark: - Permissions check tested
      
      ### Note lookup without access check
      
      - [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check
      - [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder`
      - [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`]
      - [x] :white_check_mark: lib/gitlab/project_search_results.rb:113
        - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`.
        - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked.
      
      ### Previous discussions
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used
        - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223
      
      ###  Acceptance criteria met?
      - [x] Tests added for new code
      - [x] TODO comments removed
      - [x] Squashed and removed skipped tests
      - [x] Changelog entry
      - [ ] State Gitlab versions affected and issue severity in description
      - [ ] Create technical debt issue for NotesFinder.
        - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two.
        - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)`
        - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes`
      
      See merge request !2035
  9. 24 Nov, 2016 1 commit
  10. 19 Nov, 2016 1 commit
  11. 16 Aug, 2016 1 commit
  12. 12 Aug, 2016 2 commits
    • Support slash commands in noteable description and notes · 0eea8c88
      Rémy Coutable authored
      Some important things to note:
      
      - commands are removed from noteable.description / note.note
      - commands are translated to params so that they are treated as normal
        params in noteable Creation services
      - the logic is not in the models but in the Creation services, which is
        the right place for advanced logic that has nothing to do with what
        models should be responsible of!
      - UI/JS needs to be updated to handle notes which consist of commands
        only
      - the `/merge` command is not handled yet
      
      Other improvements:
      
      - Don't process commands in commit notes and display a flash is note is only commands
      - Add autocomplete for slash commands
      - Add description and params to slash command DSL methods
      - Ensure replying by email with a commands-only note works
      - Use :subscription_event instead of calling noteable.subscribe
      - Support :todo_event in IssuableBaseService
      Signed-off-by: 's avatarRémy Coutable <remy@rymai.me>
  13. 04 Aug, 2016 1 commit
  14. 29 Jul, 2016 3 commits
  15. 27 Jul, 2016 1 commit
  16. 26 Jul, 2016 2 commits
  17. 24 Jul, 2016 3 commits
  18. 20 Jul, 2016 1 commit
  19. 06 Jul, 2016 1 commit
  20. 24 Jun, 2016 1 commit
    • Support for rendering/redacting multiple documents · d470f3d1
      Yorick Peterse authored
      This commit changes the way certain documents are rendered (currently
      only Notes) and how documents are redacted. Previously both rendering
      and redacting would run on a per document basis. The result of this was
      that for every document we'd have to run countless queries just to
      figure out if we could display a set of links or not.
      
      This commit changes things around so that redacting Markdown documents
      is no longer tied into the html-pipeline Gem. This in turn allows it to
      redact multiple documents in a single pass, thus reducing the number of
      queries needed.
      
      In turn rendering issue/merge request notes has been adjusted to take
      advantage of this new setup. Instead of rendering Markdown somewhere
      deep down in a view the Markdown is rendered and redacted in the
      controller (taking the current user and all that into account). This has
      been done in such a way that the "markdown()" helper method can still be
      used on its own.
      
      This particular commit also paves the way for caching rendered HTML on
      object level. Right now there's an accessor method Note#note_html which
      is used for setting/getting the rendered HTML. Once we cache HTML on row
      level we can simply change this field to be a column and call a "save"
      whenever needed and we're pretty much done.
  21. 06 Jun, 2016 1 commit
  22. 03 Jun, 2016 2 commits
  23. 18 May, 2016 1 commit
  24. 13 May, 2016 1 commit
  25. 10 May, 2016 1 commit
  26. 06 May, 2016 1 commit
  27. 12 Apr, 2016 1 commit