- 05 May, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 02 May, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 05 Apr, 2017 7 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
- 01 Mar, 2017 1 commit
-
-
Adam Niedzielski authored
-
- 28 Feb, 2017 1 commit
-
-
mhasbini authored
add /award slash command; Allow posting of just an emoji in comment
-
- 08 Feb, 2017 1 commit
-
-
dixpac authored
* Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
-
- 11 Jan, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 15 Dec, 2016 1 commit
-
-
Douwe Maan authored
Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested ### Note lookup without access check - [x] app/finders/notes_finder.rb:13 :download_code check - [x] app/finders/notes_finder.rb:19 `SnippetsFinder` - [x] app/models/note.rb:121 [`Issue#visible_to_user`] - [x] lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
-
- 24 Nov, 2016 1 commit
-
-
Douwe Maan authored
-
- 19 Nov, 2016 1 commit
-
-
Ruben Davila authored
-
- 16 Aug, 2016 1 commit
-
-
Douwe Maan authored
-
- 12 Aug, 2016 2 commits
-
-
Rémy Coutable authored
Some important things to note: - commands are removed from noteable.description / note.note - commands are translated to params so that they are treated as normal params in noteable Creation services - the logic is not in the models but in the Creation services, which is the right place for advanced logic that has nothing to do with what models should be responsible of! - UI/JS needs to be updated to handle notes which consist of commands only - the `/merge` command is not handled yet Other improvements: - Don't process commands in commit notes and display a flash is note is only commands - Add autocomplete for slash commands - Add description and params to slash command DSL methods - Ensure replying by email with a commands-only note works - Use :subscription_event instead of calling noteable.subscribe - Support :todo_event in IssuableBaseService Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
-
- 04 Aug, 2016 1 commit
-
-
Douwe Maan authored
-
- 29 Jul, 2016 3 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
- 27 Jul, 2016 1 commit
-
-
Phil Hughes authored
-
- 26 Jul, 2016 2 commits
-
-
Phil Hughes authored
-
Douwe Maan authored
-
- 24 Jul, 2016 3 commits
-
-
Phil Hughes authored
-
Phil Hughes authored
-
Phil Hughes authored
-
- 20 Jul, 2016 1 commit
-
-
Douwe Maan authored
-
- 06 Jul, 2016 1 commit
-
-
Douwe Maan authored
-
- 24 Jun, 2016 1 commit
-
-
Yorick Peterse authored
This commit changes the way certain documents are rendered (currently only Notes) and how documents are redacted. Previously both rendering and redacting would run on a per document basis. The result of this was that for every document we'd have to run countless queries just to figure out if we could display a set of links or not. This commit changes things around so that redacting Markdown documents is no longer tied into the html-pipeline Gem. This in turn allows it to redact multiple documents in a single pass, thus reducing the number of queries needed. In turn rendering issue/merge request notes has been adjusted to take advantage of this new setup. Instead of rendering Markdown somewhere deep down in a view the Markdown is rendered and redacted in the controller (taking the current user and all that into account). This has been done in such a way that the "markdown()" helper method can still be used on its own. This particular commit also paves the way for caching rendered HTML on object level. Right now there's an accessor method Note#note_html which is used for setting/getting the rendered HTML. Once we cache HTML on row level we can simply change this field to be a column and call a "save" whenever needed and we're pretty much done.
-
- 06 Jun, 2016 1 commit
-
-
ZJ van de Weg authored
-
- 03 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
- 18 May, 2016 1 commit
-
-
ZJ van de Weg authored
-
- 13 May, 2016 1 commit
-
-
Douwe Maan authored
-
- 10 May, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 06 May, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 12 Apr, 2016 1 commit
-
-
Robert Schilling authored
-