- 25 Apr, 2017 1 commit
-
-
Timothy Andrew authored
- To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
-
- 21 Apr, 2017 1 commit
-
-
Jacopo authored
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs. Removed unnecessary usage of `api:true`
-
- 18 Apr, 2017 1 commit
-
-
Robin Bobbitt authored
-
- 14 Apr, 2017 2 commits
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Sean McGivern authored
CE port of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/962
-
- 02 Apr, 2017 1 commit
-
-
Stan Hu authored
-
- 06 Mar, 2017 2 commits
-
-
Tiago Botelho authored
-
Adam Niedzielski authored
-
- 01 Mar, 2017 1 commit
-
-
Tiago Botelho authored
-
- 28 Feb, 2017 5 commits
-
-
Tiago Botelho authored
-
Tiago Botelho authored
refactors documentation and personal access tokens form to not allow admins to generate non impersionation tokens
-
Simon Vocella authored
-
Simon Vocella authored
-
Robert Schilling authored
-
- 23 Feb, 2017 2 commits
-
-
Douwe Maan authored
This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
-
Douwe Maan authored
-
- 20 Feb, 2017 2 commits
-
-
Robert Schilling authored
-
Robert Schilling authored
-
- 16 Feb, 2017 2 commits
-
-
Robert Schilling authored
-
Robert Schilling authored
-
- 09 Feb, 2017 1 commit
-
-
Joost Rijneveld authored
-
- 02 Feb, 2017 2 commits
-
-
George Andrinopoulos authored
-
George Andrinopoulos authored
-
- 11 Jan, 2017 1 commit
-
-
Mark Fletcher authored
-
- 04 Jan, 2017 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 03 Jan, 2017 1 commit
-
-
Robert Schilling authored
-
- 12 Dec, 2016 1 commit
-
-
Rémy Coutable authored
The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 07 Dec, 2016 1 commit
-
-
tiagonbotelho authored
-
- 28 Nov, 2016 1 commit
-
-
Livier authored
Restore changes for api spec files Fix error in rspec Users Delete extra space Repositories-spec
-
- 21 Nov, 2016 1 commit
-
-
Robert Schilling authored
-
- 08 Nov, 2016 1 commit
-
-
Yatish Mehta authored
-
- 24 Oct, 2016 3 commits
-
-
Airat Shigapov authored
Make events order spec deterministic, create only 3 record instead of 5, explicitely check for events order
-
Airat Shigapov authored
-
Airat Shigapov authored
-
- 21 Oct, 2016 1 commit
-
-
Airat Shigapov authored
-
- 11 Oct, 2016 2 commits
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 10 Oct, 2016 3 commits
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-