- 02 Aug, 2016 1 commit
-
-
Elias Werberich authored
-
- 14 Jul, 2016 1 commit
-
-
Alfredo Sumaran authored
-
- 08 Jul, 2016 2 commits
-
-
Andrey Krivko authored
-
Robert Speicher authored
This reverts commit bf2a86b7.
-
- 07 Jul, 2016 3 commits
-
-
Robert Speicher authored
This reverts commit 68155ee7, reversing changes made to 7ebd011e.
-
Alfredo Sumaran authored
-
Alfredo Sumaran authored
-
- 30 Jun, 2016 1 commit
-
-
Valery Sizov authored
-
- 24 Jun, 2016 1 commit
-
-
Rémy Coutable authored
The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 16 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 13e37a3e.
-
James Lopez authored
-
- 15 Jun, 2016 1 commit
-
-
Annabel Dunstone authored
-
- 14 Jun, 2016 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 04 May, 2016 1 commit
-
-
Annabel Dunstone authored
-
- 20 Apr, 2016 1 commit
-
-
Arinde Eniola authored
-
- 05 Apr, 2016 1 commit
-
-
Robert Speicher authored
- Some views had a "Close" button. We've removed this, because we don't want users accidentally hiding the validation errors and not knowing what needs to be fixed. - Some views used `li`, some used `p`, some used `span`. We've standardized on `li`. - Some views only showed the first error. We've standardized on showing all of them. - Some views added an `#error_explanation` div, which we've made standard.
-
- 14 Mar, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 13 Mar, 2016 2 commits
-
-
Zeger-Jan van de Weg authored
Also incorporates the review into this, mainly spec changes.
-
Zeger-Jan van de Weg authored
The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
-
- 03 Mar, 2016 1 commit
-
-
Robert Speicher authored
-
- 28 Jan, 2016 1 commit
-
-
Phil Hughes authored
Closes #12796
-
- 14 Jan, 2016 1 commit
-
-
Gabriel Mazetto authored
-
- 13 Jan, 2016 2 commits
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 12 Jan, 2016 1 commit
-
-
Stan Hu authored
This would help admins figure out from where spam is originating.
-
- 11 Jan, 2016 1 commit
-
-
Drew Blessing authored
-
- 08 Jan, 2016 2 commits
-
-
Gabriel Mazetto authored
-
Robert Speicher authored
-
- 07 Jan, 2016 1 commit
-
-
Robert Speicher authored
Closes #5908
-
- 01 Jan, 2016 1 commit
-
-
Robert Speicher authored
-
- 02 Dec, 2015 2 commits
-
-
Douwe Maan authored
-
Andrew Tomaka authored
-
- 25 Nov, 2015 1 commit
-
- 17 Nov, 2015 1 commit
-
-
Alex Jordan authored
-
- 29 Oct, 2015 1 commit
-
-
James Newton authored
Modifies the existing "login as" feature to be called impersonation, as well as keeping track of who is impersonating to revert back to that user without having to log out.
-
- 16 Oct, 2015 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 15 Oct, 2015 1 commit
-
-
Yorick Peterse authored
This removes the need for running an extra SQL query in these cases.
-
- 12 Oct, 2015 1 commit
-
-
Valery Sizov authored
-
- 10 Oct, 2015 1 commit
-
-
Jerry Lukins authored
-
- 24 Sep, 2015 1 commit
-
-
Pavel Forkert authored
-