- 02 Aug, 2017 1 commit
-
-
Robert Speicher authored
-
- 05 May, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 02 May, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 10 Apr, 2017 1 commit
-
-
Douwe Maan authored
-
- 05 Apr, 2017 4 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
- 13 Mar, 2017 1 commit
-
-
Bob Van Landuyt authored
Delegate a discussion in a merge request into a new issue. The discussion wil be marked as resolved and a system note will be added linking to the newly created issue.
-
- 15 Feb, 2017 1 commit
-
-
Robert Speicher authored
Fix for XSS vulnerability in SVG attachments See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2059
-
- 25 Jan, 2017 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
- 18 Jan, 2017 1 commit
-
-
Jarka Kadlecova authored
-
- 15 Dec, 2016 1 commit
-
-
Douwe Maan authored
Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested ### Note lookup without access check - [x] app/finders/notes_finder.rb:13 :download_code check - [x] app/finders/notes_finder.rb:19 `SnippetsFinder` - [x] app/models/note.rb:121 [`Issue#visible_to_user`] - [x] lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
-
- 06 Sep, 2016 1 commit
-
-
Alejandro Rodríguez authored
Use `update_all` to only require one query per discussion to update the notes resolved status. Some changes had to be made to the discussion spec to accout for the fact that notes are not individually updated now
-
- 06 Jul, 2016 1 commit
-
-
Douwe Maan authored
-
- 03 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
- 29 May, 2016 6 commits
-
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
- 13 May, 2016 1 commit
-
-
Douwe Maan authored
-
- 09 May, 2016 1 commit
-
-
Jeroen van Baarsen authored
In 8278b763 the default behaviour of annotation has changes, which was causing a lot of noise in diffs. We decided in #17382 that it is better to get rid of the whole annotate gem, and instead let people look at schema.rb for the columns in a table. Fixes: #17382
-
- 06 May, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 04 Mar, 2016 1 commit
-
-
Robert Speicher authored
-
- 17 Feb, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 09 Dec, 2015 1 commit
-
-
Stan Hu authored
-
- 06 Sep, 2015 1 commit
-
-
Stan Hu authored
-
- 11 May, 2015 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
There's a lot of code in the Note model that only deals with creating system notes, so we're going to split that into its own class.
-
- 06 Mar, 2015 1 commit
-
-
Stan Hu authored
Supports four different event types all bundled under the "note" event type: - comments on a commit - comments on an issue - comments on a merge request - comments on a code snippet
-
- 25 Aug, 2014 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 01 Aug, 2014 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-