BigW Consortium Gitlab

  1. 29 Dec, 2016 1 commit
  2. 23 Dec, 2016 1 commit
  3. 21 Dec, 2016 4 commits
  4. 20 Dec, 2016 4 commits
  5. 19 Dec, 2016 5 commits
  6. 18 Dec, 2016 1 commit
  7. 16 Dec, 2016 1 commit
  8. 15 Dec, 2016 1 commit
    • Merge branch 'jej-note-search-uses-finder' into 'security' · 12db4cc0
      Douwe Maan authored
      Fix missing Note access checks in by moving Note#search to updated NoteFinder
      
      Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
      
      ## Which fixes are in this MR?
      
      :warning: - Potentially untested  
      :bomb: - No test coverage  
      :traffic_light: - Test coverage of some sort exists (a test failed when error raised)  
      :vertical_traffic_light: - Test coverage of return value (a test failed when nil used)  
      :white_check_mark: - Permissions check tested
      
      ### Note lookup without access check
      
      - [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check
      - [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder`
      - [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`]
      - [x] :white_check_mark: lib/gitlab/project_search_results.rb:113
        - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`.
        - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked.
      
      ### Previous discussions
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used
        - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223
      
      ###  Acceptance criteria met?
      - [x] Tests added for new code
      - [x] TODO comments removed
      - [x] Squashed and removed skipped tests
      - [x] Changelog entry
      - [ ] State Gitlab versions affected and issue severity in description
      - [ ] Create technical debt issue for NotesFinder.
        - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two.
        - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)`
        - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes`
      
      See merge request !2035
  9. 12 Dec, 2016 1 commit
  10. 09 Dec, 2016 1 commit
  11. 07 Dec, 2016 1 commit
    • fix: 24982- Remove'Signed in successfully' message · 6ab74b1c
      jnoortheen authored
      After this change the sign-in-success flash message will not be shown
      
      refactor: set flash message to be nil while signing in
      
      test: changed tests to reflect removal of sign-in message
      
      refactor: adding signed_in message back
      
      See Merge Request !7837
      
      issue#24982
  12. 05 Dec, 2016 1 commit
    • Feature: delegate all open discussions to Issue · 1123057a
      Bob Van Landuyt authored
      When a merge request can only be merged when all discussions are
      resolved. This feature allows to easily delegate those discussions to a
      new issue, while marking them as resolved in the merge request.
      
      The user is presented with a new issue, prepared with mentions of all
      unresolved discussions, including the first unresolved note of the
      discussion, time and link to the note.
      
      When the issue is created, the discussions in the merge request will get
      a system note directing the user to the newly created issue.
  13. 01 Dec, 2016 1 commit
  14. 30 Nov, 2016 1 commit
  15. 29 Nov, 2016 4 commits
  16. 28 Nov, 2016 1 commit
  17. 24 Nov, 2016 1 commit
  18. 23 Nov, 2016 1 commit
  19. 22 Nov, 2016 3 commits
  20. 21 Nov, 2016 3 commits
  21. 20 Nov, 2016 1 commit
  22. 18 Nov, 2016 2 commits