- 12 Aug, 2016 1 commit
-
-
Paco Guzman authored
We’re being kept up to date the counter data but we’re not using it. The only thing which is not real if is the number of projects that the user read changes the number of todos can be stale for some time. The counters will be sync just after the user receives a new todo or mark any as done
-
- 12 Jul, 2016 1 commit
-
-
Paco Guzman authored
-
- 24 Jun, 2016 1 commit
-
-
Rémy Coutable authored
The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 17 Jun, 2016 2 commits
-
-
Douglas Barbosa Alexandre authored
-
Paco Guzman authored
- As todos are created/updated inside the TodoService we repopulate the cache just there for both pending/done todos - Todos as mark as done from the TodosController we update cache there too - All the added methods are kept in the User class for cohesion
-
- 03 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
- 10 May, 2016 1 commit
-
-
Sean McGivern authored
`User#starred_projects` doesn't perform any visibility checks. This has a couple of problems: 1. It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.). 2. It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen. Add `User#viewable_starred_projects` to filter the starred projects by those the user either has explicit access to, or are public or internal. Then use that in all places where we list the user's starred projects.
-
- 03 May, 2016 1 commit
-
-
Alfredo Sumaran authored
-
- 01 Apr, 2016 1 commit
-
-
Alfredo Sumaran authored
-
- 30 Mar, 2016 1 commit
-
-
Alfredo Sumaran authored
-
- 23 Mar, 2016 3 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
-
Rémy Coutable authored
-
- 19 Mar, 2016 1 commit
-
-
Robert Speicher authored
-
- 18 Mar, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 17 Mar, 2016 3 commits
-
-
Phil Hughes authored
-
Phil Hughes authored
Removes the group if empty
-
Jacob Schatz authored
Fixes #13656 A good first step and boring solution.
-
- 16 Mar, 2016 1 commit
-
-
Mehmet Emin İNAÇ authored
`render nothing: true` has been deprecated. For more information see [pr](https://github.com/rails/rails/pull/20336)
-
- 10 Mar, 2016 1 commit
-
-
Josh Frye authored
-
- 04 Mar, 2016 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 03 Mar, 2016 3 commits
-
-
Dmitriy Zaporozhets authored
This reverts commit 617bb109.
-
Dmitriy Zaporozhets authored
This reverts commit 70d64552.
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 02 Mar, 2016 1 commit
-
-
Rémy Coutable authored
-
- 23 Feb, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 21 Feb, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 20 Feb, 2016 9 commits
-
-
Douwe Maan authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
- 09 Feb, 2016 2 commits
- 05 Feb, 2016 1 commit
-
-
Josh Frye authored
-