- 15 Jun, 2017 1 commit
-
-
Toon Claes authored
When a user is authorized to a group, they are also authorized to see all the ancestor groups and descendant groups. When a user is authorized to a project, they are authorized to see all the ancestor groups too. Closes #32135 See merge request !11764
-
- 19 May, 2017 1 commit
-
-
Michael Kozono authored
In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change: When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.
-
- 18 May, 2017 2 commits
-
-
Michael Kozono authored
Don’t replace a substring of the path if it is part of the top level route. E.g. When redirecting from `/groups/ups` to `/groups/foo`, be careful not to do `/grofoo/ups`. Projects are unaffected by this issue, but I am grouping the `#ensure_canonical_path` tests similar to the group and user tests.
-
Michael Kozono authored
-
- 17 May, 2017 1 commit
-
-
Yorick Peterse authored
This hides/disables some UI elements and API parameters related to nested groups when MySQL is used, since nested groups are not supported for MySQL.
-
- 11 May, 2017 1 commit
-
-
Michael Kozono authored
-
- 10 May, 2017 2 commits
-
-
Rémy Coutable authored
Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Use GroupsFinder to find subgroups the user has access to See merge request !2096
-
- 05 May, 2017 4 commits
-
-
Michael Kozono authored
-
Michael Kozono authored
-
Michael Kozono authored
-
Michael Kozono authored
-
- 25 Jan, 2017 1 commit
-
-
Robert Speicher authored
-
- 21 Dec, 2016 1 commit
-
-
James Lopez authored
-
- 20 Dec, 2016 1 commit
-
-
James Lopez authored
-
- 15 Aug, 2016 1 commit
-
-
Kamil Trzcinski authored
-
- 11 Aug, 2016 1 commit
-
-
Stan Hu authored
There is a race condition in DestroyGroupService now that projects are deleted asynchronously: 1. User attempts to delete group 2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project 3. DestroyGroupService destroys the Group, leaving all its projects without a namespace 4. Projects::DestroyService runs later but the can?(current_user, :remove_project) is `false` because the user no longer has permission to destroy projects with no namespace. 5. This leaves the project in pending_delete state with no namespace/group. Projects without a namespace or group also adds another problem: it's not possible to destroy the container registry tags, since container_registry_path_with_namespace is the wrong value. The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService. Closes #17893
-
- 01 Jun, 2016 1 commit
-
-
Z.J. van de Weg authored
-
- 06 May, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 21 Mar, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
The `non_archived` scope applied here https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/controllers/conc erns/issues_action.rb#L5 overrides the previous `ORDER BY` applied inside the IssuesFinder, with the default scope of the Project model, resulting in SQL errors.
-
- 20 Mar, 2016 1 commit
-
-
Douwe Maan authored
-
- 10 Mar, 2016 2 commits
-
-
Felipe Artur authored
Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements
-
Felipe Artur authored
-
- 24 Jan, 2016 1 commit
-
-
Robert Speicher authored
The route is supposed to redirect the Groups#index request based on whether or not a user was logged in. If they are, we redirect them to their groups dashboard; if they're not, we redirect them to the public Explore page. But due to overly aggressive `before_action`s that weren't excluding the `index` action, the request always resulted in a 404, whether a user was logged in or not. Closes #12660
-