- 03 May, 2017 1 commit
-
-
Mark Fletcher authored
+ Add a partial for displaying user deletion guidance
-
- 06 Apr, 2017 1 commit
-
-
Jose Ivan Vargas Lopez authored
-
- 24 Mar, 2017 1 commit
-
-
Alexander Randa authored
-
- 09 Mar, 2017 1 commit
-
-
http://jneen.net/ authored
and don't offer to impersonate them
-
- 06 Mar, 2017 1 commit
-
-
Tiago Botelho authored
-
- 28 Feb, 2017 2 commits
-
-
Tiago Botelho authored
-
Simon Vocella authored
-
- 24 Feb, 2017 1 commit
-
-
Timothy Andrew authored
- Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
-
- 15 Feb, 2017 1 commit
-
-
Semyon Pupkov authored
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24036
-
- 06 Feb, 2017 3 commits
-
-
Douwe Maan authored
-
Jose Ivan Vargas authored
-
Timothy Andrew authored
-
- 24 Jan, 2017 1 commit
-
-
Kushal Pandya authored
-
- 31 Dec, 2016 1 commit
-
-
Kushal Pandya authored
-
- 29 Dec, 2016 1 commit
-
-
James Gregory authored
-
- 05 Dec, 2016 1 commit
-
-
Annabel Dunstone Gray authored
-
- 02 Dec, 2016 1 commit
-
-
James Gregory authored
-
- 01 Nov, 2016 1 commit
-
-
Yar authored
The parameter is used to search users by several criretia was called :name. This request renames it to :search_query which closer to it actual perpose
-
- 02 Aug, 2016 1 commit
-
-
Elias Werberich authored
-
- 14 Jul, 2016 1 commit
-
-
Alfredo Sumaran authored
-
- 08 Jul, 2016 2 commits
-
-
Andrey Krivko authored
-
Robert Speicher authored
This reverts commit bf2a86b7.
-
- 07 Jul, 2016 3 commits
-
-
Robert Speicher authored
This reverts commit 68155ee7, reversing changes made to 7ebd011e.
-
Alfredo Sumaran authored
-
Alfredo Sumaran authored
-
- 30 Jun, 2016 1 commit
-
-
Valery Sizov authored
-
- 24 Jun, 2016 1 commit
-
-
Rémy Coutable authored
The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 16 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 13e37a3e.
-
James Lopez authored
-
- 15 Jun, 2016 1 commit
-
-
Annabel Dunstone authored
-
- 14 Jun, 2016 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 04 May, 2016 1 commit
-
-
Annabel Dunstone authored
-
- 20 Apr, 2016 1 commit
-
-
Arinde Eniola authored
-
- 05 Apr, 2016 1 commit
-
-
Robert Speicher authored
- Some views had a "Close" button. We've removed this, because we don't want users accidentally hiding the validation errors and not knowing what needs to be fixed. - Some views used `li`, some used `p`, some used `span`. We've standardized on `li`. - Some views only showed the first error. We've standardized on showing all of them. - Some views added an `#error_explanation` div, which we've made standard.
-
- 14 Mar, 2016 1 commit
-
-
Zeger-Jan van de Weg authored
-
- 13 Mar, 2016 2 commits
-
-
Zeger-Jan van de Weg authored
Also incorporates the review into this, mainly spec changes.
-
Zeger-Jan van de Weg authored
The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
-
- 03 Mar, 2016 1 commit
-
-
Robert Speicher authored
-
- 28 Jan, 2016 1 commit
-
-
Phil Hughes authored
Closes #12796
-
- 14 Jan, 2016 1 commit
-
-
Gabriel Mazetto authored
-