- 31 Jan, 2017 2 commits
-
-
Kamil Trzcinski authored
-
Annabel Dunstone Gray authored
-
- 18 Jan, 2017 2 commits
-
-
Jose Ivan Vargas authored
-
Jose Ivan Vargas authored
-
- 04 Jan, 2017 2 commits
-
-
tauriedavis authored
-
tauriedavis authored
-
- 03 Jan, 2017 2 commits
-
-
Jose Ivan Vargas authored
Fixed more tests
-
Jose Ivan Vargas authored
This controller is going to contain both the project members and groups options for the settings gear. Generated the route and modified the routing to point to the new members setting path
-
- 31 Dec, 2016 4 commits
-
-
Kushal Pandya authored
-
Kushal Pandya authored
-
Kushal Pandya authored
-
Kushal Pandya authored
-
- 28 Dec, 2016 1 commit
-
-
victorwu authored
-
- 16 Dec, 2016 1 commit
-
-
Mike Greiling authored
-
- 15 Dec, 2016 1 commit
-
-
Luke Bennett authored
Finished up autocomplete_sources action and added frontend to fetch data only when its needed Added wait_for_ajax to specs Fixed builds and improved the setup/destroy lifecycle Changed global namespace and DRYed up loading logic Added safety for accidentally loading data twice Removed destroy as its not necessary and is messing with click events from a blur race condition Created AutocompleteSourcesController and updated routes Fixed @undefined from tabbing before load ends Disable tabSelectsMatch until we have loaded data Review changes
-
- 09 Dec, 2016 1 commit
-
-
Douwe Maan authored
Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested - [x] app/finders/notes_finder.rb:17 - [x] app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] app/controllers/concerns/creates_commit.rb:84 - [x] app/controllers/projects/commits_controller.rb:24 - [x] app/controllers/projects/compare_controller.rb:56 - [x] app/controllers/projects/discussions_controller.rb:29 - [x] app/controllers/projects/todos_controller.rb:27 - [x] app/models/commit.rb:268 - [x] lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033
-
- 05 Dec, 2016 1 commit
-
-
Jacopo authored
counter This is done by: - Extending the IssuableFinder adding the non_archived option to the params - Overriding the #filter_params in the MergeRequestsAction - Passing the non_archived param in the nav/_group.html.haml navbar partial from the groups/merge_requests.html.haml
-
- 01 Dec, 2016 2 commits
-
-
tauriedavis authored
-
Dimitrie Hoekstra authored
-
- 29 Nov, 2016 2 commits
-
-
Luis Alonso Chavez Armendariz authored
-
Douwe Maan authored
Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
-
- 26 Nov, 2016 1 commit
-
-
Luke "Jared" Bennett authored
Updated specs
-
- 25 Nov, 2016 1 commit
-
-
Yorick Peterse authored
With events no longer being cached this is no longer needed.
-
- 17 Nov, 2016 3 commits
-
-
Kamil Trzcinski authored
-
Kushal Pandya authored
-
Kushal Pandya authored
-
- 16 Nov, 2016 2 commits
-
-
Kamil Trzcinski authored
-
Lucas Deschamps authored
-
- 10 Nov, 2016 1 commit
-
-
Nur Rony authored
-
- 08 Nov, 2016 1 commit
-
-
tauriedavis authored
-
- 03 Nov, 2016 1 commit
-
-
Annabel Dunstone Gray authored
-
- 01 Nov, 2016 1 commit
-
-
Annabel Dunstone Gray authored
-
- 26 Oct, 2016 1 commit
-
-
Clement Ho authored
-
- 19 Oct, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 16 Oct, 2016 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 15 Oct, 2016 2 commits
-
-
Bryce Johnson authored
-
Bryce Johnson authored
- Tab between register and sign in forms - Add individual input validation error messages - Validate username - Update many styles for all login-box forms
-
- 14 Oct, 2016 1 commit
-
-
Phil Hughes authored
#22827
-
- 11 Oct, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 07 Oct, 2016 1 commit
-
-
Nick Thomas authored
This commit alters views for the following models to use the markdown cache if present: * AbuseReport * Appearance * ApplicationSetting * BroadcastMessage * Group * Issue * Label * MergeRequest * Milestone * Project At the same time, calls to `escape_once` have been moved into the `single_line` Banzai pipeline, so they can't be missed out by accident and the work is done at save, rather than render, time.
-