BigW Consortium Gitlab

  1. 08 May, 2017 1 commit
  2. 05 May, 2017 2 commits
  3. 02 May, 2017 2 commits
  4. 01 May, 2017 1 commit
  5. 26 Apr, 2017 1 commit
  6. 12 Apr, 2017 1 commit
  7. 11 Apr, 2017 1 commit
  8. 27 Mar, 2017 1 commit
  9. 09 Mar, 2017 1 commit
  10. 07 Mar, 2017 1 commit
  11. 24 Feb, 2017 1 commit
    • Don't allow deleting a ghost user. · 6fdb17cb
      Timothy Andrew authored
      - Add a `destroy_user` ability. This didn't exist before, and was implicit in
        other abilities (only admins could access the admin area, so only they could
        destroy all users; a user can only access their own account page, and so can
        destroy only themselves).
      
      - Grant this ability to admins, and when the current user is trying to destroy
        themselves. Disallow destroying ghost users in all cases.
      
      - Modify the `Users::DestroyService` to check this ability. Also check it in
        views to decide whether or not to show the "Delete User" button.
      
      - Add a short summary of the Ghost User to the bio.
  12. 23 Feb, 2017 2 commits
  13. 06 Feb, 2017 1 commit
  14. 23 Jan, 2017 1 commit
  15. 18 Jan, 2017 2 commits
  16. 26 Dec, 2016 1 commit
  17. 15 Dec, 2016 1 commit
  18. 04 Dec, 2016 2 commits
  19. 30 Nov, 2016 1 commit
  20. 07 Nov, 2016 1 commit
  21. 01 Nov, 2016 1 commit
  22. 28 Oct, 2016 2 commits
    • Add specs for a user from a group link · af6cf695
      Sean McGivern authored
    • Fix project member access for group links · db9979bc
      Sean McGivern authored
      `ProjectTeam#find_member` doesn't take group links into account. It was
      used in two places:
      
      1. An admin view - it can stay here.
      2. `ProjectTeam#member?`, which is often used to decide if a user has
         access to view something.
      
      This second part broke confidential issues viewing. `IssuesFinder` ends
      up delegating to `Project#authorized_for_user?`, which does consider
      group links, so users with access to the project via a group link could
      see confidential issues on the index page. However, `IssuesPolicy` used
      `ProjectTeam#member?`, so the same user couldn't view the issue when
      going to it directly.
  23. 11 Oct, 2016 1 commit
  24. 06 Oct, 2016 1 commit
  25. 20 Sep, 2016 1 commit
  26. 30 Aug, 2016 1 commit