- 16 Dec, 2016 18 commits
-
-
Timothy Andrew authored
If we leave this as a regular migration, we could have the following flow: 1. Application knows nothing about scopes. 2. First migration runs, all existing personal access tokens have `api` scope 3. Application still knows nothing about scopes. 4. Second migration runs, all tokens created after this point have no scope 5. Application still knows nothing about scopes. 6. Tokens created at this time _should have the API scope, but instead have no scope_ 7. Application code is reloaded, application knows about scopes 8. Tokens created after this point only have no scope if the user deliberately chooses to have no scopes. Point #6 is the problem here. To avoid this, we move the second migration to a "post" migration, which runs after the application code is deployed/reloaded.
-
Timothy Andrew authored
`valid_api_token?` is a better name. Scopes are just (potentially) one facet of a "valid" token.
-
Timothy Andrew authored
- Previously, AccessTokenValidationService was a module, and all its public methods accepted a token. It makes sense to convert it to a class which accepts a token during initialization. - Also rename the `sufficient_scope?` method to `include_any_scope?` - Based on feedback from @rymai
-
Timothy Andrew authored
- The `scopes_form` partial can be used in the `admin/applications` view as well - Don't allow partials to access instance variables directly. Instead, pass in the instance variables as local variables, and use `local_assigns.fetch` to assert that the variables are passed in as expected. - Change a few instances of `render :partial` to `render` - Remove an instance of `required: false` in a view, since this is the default - Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec`
-
Timothy Andrew authored
Split the existing feature spec into both feature and controller specs. Feature specs assert on browser DOM, and controller specs assert on database state.
-
Timothy Andrew authored
- Use whitespace to separate the setup, expectation and teardown phases.
-
Timothy Andrew authored
- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.
-
Timothy Andrew authored
- The list of scopes that's displayed while creating a personal access token is identical to the list that's displayed while creating an OAuth application. Extract these into a partial. - The list of scopes that's displayed while in the show page for an OAuth token in the profile settings and admin settings are identical. Extract these into a partial.
-
Timothy Andrew authored
- Mainly whitespace changes. - Require the migration adding the `scope` column to the `personal_access_tokens` table to have downtime, since API calls will fail if the new code is in place, but the migration hasn't run. - Minor refactoring - load `@scopes` in a `before_action`, since we're doing it in three different places.
-
Timothy Andrew authored
-
Timothy Andrew authored
- This module is used for git-over-http, as well as JWT. - The only valid scope here is `api`, currently.
-
Timothy Andrew authored
- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
-
Timothy Andrew authored
-
Timothy Andrew authored
-
Douglas Barbosa Alexandre authored
Fix eslint errors Fixes current eslint errors on master See merge request !8127
-
Douglas Barbosa Alexandre authored
Fix spec/features/admin/admin_active_tab_spec.rb See merge request !8130
-
Sean McGivern authored
Don't open Asciidoc module twice See merge request !8119
-
Douglas Barbosa Alexandre authored
-
- 15 Dec, 2016 22 commits
-
-
Achilleas Pipinellis authored
Add Okta authentication documentation Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/14122 See merge request !8104
-
Alfredo Sumaran authored
-
Achilleas Pipinellis authored
Add `gitlab_rails['auto_migrate'] = false` to HA docs for Redis/PG [ci skip] ## What does this MR do? In a high availability configuration, the Redis and PostgreSQL nodes should not attempt to run database migrations. In fact, trying will result in errors about not providing a database password. To prevent errors and confusion, add this configurtion to these nodes' `gitlab.rb` file. See merge request !8112
-
Kamil Trzciński authored
Merge branch '25144-gitlab-ce-mattermost-slash-command-for-issue-create-needs-better-documentation' into 'master' Resolve "gitlab-ce mattermost slash command for issue create needs better documentation" ## What does this MR do? Updates the documentation and the <kbd>help</kbd> command to be clearer, having the keys used to add a newline in chat clients (both Mattermost and Slack). ## Are there points in the code the reviewer needs to double check? * Are the available commands (via <kbd>help</kbd>) being formatted as `<code>` ? ## Why was this MR needed? `\n` represents a new line character and doesn't communicate how the user should input the command. Also, to be correct, the documentation should use `<kbd>` instead of `<code>` for user input ([see HTML5 specification](https://www.w3.org/TR/html5/text-level-semantics.html#the-kbd-element)) ## Screenshots (if relevant) | Mattermost | Docs | | --- | --- | | ![image](/uploads/539526a14bfd551b7e732dd96c5b7581/image.png) | ![image](/uploads/e3eb099f86c5a32ce3b8954e72c29848/image.png) | ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - Tests - [ ] All builds are passing ## What are the relevant issue numbers? Closes #25144 See merge request !7850
-
Fatih Acet authored
Improve bulk assignment This MR improves current implementation of Label dropdown when used for bulk assignment on issuable pages (/:namespace/:project/issues, /:namespace/:project/merge_requests) Previously this dropdown relied on `<input>` tags to get its active items and also to calculate items with indeterminate state. Relying on `<input>` tags is not enough when we want to set/get multiple states on a dropdown. For this case we want to get/set: - Marked items - Unmarked items that were initially marked - Unmarked items that were initially indeterminate - Items with indeterminate state. This MR makes the Label dropdown to save its own state as `data` so it will be easy to get and set whatever state we want no matter if the dropdown is filtering which is the issue that I initially wanted to solve as you can see in the following gif. **Before** ![2016-12-07_11.44.48](/uploads/cb697161b8b39cdee72fdbb95a531100/2016-12-07_11.44.48.gif) **After** ![2016-12-07_11.32.43](/uploads/338255a302de0dd1367474f33232d2a3/2016-12-07_11.32.43.gif) As you can see in the first gif the `bug` label is removed from the selected issues but the `enhancement` label should set but the `critical` should be kept. This is fixed on the next gif. Fixes #24877 See merge request !7765
-
Annabel Dunstone Gray authored
25617 Fix placeholder color of todo filters ## What does this MR do? Fixes color of placeholder text on todo filters ## Screenshots (if relevant) ![Screen_Shot_2016-12-14_at_1.42.02_PM](/uploads/7ceec3c8fff47825384835bcfb38d77c/Screen_Shot_2016-12-14_at_1.42.02_PM.png) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #25617 See merge request !8094
-
Annabel Dunstone Gray authored
24824 Add focus state to dropdowns ## What does this MR do? Adds focus state to dropdown items to increase accessibility. ## Screenshots (if relevant) ![Screen_Shot_2016-12-01_at_2.47.13_PM](/uploads/d0d2c17dde61314c86155268815091f6/Screen_Shot_2016-12-01_at_2.47.13_PM.png) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24824 See merge request !7885
-
Grzegorz Bizon authored
Show commit status from latest pipeline Show commit status from latest pipeline rather than compound status from all pipelines. Closes #20560 See merge request !7333
-
Munken authored
-
Fatih Acet authored
Remove unnecessary commits order message Remove unnecessary message. User should expect that commits are listed in reverse chronological order. Even if they are not initially clear, glancing quickly through the list informs them right away. No point in drawing unnecessary attention to extra information that is not main content. The other tabs also have lists in chronological or reverse chronological order. But there's nothing there to explain in which direction. ### Existing <img src="/uploads/d5592533c60186a7a53af5d6d010fa56/Screen_Shot_2016-12-09_at_12.38.25_AM.png" height="200px" /> ### After change <img src="/uploads/facc800496d27f1ee33e0d48d339b2f3/Screen_Shot_2016-12-09_at_12.37.36_AM.png" height="200px" /> See merge request !8004
-
Fatih Acet authored
Fixed GFM autocomplete to disallow non-word characters in string ## What does this MR do? Disallows GFM autocomplete working when a non-word character is enter in the middle of the string. ## Screenshots (if relevant) ![Screen_Shot_2016-12-12_at_09.47.46](/uploads/aa6463a57b97c103c69eab6bb1d80540/Screen_Shot_2016-12-12_at_09.47.46.png) ## What are the relevant issue numbers? Closes #25540 See merge request !8035
-
Fatih Acet authored
added go back anchor on error pages ## What does this MR do? adds go back anchor on error pages ## Are there points in the code the reviewer needs to double check? - ## Why was this MR needed? requested per https://gitlab.com/gitlab-org/gitlab-ce/issues/25534 ## Screenshots (if relevant) ![image](/uploads/894c513e7a058deb0124b5152dc11e28/image.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #25534 See merge request !8087
-
Fatih Acet authored
Add Object.assign polyfill Because PhantomJS See merge request !8090
-
Rémy Coutable authored
Move admin active tab spinach tests to RSpec See merge request !8037
-
Rémy Coutable authored
Use build instead create in group spec See merge request !8068
-
Drew Blessing authored
In a high availability configuration, the Redis and PostgreSQL nodes should not attempt to run database migrations. In fact, trying will result in errors about not providing a database password. To prevent errors and confusion, add this configurtion to these nodes' `gitlab.rb` file.
-
Annabel Dunstone Gray authored
Fixed file template dropdown for the "New File" editor for smaller/zoomed screens ## What does this MR do? Fixes the dropdown issue on zoomed/smaller screens ## Are there points in the code the reviewer needs to double check? Until what point do we consider not supporting a certain screen size / zoom level ## Why was this MR needed? To fix the dropdown position when zooming in on the screen ## Screenshots (if relevant) Zoom levels **100% Zoom** ![100_](/uploads/b13c6c48d4ca99b119d45975280cd16f/100_.png) **175% Zoom** ![175_](/uploads/ef25dffbf85d0859bc57c875914ffc7a/175_.png) **200% Zoom** ![200_](/uploads/6ff7709f42304d51ef29a173efa5540d/200_.png) **300% Zoom** ![300_](/uploads/7e57528582a09355354bbbfc26aa64a4/300_.png) ## Does this MR meet the acceptance criteria? - [X] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [X] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if it does - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #23962 ## Affected pages for the modified css-classes `./app/assets/stylesheets/pages/editor.scss: .gitignore-selector, ./app/assets/stylesheets/pages/editor.scss: .license-selector, ./app/assets/stylesheets/pages/editor.scss: .gitlab-ci-yml-selector { ./app/views/projects/blob/_editor.html.haml: .gitlab-ci-yml-selector.js-gitlab-ci-yml-selector-wrap.hidden ./app/assets/stylesheets/pages/editor.scss: .new-file-name { ./app/views/projects/blob/_editor.html.haml: required: true, class: 'form-control new-file-name' ` See merge request !7807
-
Kamil Trzciński authored
Add a slug to environments ## What does this MR do? Adds a `slug` field to the `environments` table, populating existing rows and ensuring that new rows will get an entry. Cleaning examples: * `review/foo` => `review-foo-5gghdf` * `review-foo` => `review-foo` * `1-foo` => `env-1-foo-e2hx12` * `production` => `production` * `Production` => `production-f8ddlz` ## Are there points in the code the reviewer needs to double check? This migration requires downtime. I don't see a way to avoid it. ## Why was this MR needed? External services often have more restrictive rules on naming than those enforced for `environments.name`. In particular, forward slashes and names longer than 24 characters causes problems on OpenShift. `slug` is designed to be an acceptable alternative to `name` in these situations. Since forward slashes are a documented part of environment names, to set environment types, we need an envionmnent slug, not just a slug for the branch name. ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [X] API support added - Tests - [X] Added for this feature/bug - [x] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if it does - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Part of #22864 See merge request !7983
-
Annabel Dunstone Gray authored
-
Rémy Coutable authored
Filter `incoming_email_token` and `runners_token` parameters Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676 See merge request !2045
-
Sean McGivern authored
Issue#visible_to_user moved to IssuesFinder Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637. See merge request !2039
-
Douwe Maan authored
Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested ### Note lookup without access check - [x]✅ app/finders/notes_finder.rb:13 :download_code check - [x]✅ app/finders/notes_finder.rb:19 `SnippetsFinder` - [x]✅ app/models/note.rb:121 [`Issue#visible_to_user`] - [x]✅ lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
-