An error occurred fetching the project authors.
- 12 Aug, 2019 1 commit
-
-
Markus Koller authored
Querying all counts for the different search results in the same request led to timeouts, so we now only calculate the count for the *current* search results, and request the others in separate asynchronous calls.
-
- 20 May, 2019 1 commit
-
-
Felipe Artur authored
Fix milestone titles being leaked using search API when users cannot read milestones
-
- 05 Apr, 2019 1 commit
-
-
Thong Kuah authored
- rewords examples starting with 'should' - rewords examples starting with 'it' Note: I had to manually fixup "onlies" to "only"
-
- 14 Mar, 2019 3 commits
-
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
-
- 05 Mar, 2018 1 commit
-
-
Jan Provaznik authored
-
- 06 Feb, 2018 1 commit
-
-
Jarka Kadlecová authored
-
- 23 Jan, 2018 1 commit
-
-
Jan Provaznik authored
Search query is especially slow if a user searches a generic string which matches many records, in such case search can take tens of seconds or time out. To speed up the search query, we search only for first 1000 records, if there is >1000 matching records we just display "1000+" instead of precise total count supposing that with such amount the exact count is not so important for the user. Because for issues even limited search was not fast enough, 2-phase approach is used for issues: first we use simpler/faster query to get all public issues, if this exceeds the limit, we just return the limit. If the amount of matching results is lower than limit, we re-run more complex search query (which includes also confidential issues). Re-running the complex query should be fast enough in such case because the amount of matching issues is lower than limit. Because exact total_count is now limited, this patch also switches to to "prev/next" pagination. Related #40540
-
- 02 Jan, 2018 1 commit
-
-
Jan Provaznik authored
When searching for issues, an additional subquery is added which filters only issues in a project. If global context is used (no project is specified) this query filters all projects user has access to. In that case we can skip this filter because filtering only projects user has access to is added anyway. The filter is used only if a custom project context is specified Related to #40540
-
- 22 Dec, 2017 1 commit
-
-
blackst0ne authored
-
- 21 Dec, 2017 1 commit
-
-
Jan Provaznik authored
When searching for merge requests, an additional subquery is added which by default filters only merge requests which belong to source or target project user has permission for. This filter is not needed because more restrictive filter which checks if user has permission for target project is used in the query. So unless a custom projects filter is used by user, it's possible to skip the default projects filter and speed up the final query. Related to #40540
-
- 07 Oct, 2017 1 commit
-
-
Bob Van Landuyt authored
The helper creates a fork of a project with all provided attributes, but skipping the creation of the repository on disk.
-
- 02 Aug, 2017 1 commit
-
-
Robert Speicher authored
-
- 04 May, 2017 1 commit
-
-
Valery Sizov authored
-
- 25 Jan, 2017 1 commit
-
-
Robert Speicher authored
-
- 09 Dec, 2016 1 commit
-
-
Douwe Maan authored
Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested - [x] app/finders/notes_finder.rb:17 - [x] app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] app/controllers/concerns/creates_commit.rb:84 - [x] app/controllers/projects/commits_controller.rb:24 - [x] app/controllers/projects/compare_controller.rb:56 - [x] app/controllers/projects/discussions_controller.rb:29 - [x] app/controllers/projects/todos_controller.rb:27 - [x] app/models/commit.rb:268 - [x] lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033
-
- 29 Nov, 2016 1 commit
-
-
Douwe Maan authored
Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
- Potentially untested - No test coverage - Test coverage of some sort exists (a test failed when error raised) - Test coverage of return value (a test failed when nil used) - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
-
- 06 Sep, 2016 1 commit
-
-
Valery Sizov authored
-
- 09 Aug, 2016 1 commit
-
-
tiagonbotelho authored
-
- 16 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 13e37a3e.
-
James Lopez authored
-
- 13 Jun, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 17 Mar, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 11 Mar, 2016 1 commit
-
-
Yorick Peterse authored
Instead of plucking IDs this class now uses ActiveRecord::Relation objects. Plucking IDs is problematic as searching for projects can lead to a huge amount of IDs being loaded into memory only to be used as an argument for another query (instead of just using a sub-query).
-