- 04 Jul, 2017 1 commit
-
-
Timothy Andrew authored
- Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323
-
- 03 Jul, 2017 1 commit
-
-
Timothy Andrew authored
- Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy`
-
- 30 Jun, 2017 10 commits
-
-
Timothy Andrew authored
Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api - Modify policy code to work with the `DeclarativePolicy` refactor in 37c40143.
-
Timothy Andrew authored
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE.
-
Phil Hughes authored
Only verifies top position after the request has finished to account for errors See merge request !12559
-
Filipa Lacerda authored
-
Kamil Trzciński authored
Cleanup codeclimate.json file generated by CI See merge request !12565
-
Sean McGivern authored
Fix 'New merge request' button for users who don't have push access to canonical project See merge request !12560
-
Dmitriy Zaporozhets authored
Merge branch '34502-gitlab-git-hook-should-set-the-gl_repository-environment-variable' into 'master' Set the GL_REPOSITORY env variable on Gitlab::Git::Hook Closes #34502 See merge request !12572
-
Achilleas Pipinellis authored
updated version of issues baord images (doc) See merge request !12558
-
Phil Hughes authored
Render add-diff-note with server and optimize styles See merge request !12103
-
Tim Zallmann authored
Fixed sidebar not collapsing on merge request in mobile screens Closes #32759 See merge request !12489
-
- 29 Jun, 2017 28 commits
-
-
Douwe Maan authored
Backport changes to Projects::IssuesController and the search bar See merge request !12551
-
Nick Thomas authored
-
Douwe Maan authored
bugfix: use `require_dependency` to bring in DeclarativePolicy Closes #34532 See merge request !12571
-
Alejandro Rodríguez authored
-
http://jneen.net/ authored
-
Dmitriy Zaporozhets authored
-
Jose Ivan Vargas authored
-
Annabel Dunstone Gray authored
Resolve "Select branch dropdown is too close to branch name" Closes #34349 See merge request !12515
-
Tim Zallmann authored
-
Rémy Coutable authored
Perform unzip quietly in UpdatePagesService Closes gitlab-ee#225 See merge request !12539
-
Annabel Dunstone Gray authored
Fixed new navgiation bar logo height in Safari See merge request !12563
-
Douwe Maan authored
-
Annabel Dunstone Gray authored
Fix scroll flicker Closes #34407 See merge request !12501
-
Robert Speicher authored
Defer project destroys within a namespace in Groups::DestroyService#async_execute See merge request !12435
-
Annabel Dunstone Gray authored
Clean up issuable lists Closes #26818 See merge request !11991
-
Taurie Davis authored
-
Douwe Maan authored
Supplement Traditional Chinese in Taiwan translation of Project Page & Repository Page Closes #33443 See merge request !12514
-
Dmitriy Zaporozhets authored
-
Bryce Johnson authored
This commit moves the rendering of the button back to the server, and shows/hides it using opacity rather than display. It also removes the transform applied to the button on hover (scale). Previously, both of these factors automatically triggered a reflow, which creates a performance bottleneck on pages with larger DOM size. MR: !12103
-
Robert Speicher authored
Allow the feature flags to be enabled/disabled with more granularity Closes #34078 See merge request !12357
-
Stan Hu authored
Group#destroy would actually hard-delete all associated projects even though the acts_as_paranoia gem is used, preventing Projects::DestroyService from doing any work. We first noticed this while trying to log all projects deletion to the Geo log.
-
Phil Hughes authored
-
Phil Hughes authored
Merge branch '34403-issue-dropdown-persists-when-adding-issue-number-to-issue-description' into 'master' Resolve "Issue dropdown persists when adding issue number to issue description" Closes #34403 See merge request !12521
-
Tim Zallmann authored
-
Rémy Coutable authored
Run mysql tests on stable preperation branches like 9-3-stable-patch-2 See merge request !12552
-
Sean McGivern authored
Added code for defining SHA attributes See merge request !12555
-
Douwe Maan authored
Remove Namespace model default scope override and write additional test to Project search See merge request !12546
-
Douwe Maan authored
Revert "Merge branch 'dm-drop-default-scope-on-sortable-finders' into 'master'" Closes #34511 See merge request !12557
-