- 18 Jan, 2021 22 commits
-
-
Dmytro Zaporozhets (DZ) authored
Add Package & Registry settings menu See merge request gitlab-org/gitlab!51460
-
Nicolò Maria Mezzopera authored
- controller - view file - group routes
-
Vitaly Slobodin authored
Fix abuse reports contains html and does not show reporter See merge request gitlab-org/gitlab!50983
-
Kev authored
-
Mark Chao authored
Remove unnecessary recaptcha verification param and unused snippets verify views See merge request gitlab-org/gitlab!51587
-
Jan Provaznik authored
Record onboarding progress for scoped labels See merge request gitlab-org/gitlab!51386
-
charlie ablett authored
Update graphql_logging feature flag info See merge request gitlab-org/gitlab!51714
-
Chad Woolley authored
Instead, just check the recaptcha response parameter directly, as we will need to do when using the reCAPTCHA Javascript API. Also adds some test coverage for spammable_actions
-
Martin Wortschack authored
Add Icons to headings in system info on admin panel See merge request gitlab-org/gitlab!46618
-
Yogi authored
-
Kushal Pandya authored
Swimlanes - Creating an issue should add board scope to it See merge request gitlab-org/gitlab!51675
-
Florie Guibert authored
Create issue in board list adds board scope to it
-
Stan Hu authored
Allow more actions on group members See merge request gitlab-org/gitlab!50445
-
Simon Knox authored
Boards - Prevent boardsStore creation on graphQL boards See merge request gitlab-org/gitlab!51424
-
Florie Guibert authored
Rename new components to not have a suffix and rename deprecated components.
-
Florie Guibert authored
-
Russell Dickenson authored
Remove unnecessary screenshot and set updated lint image See merge request gitlab-org/gitlab!51845
-
Evan Read authored
-
Paul Slaughter authored
Allow retry for halted Elasticsearch migrations See merge request gitlab-org/gitlab!51335
-
-
Russell Dickenson authored
Seat link needs to be able to contact customers.gitlab.com See merge request gitlab-org/gitlab!51841
-
Anton Smith authored
-
- 17 Jan, 2021 13 commits
-
-
Russell Dickenson authored
Remove unavailable storage view option See merge request gitlab-org/gitlab!51655
-
Russell Dickenson authored
Update Subscription doc metadata entry See merge request gitlab-org/gitlab!51256
-
Russell Dickenson authored
Add metadata to Subscription doc files See merge request gitlab-org/gitlab!51529
-
Russell Dickenson authored
Document Pipfile.lock support for Dependency Scanning See merge request gitlab-org/gitlab!51445
-
Fabien Catteau authored
Add Pipfile.lock to the list of files Dependency Scanning supports via Gemnasium.
-
Evan Read authored
Hangouts API - Rename G Suite to Google Workspace See merge request gitlab-org/gitlab!51839
-
Evan Read authored
Docs: Expand on missing API scope troubleshooting See merge request gitlab-org/gitlab!51812
-
Kaitlyn Chappell authored
-
Evan Read authored
Document that commits section can be empty See merge request gitlab-org/gitlab!51722
-
Kate Grechishkina authored
-
Alex Kalderimis authored
-
Alex Kalderimis authored
-
Anton Smith authored
-
- 16 Jan, 2021 5 commits
-
-
Paul Slaughter authored
Fix subscribable banner layout on mobile See merge request gitlab-org/gitlab!50972
-
Alex Kalderimis authored
-
Alex Kalderimis authored
-
Alex Kalderimis authored
-
Alex Kalderimis authored
Specifically, we want to allow `:read_group`, without which certain policy checks will fail. This was implemented in support of https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40088, but can be extracted in advance, and fixes a distinct bug. The basic assumption of policies is that if `A` delegates to `B` and user `U` is allowed to perform action `x` on `B`, then that user is allowed to perform that action on `A` (i.e. policies are transitive). The `prevent_all` call in this policy breaks that assumption, which is relied on by GraphQL authorization to hold. Without this fix, the following situation is possible: - there exists a group `G`, which is public - there exists a membership of a user `U` in `G` - `Ability.allowed?(nil, :read_group, G) === true` - `Ability.allowed?(nil, :read_group, U) === false` This means that anonymous users cannot read the membership of public groups, but they **can** read the membership of public projects.
-