An error occurred fetching the project authors.
  1. 20 Apr, 2017 1 commit
  2. 19 Apr, 2017 1 commit
  3. 18 Apr, 2017 1 commit
  4. 14 Apr, 2017 5 commits
  5. 11 Apr, 2017 1 commit
  6. 10 Apr, 2017 1 commit
  7. 09 Apr, 2017 1 commit
  8. 06 Apr, 2017 6 commits
    • Timothy Andrew's avatar
      Implement review comments from @DouweM for !10467. · 1c42505b
      Timothy Andrew authored
      1. Have `MigrateToGhostUser` be a service rather than a mixed-in module, to keep
         things explicit. Specs testing the behavior of this class are moved into a
         separate service spec file.
      
      2. Add a `user.reported_abuse_reports` association to make the
         `migrate_abuse_reports` method more consistent with the other `migrate_`
         methods.
      1c42505b
    • Timothy Andrew's avatar
      Fix a bug with the User#abuse_report association. · 6a065074
      Timothy Andrew authored
      Introduction
      ------------
      
      1. The foreign key was not explicitly specified on the association.
      2. The `AbuseReport` model contains two references to user - `reporter_id` and
         `user_id`
      3. `user.abuse_report` is supposed to return the single abuse report where
         `user_id` refers to the given user.
      
      Bug Description
      ---------------
      
      1. `user.abuse_report` would return an abuse report where `reporter_id` referred
         to the current user, if such an abuse report was present.
      
      2. This implies a slightly more serious bug as well:
      
         - Assume User A filed an abuse report against User B
         - We have an abuse report where `reporter_id` is User A and `user_id` is User B
         - If User A is updated (`user_a.block`, for example), the abuse report would
           also be updated, such that both `reporter_id` _and_ `user_id` point to User A.
      
      Fix
      ---
      
      Explicitly declare the foreign key `user_id` in the `has_one` declaration
      6a065074
    • Alexis Reigel's avatar
      01be21d4
    • Alexis Reigel's avatar
      1735ed61
    • Alexis Reigel's avatar
      check all groups for 2fa requirement · 20575859
      Alexis Reigel authored
      20575859
    • Markus Koller's avatar
      Support 2FA requirement per-group · a3430f01
      Markus Koller authored
      a3430f01
  9. 30 Mar, 2017 2 commits
  10. 27 Mar, 2017 1 commit
  11. 24 Mar, 2017 2 commits
  12. 22 Mar, 2017 1 commit
  13. 17 Mar, 2017 1 commit
  14. 10 Mar, 2017 1 commit
  15. 09 Mar, 2017 5 commits
  16. 06 Mar, 2017 2 commits
  17. 05 Mar, 2017 1 commit
  18. 03 Mar, 2017 1 commit
  19. 28 Feb, 2017 3 commits
  20. 24 Feb, 2017 3 commits
    • Timothy Andrew's avatar
      Don't allow deleting a ghost user. · 6fdb17cb
      Timothy Andrew authored
      - Add a `destroy_user` ability. This didn't exist before, and was implicit in
        other abilities (only admins could access the admin area, so only they could
        destroy all users; a user can only access their own account page, and so can
        destroy only themselves).
      
      - Grant this ability to admins, and when the current user is trying to destroy
        themselves. Disallow destroying ghost users in all cases.
      
      - Modify the `Users::DestroyService` to check this ability. Also check it in
        views to decide whether or not to show the "Delete User" button.
      
      - Add a short summary of the Ghost User to the bio.
      6fdb17cb
    • Timothy Andrew's avatar
      Implement final review comments from @DouweM and @rymai · f2ed82fa
      Timothy Andrew authored
      - Have `Uniquify` take a block instead of a Proc/function. This is more
        idiomatic than passing around a function in Ruby.
      
      - Block a user before moving their issues to the ghost user. This avoids a data
        race where an issue is created after the issues are migrated to the ghost user,
        and before the destroy takes place.
      
      - No need to migrate issues (to the ghost user) in a transaction, because
        we're using `update_all`
      
      - Other minor changes
      f2ed82fa
    • Timothy Andrew's avatar
      Implement review comments from @rymai and @yorickpeterse · 8f01644f
      Timothy Andrew authored
      1. Refactoring and specs in the `Uniquify` class.
      
      2. Don't use the `AdvisoryLocking` class. Similar functionality is
      provided (backed by Redis) in the `ExclusiveLease` class.
      8f01644f