- 16 Dec, 2016 13 commits
-
-
Timothy Andrew authored
- Previously, AccessTokenValidationService was a module, and all its public methods accepted a token. It makes sense to convert it to a class which accepts a token during initialization. - Also rename the `sufficient_scope?` method to `include_any_scope?` - Based on feedback from @rymai
-
Timothy Andrew authored
- The `scopes_form` partial can be used in the `admin/applications` view as well - Don't allow partials to access instance variables directly. Instead, pass in the instance variables as local variables, and use `local_assigns.fetch` to assert that the variables are passed in as expected. - Change a few instances of `render :partial` to `render` - Remove an instance of `required: false` in a view, since this is the default - Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec`
-
Timothy Andrew authored
Split the existing feature spec into both feature and controller specs. Feature specs assert on browser DOM, and controller specs assert on database state.
-
Timothy Andrew authored
- Use whitespace to separate the setup, expectation and teardown phases.
-
Timothy Andrew authored
- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.
-
Timothy Andrew authored
- The list of scopes that's displayed while creating a personal access token is identical to the list that's displayed while creating an OAuth application. Extract these into a partial. - The list of scopes that's displayed while in the show page for an OAuth token in the profile settings and admin settings are identical. Extract these into a partial.
-
Timothy Andrew authored
- Mainly whitespace changes. - Require the migration adding the `scope` column to the `personal_access_tokens` table to have downtime, since API calls will fail if the new code is in place, but the migration hasn't run. - Minor refactoring - load `@scopes` in a `before_action`, since we're doing it in three different places.
-
Timothy Andrew authored
-
Timothy Andrew authored
- This module is used for git-over-http, as well as JWT. - The only valid scope here is `api`, currently.
-
Timothy Andrew authored
- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
-
Timothy Andrew authored
-
Timothy Andrew authored
-
Rémy Coutable authored
The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 15 Dec, 2016 8 commits
-
-
Fatih Acet authored
Adds hoverstates for collapsed Issue/Merge Request sidebar for Time tracking Icon This MR is part 2/2 of https://gitlab.com/gitlab-org/gitlab-ce/issues/25011 This adds the hover state for the time tracking icon, which is only in EE. ![2016-11-28_00.09.54](/uploads/a1ae70e10ad847c4980fa9eca3dcfe18/2016-11-28_00.09.54.gif) Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/25011 See merge request !918
-
Sean McGivern authored
Add user activities API Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/1311 See merge request !962
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
- 14 Dec, 2016 14 commits
-
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
Chris Wilson authored
Include information on updating mirror synchronization times + update_all_mirrors_worker_cron + update_all_remote_mirrors_worker_cron See merge request !763
-
- 13 Dec, 2016 3 commits
-
-
Achilleas Pipinellis authored
-
Douglas Barbosa Alexandre authored
Document a new gotcha when using `prepend` See merge request !963
-
Rémy Coutable authored
[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 12 Dec, 2016 2 commits
-
-
Douglas Barbosa Alexandre authored
CE upstream Unmerged paths: (use "git add/rm ..." as appropriate to mark resolution) ``` both modified: app/models/namespace.rb both modified: app/models/project.rb both modified: app/views/layouts/nav/_group_settings.html.haml both modified: app/views/projects/_merge_request_settings.html.haml both modified: app/views/projects/edit.html.haml both modified: app/views/shared/milestones/_summary.html.haml both modified: db/schema.rb both modified: doc/README.md both modified: doc/api/merge_requests.md both modified: lib/api/merge_requests.rb both modified: lib/gitlab/search_results.rb both modified: spec/lib/gitlab/import_export/all_models.yml both modified: spec/models/project_spec.rb both modified: spec/services/merge_requests/refresh_service_spec.rb ``` See merge request !960
-
Douglas Barbosa Alexandre authored
-