An error occurred fetching the project authors.
- 11 Sep, 2018 1 commit
-
-
Stan Hu authored
This gives admins the ability to send a `skip_confirmation` flag in the `POST /users/:id/email` API endpoint to skip the verification step and assume the given e-mail address is verified. Closes #50876
-
- 30 Jul, 2018 1 commit
-
-
Bob Van Landuyt authored
This can be done trough the API for the current user, or on the profile page.
-
- 24 Jul, 2018 1 commit
-
-
JX Terry authored
-
- 23 Jul, 2018 1 commit
-
-
Marko, Peter authored
Signed-off-by: Marko, Peter <peter.marko@siemens.com>
-
- 09 Jul, 2018 1 commit
-
-
Lin Jen-Shin authored
-
- 13 Jun, 2018 1 commit
-
-
Francisco Javier López authored
-
- 23 Apr, 2018 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 08 Feb, 2018 1 commit
-
-
Markus Koller authored
-
- 06 Feb, 2018 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 01 Feb, 2018 1 commit
-
-
Yorick Peterse authored
This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users.
-
- 04 Dec, 2017 1 commit
-
-
Francisco Javier López authored
-
- 21 Nov, 2017 1 commit
-
-
Daniel Juarez authored
-
- 02 Nov, 2017 1 commit
-
-
Douwe Maan authored
-
- 28 Sep, 2017 4 commits
-
-
Markus Koller authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
- 26 Sep, 2017 1 commit
-
-
Tiago Botelho authored
-
- 23 Sep, 2017 2 commits
-
-
Brett Walker authored
-
Brett Walker authored
Send a confirmation email when the user adds a secondary email address. Utilizes the Devise `confirmable` capabilities. Issue #37385
-
- 15 Sep, 2017 1 commit
-
-
Robert Speicher authored
-
- 05 Sep, 2017 2 commits
-
-
Robert Schilling authored
-
Robert Schilling authored
-
- 28 Aug, 2017 3 commits
-
-
Robert Schilling authored
-
Robert Schilling authored
-
Robert Schilling authored
-
- 11 Aug, 2017 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 20 Jul, 2017 1 commit
-
-
Dmitriy Zaporozhets authored
New version of the gem returns 200 status code on delete with content instead of 204 so we explicitly set status code to keep existing behavior Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 12 Jul, 2017 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 07 Jul, 2017 2 commits
-
-
James Lopez authored
-
James Lopez authored
-
- 04 Jul, 2017 1 commit
-
-
Timothy Andrew authored
- Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323
-
- 30 Jun, 2017 1 commit
-
-
Timothy Andrew authored
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE.
-
- 28 Jun, 2017 1 commit
-
-
Timothy Andrew authored
- Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set.
-
- 26 Jun, 2017 1 commit
-
-
Timothy Andrew authored
- The issue filtering frontend code needs access to this API for non-logged-in users + public projects. It uses the API to fetch information for a user by username. - We don't authenticate this API anymore, but instead - if the `current_user` is not present: - Verify that the `username` parameter has been passed. This disallows an unauthenticated user from grabbing a list of all users on the instance. The `UsersFinder` class performs an exact match on the `username`, so we are guaranteed to get 0 or 1 users. - Verify that the resulting user (if any) is accessible to be viewed publicly by calling `can?(current_user, :read_user, user)`
-
- 24 Jun, 2017 1 commit
-
-
James Lopez authored
-
- 23 Jun, 2017 4 commits
-
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-
James Lopez authored
-