An error occurred fetching the project authors.
  1. 11 Sep, 2018 1 commit
    • Stan Hu's avatar
      Add ability to skip user email confirmation with API · ced2a932
      Stan Hu authored
      This gives admins the ability to send a `skip_confirmation` flag in the
      `POST /users/:id/email` API endpoint to skip the verification step and
      assume the given e-mail address is verified.
      
      Closes #50876
      ced2a932
  2. 30 Jul, 2018 1 commit
  3. 24 Jul, 2018 1 commit
  4. 23 Jul, 2018 1 commit
  5. 09 Jul, 2018 1 commit
  6. 13 Jun, 2018 1 commit
  7. 23 Apr, 2018 1 commit
  8. 08 Feb, 2018 1 commit
  9. 06 Feb, 2018 1 commit
  10. 01 Feb, 2018 1 commit
    • Yorick Peterse's avatar
      Track and act upon the number of executed queries · cca61980
      Yorick Peterse authored
      This ensures that we have more visibility in the number of SQL queries
      that are executed in web requests. The current threshold is hardcoded to
      100 as we will rarely (maybe once or twice) change it.
      
      In production and development we use Sentry if enabled, in the test
      environment we raise an error. This feature is also only enabled in
      production/staging when running on GitLab.com as it's not very useful to
      other users.
      cca61980
  11. 04 Dec, 2017 1 commit
  12. 21 Nov, 2017 1 commit
  13. 02 Nov, 2017 1 commit
  14. 28 Sep, 2017 4 commits
  15. 26 Sep, 2017 1 commit
  16. 23 Sep, 2017 2 commits
  17. 15 Sep, 2017 1 commit
  18. 05 Sep, 2017 2 commits
  19. 28 Aug, 2017 3 commits
  20. 11 Aug, 2017 1 commit
  21. 20 Jul, 2017 1 commit
  22. 12 Jul, 2017 1 commit
  23. 07 Jul, 2017 2 commits
  24. 04 Jul, 2017 1 commit
  25. 30 Jun, 2017 1 commit
    • Timothy Andrew's avatar
      Implement review comments for !12445 from @godfat and @rymai. · 3c88a786
      Timothy Andrew authored
      - Use `GlobalPolicy` to authorize the users that a non-authenticated user can
        fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC`
        visibility level is not restricted.
      
      - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if
        the `username` parameter is passed.
      
      - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual
        route + method, rather than the description.
      
      - Change the type of `current_user` check in `UsersFinder` to be more
        compatible with EE.
      3c88a786
  26. 28 Jun, 2017 1 commit
    • Timothy Andrew's avatar
      Initial attempt at refactoring API scope declarations. · 6f192250
      Timothy Andrew authored
      - Declaring an endpoint's scopes in a `before` block has proved to be
        unreliable. For example, if we're accessing the `API::Users` endpoint - code
        in a `before` block in `API::API` wouldn't be able to see the scopes set in
        `API::Users` since the `API::API` `before` block runs first.
      
      - This commit moves these declarations to the class level, since they don't need
        to change once set.
      6f192250
  27. 26 Jun, 2017 1 commit
    • Timothy Andrew's avatar
      Allow unauthenticated access to the `/api/v4/users` API. · 20f679d6
      Timothy Andrew authored
      - The issue filtering frontend code needs access to this API for non-logged-in
        users + public projects. It uses the API to fetch information for a user by
        username.
      
      - We don't authenticate this API anymore, but instead - if the `current_user` is
        not present:
      
        - Verify that the `username` parameter has been passed. This disallows an
          unauthenticated user from grabbing a list of all users on the instance. The
          `UsersFinder` class performs an exact match on the `username`, so we are
          guaranteed to get 0 or 1 users.
        - Verify that the resulting user (if any) is accessible to be viewed publicly
          by calling `can?(current_user, :read_user, user)`
      20f679d6
  28. 24 Jun, 2017 1 commit
  29. 23 Jun, 2017 4 commits