- 29 Nov, 2016 7 commits
-
-
Fatih Acet authored
Hide project variables values by default Add a button to reveal/hide the values to help prevent accidental disclosure of sensitive information from wandering on a page. ![hide-vars](/uploads/5b5eeef9b4650776b529b780998bbb1b/hide-vars.gif) Closes #21358 See merge request !7731
-
Robert Speicher authored
Refactor issuable description and metadata form sections Continuation of https://gitlab.com/gitlab-org/gitlab-ce/issues/23864. Brother of gitlab-org/gitlab-ee!916. See merge request !7758
-
Douwe Maan authored
Add diff hunks to notification emails Add diff hunks to notification emails. Continued from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5855 - thanks @hoopes! This also fixes an issue where the + / - prefixes were missing from diffs in emails. Screenshots (from my browser) of the HTML emails, along with text screenshots
😛 ![image](/uploads/cb31400becf5149d40c8bb98a655aa93/image.png) ``` New comment for Merge Request !1 on app/views/admin/builds/index.html.haml: http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1023 > Finished This is a comment at the top of a match section. ``` ![image](/uploads/704dd3845797530697a27f5c1953c053/image.png) ``` New comment for Merge Request !1 on app/views/admin/builds/index.html.haml: http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1022 > Finished > %span.badge.js-running-count= @all_builds.finished.count(:id) > > - %li{class: ('active' if @scope == 'all')} > - = link_to admin_builds_path(scope: :all) do > - All > - %span.badge.js-totalbuilds-count= @all_builds.count(:id) > - > .gray-content-block > #{(@scope || 'running').capitalize} builds > This is a comment at the bottom of a match section. ``` ![image](/uploads/4063f3d9738aea8ebf3c0e690d0eddee/image.png) ``` New comment for Merge Request !1 on app/views/admin/builds/index.html.haml: http://localhost:3000/gitlab-org/gitlab-ce/merge_requests/1#note_1024 > = link_to 'Cancel all', cancel_all_admin_builds_path, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post > > %ul.center-top-menu > - %li{class: ('active' if @scope.nil?)} > + %li{class: ('active' if @scope == 'all')} > = link_to admin_builds_path do > + All This is a comment with some deleted and added lines above it. ``` Closes #21027, closes #24340. See merge request !7660 -
Douwe Maan authored
Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x]🚦 app/finders/notes_finder.rb:15 [`visible_to_user`] - [x]🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x]✅ app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x]✅ lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x]✅ lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x]✅ lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031 -
Douwe Maan authored
Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested - [x]✅ app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x]🚥 app/models/cycle_analytics/summary.rb:9 [`.count`] - [x]✅ app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030 -
Douwe Maan authored
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023
-
Douwe Maan authored
Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
-
- 28 Nov, 2016 33 commits
-
-
Drew Blessing authored
Remove `memberOf` OID in LDAP `user_filter` docs While not technically invalid, it is not necessary to have the `memberOf` OID in the `user_filter`. It clutters things up and causes confusion for users so it's better if we remove it from the docs. See merge request !7809
-
Alejandro Rodríguez authored
-
Drew Blessing authored
While not technically invalid, it is not necessary to have the `memberOf` OID in the `user_filter`. It clutters things up and causes confusion for users so it's better if we remove it from the docs.
-
Annabel Dunstone Gray authored
Create secondary colors for buttons with SCSS functions [Proper] ## What does this MR do? * Removes the hardcoded values for button colors and generates them using the `darken` function * Adds a border color for outline buttons on hover, focus and active states * Adds darker colors for outline buttons in their active state ## Are there points in the code the reviewer needs to double check? Naming for new factor variables might not be good enough. ## Why was this MR needed? Increases visibility of alternate states as specified in #24145 ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24145 See merge request !7797
-
Fatih Acet authored
-
Chris Peressini authored
-
Annabel Dunstone Gray authored
Add hover state to navigation rows ## What does this MR do? Adds hover states to navigations rows ## Screenshots (if relevant) ![Screen_Recording_2016-11-28_at_09.21_AM](/uploads/5d273f8bc53f46f9b55590f56f2287d8/Screen_Recording_2016-11-28_at_09.21_AM.gif) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24149 See merge request !7584
-
Fatih Acet authored
Adds spinner class ## What does this MR do? Adds class to spinner icon to actually spin. ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24985 See merge request !7761
-
Sean McGivern authored
Ensure user is authenticated to create a new snippet Closes #25026 See merge request !7786
-
Sean McGivern authored
-
Sean McGivern authored
-
Sean McGivern authored
-
Sean McGivern authored
In the browser, we remove the + and - signs from the front of a diff line because we add them in with CSS, so they aren't copied. We can't do that in an email, because the CSS isn't supported, so we should keep them in that case.
-
Sean McGivern authored
-
Achilleas Pipinellis authored
Add guidelines in doc linking with HAML ## What does this MR do? Add guidelines and examples of HAML links to the buil-in help GitLab exposes under /help. See merge request !7798
-
tauriedavis authored
-
Alfredo Sumaran authored
Replace static fixture for zen_mode_spec ## What does this MR do? Replace `zen_mode.html.haml` for `zen_mode_spec.js` by already existing dynamically generated fixture. ## What are the relevant issue numbers? #24753 See merge request !7686
-
Achilleas Pipinellis authored
[ci skip]
-
Alfredo Sumaran authored
Add `.find` poly ## What does this MR do? Adds `[].find()` poly ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !7710
-
Alfredo Sumaran authored
Create dynamic fixture for build_spec ## What does this MR do? Replace `spec/javascripts/fixtures/build.html.haml` by a dynamically created fixture (using `rake teaspoon:fixtures`). ## Why was this MR needed? The existing fixture was not representing the real page. ## What are the relevant issue numbers? #24614 would have been avoided following !6059 See merge request !7589
-
Chris Peressini authored
-
Sean McGivern authored
Create tag after running pre-hooks and pass updated SHA to post-hooks Closes #24813 See merge request !7700
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
[ci skip]
-
Alejandro Rodríguez authored
[ci skip]
-
Adam Niedzielski authored
We only know the tag SHA after we create the tag. This means that we pass a different value to the hooks that happen before creating the tag, and a different value to the hooks that happen after creating the tag. This is not an ideal situation, but it is a trade-off we decided to make. For discussion of the alternatives please refer to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7700#note_18982873 "pre-receive" and "update" hooks always get the SHA of the commit that the tag points to. "post-receive" gets the tag SHA if it is an annotated tag or the commit SHA if it is an lightweight tag. Currently we always create annotated tags if UI is used.
-
Sean McGivern authored
Prevent error when submitting a merge request and pipeline is not defined Closes #24860 See merge request !7707
-
Adam Niedzielski authored
This reverts commit ae51774b.
-
Robert Speicher authored
Refactor issuable_filters_present to reduce duplications See https://gitlab.com/gitlab-org/gitlab-ce/issues/23546 See merge request !7776
-
Rémy Coutable authored
Pass `--load-images=no` to PhantomJS via Capybara/Poltergeist We were unintentionally hitting `gravatar.com` whenever a test that used Poltergeist was run. This was certainly wasting their resources and slowing down our tests even further, for no reason. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899 See merge request !7781
-
Adam Niedzielski authored
-
Rémy Coutable authored
Speed up Project security access specs Prior, every single test was creating four `ProjectMember` objects, each of which created one `User` record, even though each test only used _one_ of those Users, if any. Now each test only creates the single user record it needs, if it needs one. This shaves minutes off of each spec file changed here. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899 See merge request !7779
-
-