- 30 Jun, 2017 1 commit
-
-
Timothy Andrew authored
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE.
-
- 26 Jun, 2017 2 commits
-
-
Timothy Andrew authored
-
Timothy Andrew authored
- The issue filtering frontend code needs access to this API for non-logged-in users + public projects. It uses the API to fetch information for a user by username. - We don't authenticate this API anymore, but instead - if the `current_user` is not present: - Verify that the `username` parameter has been passed. This disallows an unauthenticated user from grabbing a list of all users on the instance. The `UsersFinder` class performs an exact match on the `username`, so we are guaranteed to get 0 or 1 users. - Verify that the resulting user (if any) is accessible to be viewed publicly by calling `can?(current_user, :read_user, user)`
-
- 24 Jun, 2017 3 commits
-
-
Marcia Ramos authored
Resolve "Replace 'Settings ➔ CI/CD Pipelines' with 'Settings ➔ Pipelines' in docs" Closes #34264 See merge request !12433
-
Phil Hughes authored
Fix interpolation in app/views/profile/show.html/haml See merge request !12439
-
Nick Thomas authored
-
- 23 Jun, 2017 34 commits
-
-
sytses authored
-
sytses authored
-
sytses authored
-
Grzegorz Bizon authored
Don't match tilde and exclamation mark as part of requirements.txt package name Closes #34166 See merge request !12431
-
bikebilly authored
-
Douwe Maan authored
Add User#full_private_access? to check if user has access to all private groups & projects Closes #31745 See merge request !12373
-
Douwe Maan authored
Fix breadcrumb order Closes #33938 See merge request !12322
-
Douwe Maan authored
Fix 500 on failure to create a private group Closes #34068 See merge request !12394
-
Douwe Maan authored
-
Michael Kozono authored
Fixes #34068
-
Michael Kozono authored
-
Yorick Peterse authored
Improve `update_column_in_batches` migration helper Closes #34064 See merge request !12350
-
Phil Hughes authored
Remove extra symbol in notifications modal Closes #34219 See merge request !12417
-
Annabel Dunstone Gray authored
Limit the width of commit & snippet comment sections Closes #20920 See merge request !12088
-
Phil Hughes authored
-
Annabel Dunstone Gray authored
Limit the width of project READMEs Closes #20919 See merge request !12165
-
Phil Hughes authored
-
Annabel Dunstone Gray authored
-
Grzegorz Bizon authored
Update QA Dockerfile to use stable Chrome package Closes #33538 See merge request !12071
-
Phil Hughes authored
Make JavaScript tests fail for unhandled Promise rejections Closes #33845 and #33623 See merge request !12264
-
Winnie Hellmann authored
-
Toon Claes authored
In CE only the admin has access to all private groups & projects. In EE also an auditor can have full private access. To overcome merge conflicts, or accidental incorrect access rights, abstract this out in `User#full_private_access?`. `User#admin?` now only should be used for admin-only features. For private access-related features `User#full_private_access?` should be used. Backported from gitlab-org/gitlab-ee!2199
-
Tim Zallmann authored
hot reloading for .vue files Closes #33729 See merge request !12180
-
Phil Hughes authored
Add bootstrap_form gem See merge request !10985
-
Phil Hughes authored
Add padding to target branch container Closes #33992 See merge request !12353
-
Phil Hughes authored
Remove layout nav from scroll calculation Closes #33984 See merge request !12399
-
Phil Hughes authored
Fix offset for fixed nav Closes #34095 See merge request !12365
-
Annabel Dunstone Gray authored
-
Tim Zallmann authored
Refactor Notes into ES class syntax See merge request !12254
-
Sean McGivern authored
Remove unnecessary top padding on group MR index See merge request !12392
-
Phil Hughes authored
Fix mobile environment detail view Closes #34120 See merge request !12382
-
Annabel Dunstone Gray authored
-
Annabel Dunstone Gray authored
Added limited width container to project settings See merge request !12045
-
Annabel Dunstone Gray authored
Fix dropdown position for the new button on mobile for the top navbar Closes #34139 See merge request !12388
-