- 05 Jul, 2017 14 commits
-
-
Douwe Maan authored
Add a license check for group-webhooks Closes #2576 See merge request !2280
-
Sean McGivern authored
Fix spec failure for squash in progress error handling See merge request !2343
-
Annabel Dunstone Gray authored
Fixed admin sidebar not showing all options in new navigation See merge request !2334
-
Annabel Dunstone Gray authored
Port of 32838-admin-panel-spacing to EE See merge request !2264
-
Annabel Dunstone Gray authored
Show loading icon when retrieving Geo node status Closes #1977 See merge request !2309
-
Douwe Maan authored
Resolve EE conflicts for "Fix API Scoping" See merge request !2338
-
Toon Claes authored
-
Bob Van Landuyt authored
Similar to how we check project features.
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
- Hide the `webhooks` link from the group-settings page - All group-webhooks-pages render a 404 - Don't execute webhooks if the feature is disabled
-
Bob Van Landuyt authored
-
Sean McGivern authored
EE Port: Honor the "Remember me" parameter for OAuth-based login See merge request !2175
-
James Edwards-Jones authored
-
Timothy Andrew authored
- There were conflicting changes in `master` that were fixed in 94258a65. This made rebasing the commits from gitlab-ce!12300 problematic, due to conflicts. - Instead, I squashed all !12300 commits into a single commit, and cherry-picked that onto 33580-fix-api-scoping-ee, which resulted in this commit. Original commit messages below ============================== Initial attempt at refactoring API scope declarations. - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set. Allow API scope declarations to be applied conditionally. - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests. Test `/users` endpoints for the `read_user` scope. - Test `GET` endpoints to check that the scope is allowed. - Test `POST` endpoints to check that the scope is disallowed. - Test both `v3` and `v4` endpoints. When verifying scopes, manually include scopes from `API::API`. - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases. Test OAuth token scope verification in the `API::Users` endpoint Add CHANGELOG entry for CE MR 12300 Fix remaining spec failures for !12300. 1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing Implement review comments from @dbalexandre for !12300. Implement review comments from @DouweM for !12300. - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`. Extract a `Gitlab::Scope` class. - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. `AccessTokenValidationService` accepts `String` or `API::Scope` scopes. - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. Fix build for !12300. - The `/users` and `/users/:id` APIs are now accessible without authentication (!12445), and so scopes are not relevant for these endpoints. - Previously, we were testing our scope declaration against these two methods. This commit moves these tests to other `GET` user endpoints which still require authentication.
-
- 04 Jul, 2017 26 commits
-
-
Douwe Maan authored
Check license for milestones on issue boards Closes #2568 See merge request !2315
-
Douwe Maan authored
Introduce namespace license checks for Push Rules (EES) Closes #2573 See merge request !2335
-
Marcia Ramos authored
Clarify when Code Quality shows in MR widget Closes #2782 See merge request !2298
-
Douwe Maan authored
Namespace license checks Issue & MR template Closes #2580 See merge request !2321
-
Nick Thomas authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
And separate EE/CE for board.rb
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Timothy Andrew authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Douwe Maan authored
Introduce namespace license checks for merge request approvers (EES) Closes #2566 See merge request !2324
-
Douwe Maan authored
# Conflicts: # app/models/license.rb
-
Douwe Maan authored
Hide Focus mode button if feature not available in license Closes #2569 See merge request !2303
-
Douwe Maan authored
Namespace license checks for Contribution Analytics (EES) Closes #2579 See merge request !2302
-
Rémy Coutable authored
Fix EE conflicts for "Allow unauthenticated access to the `/api/v4/users` API" See merge request !2247
-
Timothy Andrew authored
-
Phil Hughes authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Toon Claes authored
When the Issuable Default Template feature is not available, do not show the input form to configure the Issue & MR templates on the Settings page.
-
Toon Claes authored
Only when the Issuable Default Templates feature is available, fill in the description from settings when building a new MR.
-