diff options
| -rw-r--r-- | PROCESS.md | 4 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 2 | ||||
| -rw-r--r-- | doc/api/README.md | 8 | ||||
| -rw-r--r-- | doc/api/branches.md | 4 | ||||
| -rw-r--r-- | doc/api/merge_requests.md | 4 | ||||
| -rw-r--r-- | doc/api/project_snippets.md | 2 | ||||
| -rw-r--r-- | doc/api/system_hooks.md | 2 | ||||
| -rw-r--r-- | doc/api/users.md | 6 | ||||
| -rw-r--r-- | doc/permissions/permissions.md | 1 | ||||
| -rw-r--r-- | lib/api/labels.rb | 3 |
10 files changed, 20 insertions, 16 deletions
diff --git a/PROCESS.md b/PROCESS.md index a6ff62a9a69..c986013e2f2 100644 --- a/PROCESS.md +++ b/PROCESS.md @@ -34,7 +34,7 @@ The most important thing is making sure valid issues receive feedback from the d ## Workflow labels -Workflow labels are purposely not very detailed since that would be hard to keep updated as you would need to reevaluate them after every comment. We optionally use functional labels on demand when want to group related issues to get an overview (for example all issues related to RVM, to tackle them in one go) and to add details to the issue. +Workflow labels are purposely not very detailed since that would be hard to keep updated as you would need to re-evaluate them after every comment. We optionally use functional labels on demand when want to group related issues to get an overview (for example all issues related to RVM, to tackle them in one go) and to add details to the issue. - *Awaiting feedback*: Feedback pending from the reporter - *Awaiting confirmation of fix*: The issue should already be solved in **master** (generally you can avoid this workflow item and just close the issue right away) @@ -61,7 +61,7 @@ If an issue is complex and needs the attention of a specific person, assignment ## Be kind -Be kind to people trying to contribute. Be aware that people can be a non-native or a native English speaker, they might not understand thing or they might be very sensitive to how your word things. Use emoji to express your feelings (heart, star, smile, etc.). Some good tips about giving feedback to merge requests is in the [Thoughtbot code review guide](https://github.com/thoughtbot/guides/tree/master/code-review). +Be kind to people trying to contribute. Be aware that people may be a non-native English speaker, they might not understand things or they might be very sensitive as to how you word things. Use Emoji to express your feelings (heart, star, smile, etc.). Some good tips about giving feedback to merge requests is in the [Thoughtbot code review guide](https://github.com/thoughtbot/guides/tree/master/code-review). ## Copy & paste responses diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 49e35d5bb68..136622c65a2 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -133,7 +133,7 @@ Settings.backup['path'] = File.expand_path(Settings.backup['path'] || "t # Git # Settings['git'] ||= Settingslogic.new({}) -Settings.git['max_size'] ||= 5242880 # 5.megabytes +Settings.git['max_size'] ||= 20971520 # 20.megabytes Settings.git['bin_path'] ||= '/usr/bin/git' Settings.git['timeout'] ||= 10 diff --git a/doc/api/README.md b/doc/api/README.md index 44e95ed8258..ababb7b6999 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -31,7 +31,7 @@ ## Introduction -All API requests require authentication. You need to pass a `private_token` parameter by url or header. If passed as header, the header name must be "PRIVATE-TOKEN" (capital and with dash instead of underscore). You can find or reset your private token in your profile. +All API requests require authentication. You need to pass a `private_token` parameter by URL or header. If passed as header, the header name must be "PRIVATE-TOKEN" (capital and with dash instead of underscore). You can find or reset your private token in your profile. If no, or an invalid, `private_token` is provided then an error message will be returned with status code 401: @@ -65,14 +65,14 @@ API request types: - `GET` requests access one or more resources and return the result as JSON - `POST` requests return `201 Created` if the resource is successfully created and return the newly created resource as JSON -- `GET`, `PUT` and `DELETE` return `200 Ok` if the resource is accessed, modified or deleted successfully, the (modified) result is returned as JSON -- `DELETE` requests are designed to be idempotent, meaning a request a resource still returns `200 Ok` even it was deleted before or is not available. The reasoning behind it is the user is not really interested if the resource existed before or not. +- `GET`, `PUT` and `DELETE` return `200 OK` if the resource is accessed, modified or deleted successfully, the (modified) result is returned as JSON +- `DELETE` requests are designed to be idempotent, meaning a request a resource still returns `200 OK` even it was deleted before or is not available. The reasoning behind it is the user is not really interested if the resource existed before or not. The following list shows the possible return codes for API requests. Return values: -- `200 Ok` - The `GET`, `PUT` or `DELETE` request was successful, the resource(s) itself is returned as JSON +- `200 OK` - The `GET`, `PUT` or `DELETE` request was successful, the resource(s) itself is returned as JSON - `201 Created` - The `POST` request was successful and the resource is returned as JSON - `400 Bad Request` - A required attribute of the API request is missing, e.g. the title of an issue is not given - `401 Unauthorized` - The user is not authenticated, a valid user token is necessary, see above diff --git a/doc/api/branches.md b/doc/api/branches.md index 090287133ce..763dea6cfb5 100644 --- a/doc/api/branches.md +++ b/doc/api/branches.md @@ -85,7 +85,7 @@ Parameters: ## Protect repository branch Protects a single project repository branch. This is an idempotent function, protecting an already -protected repository branch still returns a `200 Ok` status code. +protected repository branch still returns a `200 OK` status code. ``` PUT /projects/:id/repository/branches/:branch/protect @@ -126,7 +126,7 @@ Parameters: ## Unprotect repository branch Unprotects a single project repository branch. This is an idempotent function, unprotecting an already -unprotected repository branch still returns a `200 Ok` status code. +unprotected repository branch still returns a `200 OK` status code. ``` PUT /projects/:id/repository/branches/:branch/unprotect diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md index 230f572fc3b..3616e29ef7c 100644 --- a/doc/api/merge_requests.md +++ b/doc/api/merge_requests.md @@ -196,13 +196,13 @@ If an error occurs, an error number and a message explaining the reason is retur Merge changes submitted with MR using this API. -If merge success you get 200 OK. +If merge success you get `200 OK`. If it has some conflicts and can not be merged - you get 405 and error message 'Branch cannot be merged' If merge request is already merged or closed - you get 405 and error message 'Method Not Allowed' -If you dont have permissions to accept this merge request - you get 401 +If you don't have permissions to accept this merge request - you'll get a 401 ``` PUT /projects/:id/merge_request/:merge_request_id/merge diff --git a/doc/api/project_snippets.md b/doc/api/project_snippets.md index 47c81b6446c..50e134847c0 100644 --- a/doc/api/project_snippets.md +++ b/doc/api/project_snippets.md @@ -78,7 +78,7 @@ Parameters: ## Delete snippet Deletes an existing project snippet. This is an idempotent function and deleting a non-existent -snippet still returns a `200 Ok` status code. +snippet still returns a `200 OK` status code. ``` DELETE /projects/:id/snippets/:snippet_id diff --git a/doc/api/system_hooks.md b/doc/api/system_hooks.md index 6483a73c7ec..f9637d8a6c4 100644 --- a/doc/api/system_hooks.md +++ b/doc/api/system_hooks.md @@ -59,7 +59,7 @@ Parameters: ## Delete system hook -Deletes a system hook. This is an idempotent API function and returns `200 Ok` even if the hook is not available. If the hook is deleted it is also returned as JSON. +Deletes a system hook. This is an idempotent API function and returns `200 OK` even if the hook is not available. If the hook is deleted it is also returned as JSON. ``` DELETE /hooks/:id diff --git a/doc/api/users.md b/doc/api/users.md index 57078353fd0..3fdd3a75e88 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -202,7 +202,7 @@ e.g. when renaming the email address to some existing one. Deletes a user. Available only for administrators. This is an idempotent function, calling this function for a non-existent user id -still returns a status code `200 Ok`. +still returns a status code `200 OK`. The JSON response differs if the user was actually deleted or not. In the former the user is returned and in the latter not. @@ -336,7 +336,7 @@ Will return created key with status `201 Created` on success, or `404 Not found` Deletes key owned by currently authenticated user. This is an idempotent function and calling it on a key that is already deleted -or not available results in `200 Ok`. +or not available results in `200 OK`. ``` DELETE /user/keys/:id @@ -359,4 +359,4 @@ Parameters: - `uid` (required) - id of specified user - `id` (required) - SSH key ID -Will return `200 Ok` on success, or `404 Not found` if either user or key cannot be found. +Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found. diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md index 29fe521b4d1..db22b7dbe56 100644 --- a/doc/permissions/permissions.md +++ b/doc/permissions/permissions.md @@ -23,6 +23,7 @@ If a user is a GitLab administrator they receive all permissions. | Add tags | | | ✓ | ✓ | ✓ | | Write a wiki | | | ✓ | ✓ | ✓ | | Manage issue tracker | | | ✓ | ✓ | ✓ | +| Manage labels | | | ✓ | ✓ | ✓ | | Create new milestones | | | | ✓ | ✓ | | Add new team members | | | | ✓ | ✓ | | Push to protected branches | | | | ✓ | ✓ | diff --git a/lib/api/labels.rb b/lib/api/labels.rb index c73a4dbe916..d1684b2293c 100644 --- a/lib/api/labels.rb +++ b/lib/api/labels.rb @@ -24,6 +24,7 @@ module API # Example Request: # POST /projects/:id/labels post ':id/labels' do + authorize! :admin_label, user_project required_attributes! [:name, :color] attrs = attributes_for_keys [:name, :color] @@ -51,6 +52,7 @@ module API # Example Request: # DELETE /projects/:id/labels delete ':id/labels' do + authorize! :admin_label, user_project required_attributes! [:name] label = user_project.find_label(params[:name]) @@ -71,6 +73,7 @@ module API # Example Request: # PUT /projects/:id/labels put ':id/labels' do + authorize! :admin_label, user_project required_attributes! [:name] label = user_project.find_label(params[:name]) |