Age | Commit message (Collapse) | Author |
|
Closes #1815
|
|
project that has MRs disabled but issues enabled
Closes #1813
|
|
Closes #1705
|
|
`merge_requests_enabled`
|
|
disabled in project settings
Closes #1676
|
|
|
|
Restricted visibility levels - bug fix and new feature
This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903.
## Move configuration location
I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked:
![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png)
## Allow admins to override
To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level.
The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected.
Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level.
## TODO
* [x] Add more tests for restricted visibility functionality
cc @sytse @dzaporozhets
See merge request !1655
|
|
|
|
|
|
Allow authors and admins to update the visibility level of personal and
project snippets.
|
|
|
|
in app controller, user model and services.
|
|
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
* allow developers to manage labels
* add ability to remove label
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
per request project rules caching
|
|
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
This commit fixes a lot of sql queries to db for for groups and projects
with big amount of members.
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Group owners were not able to remove any users from their group if they were the only owner.
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Main purpose is move big amount of methods from user, group, project
models and place filtering logic in one place.
It also fixes 500 error on group page for PostgreSQL
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Fixed Group avatars to only display when user has read
permissions to at least one project in the group.
|
|
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
features for archive projects
abilities for archived project
other abilities for archive projects
only limit commits and merges for archived projects
ability changed to prohibited actions on archived projects
added spec and feature tests for archive projects
changed search bar not to include archived projects
|
|
Added visibility_level icons to project view (rather than just text).
Added public projects to search results.
Added ability to restrict visibility levels standard users can set.
|
|
Before we have only owner_id to determine group owner
With multiple owners per group we should get rid of owner_id in group.
So from now @group.owner will always be nil but
@group.owners return an actual array of users who can admin this group
|
|
* Hooks and team pages allowed only for masters/owners
* Group page allowed for admin
* Corrent authentication for Projects controller
* Hide some project elements from visitor
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authorize all teams to admin: fix 500 error on showing team page.
|
|
|
|
500 error was occured in the following steps:
1. user1 creates new team "team1".
2. Assign team1 to project1.
3. Sign in as admin. This admin is not a member of team1.
4. Open project1 team setting page (/project1/team).
5. Click "team1" link in "Assigned teams" area.
6. 500 error.
Fixed this issue.
|
|
|
|
Andrew8xx8-gist
Conflicts:
Gemfile.lock
app/models/ability.rb
app/models/project.rb
app/views/snippets/_form.html.haml
db/schema.rb
features/steps/shared/paths.rb
spec/factories.rb
spec/models/project_spec.rb
|
|
project
|
|
Internally public projects
|
|
See https://github.com/gitlabhq/gitlabhq/pull/3597#discussion-diff-4014638
|