Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-07-27 | Spec instance statistics | Bob Van Landuyt | |
2018-07-27 | Add read_instance_statistics global policy | Luke Bennett | |
2018-07-27 | Revert "Merge branch '41416-making-instance-wide-data-tools-more-accessible' ↵ | Sean McGivern | |
into 'master'" This reverts merge request !20679 | |||
2018-07-27 | Spec instance statistics | Bob Van Landuyt | |
2018-07-26 | Add read_instance_statistics global policy | Luke Bennett | |
2018-07-24 | Enable frozen string in presenters and policies | gfyoung | |
Enable frozen string in: * app/presenters * app/policies Partially addresses #47424. | |||
2018-05-10 | Allows `access_(git|api)` to anonymous users | Bob Van Landuyt | |
The `access_git` and `access_api` were currently never checked for anonymous users. And they would also be allowed access: An anonymous user can clone and pull from a public repo An anonymous user can request public information from the API So the policy didn't actually reflect what we were enforcing. | |||
2018-05-10 | Block access to API & git when terms are enforced | Bob Van Landuyt | |
When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms. | |||
2017-09-29 | moved fork checks into policies | Phil Hughes | |
2017-09-28 | Support custom attributes on users | Markus Koller | |
2017-08-01 | Allow logged in users to read user list under public restriction | Lin Jen-Shin (godfat) | |
2017-07-25 | Allow admin to read_users_list even if it's restricted | Lin Jen-Shin | |
2017-07-03 | Implement review comments for !12445 from @jneen. | Timothy Andrew | |
- Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` | |||
2017-06-30 | Merge remote-tracking branch 'origin/master' into ↵ | Timothy Andrew | |
34141-allow-unauthenticated-access-to-the-users-api - Modify policy code to work with the `DeclarativePolicy` refactor in 37c401433b76170f0150d70865f1f4584db01fa8. | |||
2017-06-30 | Implement review comments for !12445 from @godfat and @rymai. | Timothy Andrew | |
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE. | |||
2017-06-27 | convert all the policies to DeclarativePolicy | http://jneen.net/ | |
2017-06-15 | Rename "Slash commands" to "Quick actions" | Eric Eastwood | |
Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/27070 Deprecate "chat commands" in favor of "slash commands" We looked for things like: - `slash commmand` - `slash_command` - `slash-command` - `SlashCommand` | |||
2017-04-07 | Backport permissions and multi-line array to CE | Felipe Artur | |
2017-03-09 | use policies to protect sending email | http://jneen.net/ | |
2017-03-09 | use the policy stack to protect logins | http://jneen.net/ | |
2017-03-09 | add User#internal? and some global permissions | http://jneen.net/ | |
2016-08-30 | line break after guard clause | http://jneen.net/ | |
2016-08-30 | factor in global permissions | http://jneen.net/ | |