| Age | Commit message (Collapse) | Author |
|---|
|
- Adds UI to configure in group and project settings
- Removes notification configuration for users when
disabled at group or project level
|
|
'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
|
|
API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.
|
|
These are not required because MySQL is not
supported anymore
|
|
|
|
|
|
All specs passing
|
|
|
|
Keep feature flag disabled by default and turn off
all functionality related to legacy triggers.
* Block legacy triggers from creating pipeline
* Highlight legacy triggers to be invalid via the UI
* Make legacy triggers invalid in the model
|
|
The current approach requires catching exceptions to handle these errors
and callers are already handling model validations so it seems more
appropriate. Also it seemed to convoluted to add this logic directly to
the model since the model needs to check too many possible associations
to determine whether or not there are more than one cluster since the
model doesn't know what it's being created on. Additionally we only
wanted to validate during create to avoid the risk of existing models
becoming invalid by many different edge cases.
|
|
|
|
|
|
GraphQL mutations for add, remove and toggle emoji
See merge request gitlab-org/gitlab-ce!29919
|
|
Adding new `AddAwardEmoji`, `RemoveAwardEmoji` and `ToggleAwardEmoji`
GraphQL mutations.
Adding new `#authorized_find_with_pre_checks!` and (unused, but for
completeness `#authorized_find_with_post_checks!`) authorization
methods. These allow us to perform an authorized find, and run our own
additional checks before or after the authorization runs.
https://gitlab.com/gitlab-org/gitlab-ce/issues/62826
|
|
Now we have terminals for instance and group clusters we can remove the
FF now. Deploying to instance clusters has been working without
complaints too.
|
|
Refactor code to allow multiple issue boards management for projects
in CE
|
|
This makes sure we also enforce authorizations for non-nullable
fields.
We are defining our authorizations on the unwrapped
types (Repository). But when a type like that is presented in a
non-nullable field, it's type is different (Repository!). The
non-nullable type would not have the authorization metadata.
This makes sure we check the metadata on the unwrapped type for
finding authorizations.
|
|
This commit adds
- feature specs
- to test the ability of a user with "developer" permission
to delete tags in repositories.
- documentation
|
|
Preventing blocked users and their PipelineSchdules from creating new Pipelines
Closes #47756
See merge request gitlab-org/gitlab-ce!27318
|
|
This brings the API permissions in line with the UI permissions
|
|
Add the missing check on GraphQL API for project statistics
|
|
Adds `set_issue_updated_at` similar to `set_issue_created_at`
permission and cleans up the related permission check in issues
API.
|
|
updated several specs and factories to accomodate new permissions
|
|
|
|
CE changes for SSO web enforcement
See merge request gitlab-org/gitlab-ce!28141
|
|
|
|
Try to simplify feature flag checks by using policies
|
|
Instance level clusters were already mostly supported, this change adds
admin area controllers for cluster CRUD
|
|
Adds two methods for us to extend in EE:
- OmniauthCallbacksController#link_identity
- GroupPolicy#lookup_access_level!
|
|
Just prevent support bots from using quick actions in EE
|
|
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.
Here is what changed:
- Revert the security fix from bdee9e8412d.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.
GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
|
|
This is now entirely handled by `create_note`:
1. Project snippets prevent `create_note`.
2. Uploads already only support routing for personal snippets.
This simplifies some policies and access checks, too!
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
Used to get the variables via the API endpoint
`/projects/:id/pipelines/:pipeline_id/variables`
Signed-off-by: Agustin Henze <tin@redhat.com>
|
|
Add columns to store project creation settings
Add project creation level column in groups
and default project creation column in application settings
Remove obsolete line from schema
Update migration with project_creation_level column existence check
Rename migrations to avoid conflicts
Update migration methods
Update migration method
|
|
This reverts merge request !26823
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
The api will proxy requests to the environment's prometheus server.
The Prometheus::ProxyService class can be reused when we add support for
group prometheus servers.
|
|
jarv/dev-to-gitlab-2019-04-02
|
|
As they do not have a permission to read git tag
|
|
|
|
We can extend the policy in EE for additional behavior
|
|
|
|
Fixes #56864
|
|
|
|
Add metadata about the GitLab server to GraphQL
See merge request gitlab-org/gitlab-ce!24636
|
|
|
|
|
|
|
|
|
