Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies
AgeCommit message (Collapse)Author
2019-12-16Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-12-12Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-12-10Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-12-06Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-30Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-26Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-12Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-08Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-07Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-07Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-11-06Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-29Improper access control allows the attacker to comment in internal commit ↵Charlie Ablett
after they are no longer admin
2019-10-29Merge branch 'security-developer-transfer-project' into 'master'GitLab Release Tools Bot
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3420
2019-10-23Change Note#to_ability_name to 'note'Dylan Griffith
This is to be more consistent as there is already a :read_note policy in NotePolicy. To keep other behaviour the same we've introduced a Note#noteable_ability_name that is used anywhere this was expected.
2019-10-17Add latest changes from gitlab-org/gitlab@masterlistGitLab Bot
2019-10-17Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-17Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-16Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-15Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-14Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-11Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-10Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-10-09Require maintainer permission to transfer projectsmanojmj
2019-10-02Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-09-30Add policy check if cross reference system notes are accessibleAlexandru Croitor
2019-09-30Filter not accessible label eventsJan Provaznik
Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events.
2019-09-26Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-09-18Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-09-13Add latest changes from gitlab-org/gitlab@masterGitLab Bot
2019-09-07Add method to authorize reading from prometheus proxyRyan Cobb
2019-09-06If user can't activate error tracking display a learn more button pointingManeschi Romain
to doc
2019-09-04Let project reporters create issue from group boardsFelipe Artur
The current state of group issue boards does not show the "Add issues" button on the UI for users that are reporters of group child projects.
2019-08-30Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqRobert Speicher
2019-08-30Merge branch 'security-2853-prevent-comments-on-private-mrs' into 'master'GitLab Release Tools Bot
Ensure only authorised users can create notes on merge requests and issues See merge request gitlab/gitlabhq!3137
2019-08-26Guard against deleted project feature entryStan Hu
In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a project's `project_feature` association may be lazily loaded and hence return `nil` if the entry is deleted if the `Project` is already loaded in memory. To ensure we don't fail hard when this happens, assume all features are disabled. We can fix this issue by eager loading the `project_feature` in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we shouldn't have to depend on that. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
2019-08-23Expose namespace storage statistics with GraphQLAlessio Caiazza
Root namespaces have storage statistics. This commit allows namespace owners to get those stats via GraphQL queries like the following one { namespace(fullPath: "a_namespace_path") { rootStorageStatistics { storageSize repositorySize lfsObjectsSize buildArtifactsSize packagesSize wikiSize } } }
2019-08-15Allow disabling group/project email notificationsBrett Walker
- Adds UI to configure in group and project settings - Removes notification configuration for users when disabled at group or project level
2019-08-14Merge remote-tracking branch ↵John T Skarbek
'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
2019-08-07Prevent unauthorised comments on merge requestsAlex Kalderimis
* Prevent creating notes on inaccessible MRs This applies the notes rules at the MR scope. Rather than adding extra rules to the Project level policy, preventing :create_note here is better since it only prevents creating notes on MRs. * Prevent creating notes in inaccessible Issues without this policy, non-team-members are allowed to comment on issues even when the project has the private-issues policy set. This means that without this change, users are allowed to comment on issues that they cannot read. * Add CHANGELOG entry
2019-08-05Add group level container repository endpointsSteve Abrams
API endpoints for requesting container repositories and container repositories with their tag information are enabled for users that want to specify the group containing the repository rather than the specific project.
2019-07-25Remove code related to object hierarchy in MySQLHeinrich Lee Yu
These are not required because MySQL is not supported anymore
2019-07-19Add policy to allow maintainers to create subgroups when enabledFabio Papa
2019-07-19Reset group policy to only allow >= owners to create subgroupsFabio Papa
2019-07-19Update the group policy to allow >= maintainer to create subgroupsFabio Papa
All specs passing
2019-07-19Restrict slash commands to users who can log inHordur Freyr Yngvason
2019-07-15Allow use of legacy triggers with feature flagFabio Pitino
Keep feature flag disabled by default and turn off all functionality related to legacy triggers. * Block legacy triggers from creating pipeline * Highlight legacy triggers to be invalid via the UI * Make legacy triggers invalid in the model
2019-07-11Refactor: model errors for multi cluster validationDylan Griffith
The current approach requires catching exceptions to handle these errors and callers are already handling model validations so it seems more appropriate. Also it seemed to convoluted to add this logic directly to the model since the model needs to check too many possible associations to determine whether or not there are more than one cluster since the model doesn't know what it's being created on. Additionally we only wanted to validate during create to avoid the risk of existing models becoming invalid by many different edge cases.
2019-07-03Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceMarin Jankovski
2019-07-03Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqMarin Jankovski
2019-06-28Merge branch '62826-graphql-emoji-mutations' into 'master'Jan Provaznik
GraphQL mutations for add, remove and toggle emoji See merge request gitlab-org/gitlab-ce!29919
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 22:05:16 +0300