Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-03-27 | Factorize policy helpers into PolicyHelpers | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2019-03-27 | [CE] Reduce the diff with EE in spec/policies/project_policy_spec.rb | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2019-01-31 | Prevent comments by email when issue is locked | Heinrich Lee Yu | |
This changes the permission check so it uses the policy on Noteable instead of Project. This prevents bypassing of rules defined in Noteable for locked discussions and confidential issues. Also rechecks permissions when reply_to_discussion_id is provided since the discussion_id may be from a different noteable. | |||
2018-02-09 | Merge branch ↵ | Douwe Maan | |
'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4' [Port for security-10-4]: Makes SnippetFinder ensure feature visibility | |||
2017-12-22 | Replace '.team << [user, role]' with 'add_role(user)' in specs | blackst0ne | |
2017-08-03 | Change all `:empty_project` to `:project` | Robert Speicher | |
2017-07-27 | Remove superfluous lib: true, type: redis, service: true, models: true, ↵ | Rémy Coutable | |
services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-06-27 | convert all the policies to DeclarativePolicy | http://jneen.net/ | |
2017-06-27 | update the specs to not require a set to be returned | http://jneen.net/ | |
2017-06-14 | Correct RSpec/SingleLineHook cop offenses | Robert Speicher | |
2017-06-08 | Merge branch '25934-project-snippet-vis' into 'security-9-2' | DJ Mountney | |
Fix visibility when referencing snippets See merge request !2101 | |||
2017-05-10 | Merge branch 'snippets-finder-visibility' into 'security' | Douwe Maan | |
Refactor snippets finder & dont return internal snippets for external users See merge request !2094 | |||
2017-02-07 | More backport | Douwe Maan | |