| Age | Commit message (Collapse) | Author |
|---|
|
In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a
project's `project_feature` association may be lazily loaded and hence
return `nil` if the entry is deleted if the `Project` is already loaded
in memory. To ensure we don't fail hard when this happens, assume all
features are disabled.
We can fix this issue by eager loading the `project_feature` in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we
shouldn't have to depend on that.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
|
|
Root namespaces have storage statistics.
This commit allows namespace owners to get those stats via GraphQL
queries like the following one
{
namespace(fullPath: "a_namespace_path") {
rootStorageStatistics {
storageSize
repositorySize
lfsObjectsSize
buildArtifactsSize
packagesSize
wikiSize
}
}
}
|
|
'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
|
|
|
|
These are not required because MySQL is not
supported anymore
|
|
This removes the create_wiki permission check from the history
controller, allowing show and history to have the same level of
permissions.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/29528
|
|
|
|
This setting is at the group level only. The default is specified to
be maintainers and owners.
**Specs only**, all failing.
|
|
|
|
|
|
- Migration updates existing groups to "owner", then sets default to
"maintainer" so that new groups will default to that
- Update spec examples
|
|
|
|
This setting is at the group level only. The default is specified to
be maintainers and owners.
**Specs only**, all failing.
|
|
|
|
Keep feature flag disabled by default and turn off
all functionality related to legacy triggers.
* Block legacy triggers from creating pipeline
* Highlight legacy triggers to be invalid via the UI
* Make legacy triggers invalid in the model
|
|
GraphQL mutations for add, remove and toggle emoji
See merge request gitlab-org/gitlab-ce!29919
|
|
Adding new `AddAwardEmoji`, `RemoveAwardEmoji` and `ToggleAwardEmoji`
GraphQL mutations.
Adding new `#authorized_find_with_pre_checks!` and (unused, but for
completeness `#authorized_find_with_post_checks!`) authorization
methods. These allow us to perform an authorized find, and run our own
additional checks before or after the authorization runs.
https://gitlab.com/gitlab-org/gitlab-ce/issues/62826
|
|
Now we have terminals for instance and group clusters we can remove the
FF now. Deploying to instance clusters has been working without
complaints too.
|
|
This commit adds
- feature specs
- to test the ability of a user with "developer" permission
to delete tags in repositories.
- documentation
|
|
This brings the API permissions in line with the UI permissions
|
|
Add the missing check on GraphQL API for project statistics
|
|
This exposes `Note`s on Issues & MergeRequests using a
`Types::Notes::NoteableType` in GraphQL.
Exposing notes on a new type can be done by implementing the
`NoteableType` interface on the type. The presented object should
be a `Noteable`.
|
|
Adds `set_issue_updated_at` similar to `set_issue_created_at`
permission and cleans up the related permission check in issues
API.
|
|
Try to simplify feature flag checks by using policies
|
|
There are two cluster hierarchies one for the deployment platform and
one for controllers. The main difference is that deployment platforms do
not check user permissions and only return the first match.
|
|
Instance level clusters were already mostly supported, this change adds
admin area controllers for cluster CRUD
|
|
This is step one of resolving
https://gitlab.com/gitlab-org/gitlab-ce/issues/56838.
Here is what changed:
- Revert the security fix from bdee9e8412d.
- Do not leak repository information (tag name, commit) to guests in API
responses.
- Do not include links to source code in API responses for users that do
not have download_code access.
- Show Releases in sidebar for guests.
- Do not display links to source code under Assets for users that do not
have download_code access.
GET ':id/releases/:tag_name' still do not allow guests to access
releases. This is to prevent guessing tag existence.
|
|
This is now entirely handled by `create_note`:
1. Project snippets prevent `create_note`.
2. Uploads already only support routing for personal snippets.
This simplifies some policies and access checks, too!
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
Used to get the variables via the API endpoint
`/projects/:id/pipelines/:pipeline_id/variables`
Signed-off-by: Agustin Henze <tin@redhat.com>
|
|
Add columns to store project creation settings
Add project creation level column in groups
and default project creation column in application settings
Remove obsolete line from schema
Update migration with project_creation_level column existence check
Rename migrations to avoid conflicts
Update migration methods
Update migration method
|
|
This reverts merge request !26823
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
Chnage method used in model to make it
more efficient database-wise
Add additional spec
|
|
jarv/dev-to-gitlab-2019-04-02
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
As they do not have a permission to read git tag
|
|
We can extend the policy in EE for additional behavior
|
|
|
|
|
|
Fixes #56864
|
|
This commit includes changes to add `UserAccess#can_create_branch?`
which will check whether the user is allowed to create a branch even
if it matches a protected branch.
This is used in `Gitlab::Checks::BranchCheck` when the branch name
matches a protected branch.
A `push_to_create_protected_branch` ability in `ProjectPolicy` has been
added to allow Developers and above to create protected branches.
|
|
|
|
|
|
|
|
|
|
|
