| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|\
| |
| |
| | |
fix/persistent-import-data
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow developers to merge into a protected branch without having push access
## What does this MR do?
Adds a "Developers can merge" checkbox to protected branches much like the "Developers can push" checkbox. When the checkbox is enabled, a developer can merge MRs into that protected branch from the Web UI and from the command-line (any push that is entirely composed of merge commits is allowed).
## Are there points in the code the reviewer needs to double check?
- This MR refactors the `GitAccess` module, moving parts of it to `UserAccess` and the new `ChangeAccessCheck`.
- This MR refactors `GitAccessSpec`, which generates a "matrix" of tests.
- The main logic "developers can merge" should be straightforward enough.
- The commits are fairly atomic, and the commit messages are descriptive regarding the motivations behind every change.
## Why was this MR needed?
A significant portion of this feature was implemented in !4220 (thanks, @mvestergaard!) ; I'm wrapping it up.
## What are the relevant issue numbers?
#18193
Closes #967
## Screenshots
![1](/uploads/c636e88ba38628211754e7cf122b0dc4/1.png)
![2](/uploads/5ed1e7917e2f36853a479faa565b022a/2.png)
![3](/uploads/0d202ba42e8dc6aade7bc6ac8db41ee6/3.png)
## TODO
- [ ] #18193 !4892 Add "developers can merge" as an option for protected branches
- [x] Review existing code
- [x] Fix build
- [x] Implementation / refactoring
- [x] Clean up `GitAccess`
- [x] Clean up `protected_branches.js.coffee`
- [x] Figure out authorization issue
- If we try to merge code into a protected branch for a user who doesn't have access to that branch, an auth check will fail
- We need to get around this, somehow
- [x] Try detecting merge commits and allowing those
- [x] A push with regular commits _and_ merge commits should fail
- [x] Figure out a solution
- [x] Extensive tests for `MergeCommitCheck`
- [x] Add tests
- [x] Untested parts of original MR
- [x] Improve the checks in `/allowed`
- @dzaporozhets's proposal:
- commits in push == commits in merge request
- branch to push == target branch of merge request
- merge request has required amount of approves (ee only)
- merge commit in push == merge commit we created when merged via UI
- save merge commit sha in database and compare with `newrev`
- my proposal
- /allowed finds all open merge requests with the appropriate target branch
- For each MR, compare the commit SHAs in the MR to the commit SHAs in the change set
- If we have a match, compare the diff of the matching MR to the diff of the change set
- If we still have a match, the merge is legit
- [x] Wait for replies on my proposal
- [x] Pick a strategy
- [x] Implementation
- [x] Save `in_progress_merge_commit_sha`
- [x] Check `in_progress_merge_commit_sha`
- [x] Clear `in_progress_merge_commit_sha`
- [x] Test / refactor
- [x] Merge conflicts
- [x] Verify workflows
- [x] Developer with 'developer can merge' on:
- [x] Can merge an MR from the Web UI
- [x] Error message for conflicts in the Web UI
- [x] Cannot merge an MR from the command line (HTTP)
- [x] Cannot merge an MR from the command line (SSH)
- [x] Cannot modify the branch otherwise
- [x] Developer with 'developer can merge' off:
- [x] Cannot merge an MR from the Web UI
- [x] Error message for conflicts in the Web UI
- [x] Cannot merge an MR from the command line (HTTP)
- [x] Cannot merge an MR from the command line (SSH)
- [x] Cannot modify the branch otherwise
- [x] New projects created could have have "Developers can merge" turned on automatically for the default branch
- [x] CHANGELOG
- [x] Fix build
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/42624e3d53754064186d4ae9048e310d1d3eed0b/builds) to pass
- [x] Screenshots
- [x] Assign to endboss
- [x] Respond to @dbalexandre's comments
- [x] Duplicated line, this is equals to line 26.
- [x] We aren't using any of these helpers in this migration, we can remove the include.
- [x] What do you think to add a default value for this column to avoid the Three-state Boolean Problem?
- [x] group all checks under Gitlab::Checks
- [x] You have a default value for developers_can_merge column, but your migration doesn't add it.
- [x] What do you think to rename Partially protected to anything else?
- [x] Fix conflicts
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/b1cfd42f20a78fd7f844288954e97cff32962e20/builds) passes
- [ ] Wait for merge
See merge request !4892
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. Fix typos, minor styling errors.
2. Use single quotes rather than double quotes in `user_access_spec`.
3. Test formatting.
|
| | |
| | |
| | |
| | |
| | | |
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4892#note_12892160
- This is more consistent.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
1. If they are a developer with "Developers can Merge" switched on.
|
| | |
| | |
| | |
| | |
| | |
| | | |
- Only send a param for the currently changed checkbox.
- Have the controller use strong parameters correctly, so that the PATCH
works as expected.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. Don't use case statements for dispatch anymore. This leads to a lot
of duplication, and makes the logic harder to follow.
2. Remove duplicated logic.
- For example, the `can_push_to_branch?` exists, but we also have a
different way of checking the same condition within `change_access_check`.
- This kind of duplication is removed, and the `can_push_to_branch?`
method is used in both places.
3. Move checks returning true/false to `UserAccess`.
- All public methods in `GitAccess` now return an instance of
`GitAccessStatus`. Previously, some methods would return
true/false as well, which was confusing.
- It makes sense for these kinds of checks to be at the level of a
user, so the `UserAccess` class was repurposed for this. The prior
`UserAccess.allowed?` classmethod is converted into an instance
method.
- All external uses of these checks have been migrated to use the
`UserAccess` class
4. Move the "change_access_check" into a separate class.
- Create the `GitAccess::ChangeAccessCheck` class to run these
checks, which are quite substantial.
- `ChangeAccessCheck` returns an instance of `GitAccessStatus` as
well.
5. Break out the boolean logic in `ChangeAccessCheck` into `if/else`
chains - this seems more readable.
6. I can understand that this might look like overkill for !4892, but I
think this is a good opportunity to clean it up.
- http://martinfowler.com/bliki/OpportunisticRefactoring.html
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. When a merge request is being merged, save the merge commit SHA in
the `in_progress_merge_commit_sha` database column.
2. The `pre-receive` hook looks for any locked (in progress) merge
request with `in_progress_merge_commit_sha` matching the `newrev` it
is passed.
3. If it finds a matching MR, the merge is legitimate.
4. Update `git_access_spec` to test the behaviour we added here. Also
refactored this spec a bit to make it easier to add more contexts / conditions.
|
| | |
| | |
| | |
| | |
| | | |
- Cherry-picked from `mvestergaard:branch-protection-dev-merge`
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4220
|
| |\ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ObjectRenderer doesn't crash when no objects to cache with Rails.cache.read_multi
## What does this MR do?
Avoid calls to Rails.cache.read_multi without cache keys so it doesn't raise an exception
## What are the relevant issue numbers?
Closes #19766
## Does this MR meet the acceptance criteria?
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added. I considered is not needed is a fix over a RC
- ~~[ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- ~~[ ] API support added~~
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5229
|
| | |
| | |
| | |
| | | |
Rails.cache.read_multi
|
| |\ \
| | |/ |
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Render inline diffs for multiple changed lines following eachother
Before:
![Screen_Shot_2016-07-11_at_00.08.27](/uploads/b14664211e0f5cef6e77a78eadfcbcdf/Screen_Shot_2016-07-11_at_00.08.27.png)
After:
![Screen_Shot_2016-07-11_at_00.07.34](/uploads/567be631869a4867a2edf6ff7eda6369/Screen_Shot_2016-07-11_at_00.07.34.png)
See merge request !5174
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .
This change adds 'defense in depth' against 'Host' HTTP header
injection. It affects normal users in the following way. Suppose your
GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
Currently, if you enter 1.2.3.4 in your browser, you get redirected to
1.2.3.4/users/sign_in. After this change, you get redirected from
1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
address you typed in the address bar of your browser ('1.2.3.4'),
which gets stored in the 'Host' header, is now being overwritten to
'gitlab.example.com' in NGINX.
In this change we also make NGINX clear the 'X-Forwarded-Host' header
because Ruby on Rails also uses that header the same wayas the 'Host'
header.
We think that for most GitLab servers this is the right behavior, and
if not then administrators can change this behavior themselves at the
NGINX level.
|
| | |\ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
'master'
Delete award emoji when deleting a user
## What does this MR do?
Fix the problem where a user's award emoji aren't deleted when the user is deleted.
## Are there points in the code the reviewer needs to double check?
The corresponding SELECT for the migration runs in 0.3s on staging, but I can't test the delete there or on production easily. It should be reasonably quick.
## Why was this MR needed?
There was a typo in an association :scream:
## What are the relevant issue numbers?
Closes #19693.
## Screenshots (if relevant)
Nope.
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- ~~API support added~~
- Tests
- ~~Added for this feature/bug~~
- [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5216
|
| | | | | | |
|
| | |\ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change running status color to blue; update icon to spinner
## What does this MR do?
Changes running status color to blue
Updates icon to spinner to differentiate from `pending`
## What are the relevant issue numbers?
Closes #17702
Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/18920
## Screenshots (if relevant)
![Screen_Shot_2016-07-12_at_4.34.48_PM](/uploads/8f6bb36a7a8fe99db1ec1ef8e9db6388/Screen_Shot_2016-07-12_at_4.34.48_PM.png)
See merge request !5222
|
| | | | | | | |
|
| | |/ / / / |
|
| | |\ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add margin to filter labels
## What does this MR do?
Adds margin to filter labels
## Why was this MR needed?
It was pretty ugly before
## What are the relevant issue numbers?
Closes #19708
## Screenshots (if relevant)
![Screen_Shot_2016-07-11_at_4.42.05_PM](/uploads/55c049e442a16a06c14bb9394137cc87/Screen_Shot_2016-07-11_at_4.42.05_PM.png)
See merge request !5194
|
| | | | | | | |
|
| | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Update header block class on snippets page
## What does this MR do?
Changes gray block in `Snippets` to new white sub header style
## What are the relevant issue numbers?
Closes #19692
## Screenshots (if relevant)
![Screen_Shot_2016-07-11_at_4.17.10_PM](/uploads/f4cea2d019d30fc7c6adc7e3b26590b4/Screen_Shot_2016-07-11_at_4.17.10_PM.png)
See merge request !5192
|
| | | |/ / / / |
|
| | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Resolve "Design updates for Builds & Pipelines"
## What does this MR do?
Updates pipelines design
## What are the relevant issue numbers?
Part of #18920
Closes #17760
Closes #18479
Closes #19618
## Screenshots (if relevant)
![Screen_Shot_2016-07-11_at_2.44.22_PM](/uploads/5048928d86093802d84c3bd7f7c5dc85/Screen_Shot_2016-07-11_at_2.44.22_PM.png)
![Screen_Shot_2016-07-11_at_2.32.17_PM](/uploads/a7ab94c8042d33bd06ef633f62bf1c99/Screen_Shot_2016-07-11_at_2.32.17_PM.png)
![Screen_Shot_2016-07-11_at_2.44.43_PM](/uploads/8aa63229ad75d373c30f342d5c86c007/Screen_Shot_2016-07-11_at_2.44.43_PM.png)
See merge request !5156
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
pipeline layout
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
avatar to commit column
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
section in pipelines
|
| | |\ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Use number_with_delimiter for Todos pending/done tab counts
See merge request !5199
|
| | | | | | | | | |
|
| | |\ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Avoid `describe`-ing symbols in specs
See merge request !5195
|
| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \
| | | |_|/ / / / / /
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change new pipeline to run pipeline
## What does this MR do?
Change text of button from `New pipeline` to `Run pipeline`
## What are the relevant issue numbers?
Closes #18935
Part of #18920
## Screenshots (if relevant)
![Screen_Shot_2016-07-06_at_12.15.36_PM](/uploads/2e0413b802118781dc5a29c7f1c105b8/Screen_Shot_2016-07-06_at_12.15.36_PM.png)
See merge request !5119
|
| | | | | | | | | | |
|