summaryrefslogtreecommitdiff
path: root/app/controllers/dashboard
Commit message (Collapse)AuthorAgeFilesLines
* Todos sorting dropdownissue_18135Felipe Artur2016-08-191-0/+1
|
* Recover usage of Todos counter cache20842-todos-queries-cachePaco Guzman2016-08-121-2/+2
| | | | | | | We’re being kept up to date the counter data but we’re not using it. The only thing which is not real if is the number of projects that the user read changes the number of todos can be stale for some time. The counters will be sync just after the user receives a new todo or mark any as done
* Cache todos pending/done dashboard query countsPaco Guzman2016-07-121-4/+9
|
* Fix an information disclosure when requesting access to a group containing ↵Rémy Coutable2016-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Ensure Todos counters doesn't count Todos for projects pending deleteDouglas Barbosa Alexandre2016-06-171-13/+8
|
* Cache todo counters (pending/done)18034-cache-todo-counterPaco Guzman2016-06-171-4/+4
| | | | | | | - As todos are created/updated inside the TodoService we repopulate the cache just there for both pending/done todos - Todos as mark as done from the TodosController we update cache there too - All the added methods are kept in the User class for cohesion
* Merge branch 'meinac/gitlab-ce-change_deprecated_render_usage'Dmitriy Zaporozhets2016-05-181-2/+2
|\ | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * Change deprecated usage of rendering without response bodyMehmet Emin İNAÇ2016-03-161-2/+2
| | | | | | | | | | `render nothing: true` has been deprecated. For more information see [pr](https://github.com/rails/rails/pull/20336)
* | Merge branch '17249-starred' into 'master' Robert Speicher2016-05-111-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restrict starred projects to viewable ones `User#starred_projects` doesn't perform any visibility checks. This has a couple of problems: 1. It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.). 2. It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen. Add `User#viewable_starred_projects` to filter the starred projects by those the user either has explicit access to, or are public or internal. Then use that in all places where we list the user's starred projects. Closes #17249. See merge request !4108
| * | Restrict starred projects to viewable onesSean McGivern2016-05-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `User#starred_projects` doesn't perform any visibility checks. This has a couple of problems: 1. It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.). 2. It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen. Add `User#viewable_starred_projects` to filter the starred projects by those the user either has explicit access to, or are public or internal. Then use that in all places where we list the user's starred projects.
* | | Add to label :id to responseissue_15673Alfredo Sumaran2016-05-031-1/+1
|/ /
* | Add missing Dashboard::LabelsControllerRémy Coutable2016-03-231-0/+9
| |
* | Use respond_to instead of a conditional to paginate milestonesRémy Coutable2016-03-231-3/+4
| |
* | Fix an issue causing the Dashboard/Milestones page to be blankRémy Coutable2016-03-232-6/+12
| |
* | Use the configured Kaminari "per page" defaultrs-use-kaminari-defaultRobert Speicher2016-03-194-5/+5
| |
* | Use todo.done without ! in the controller to mark todo as doneDouglas Barbosa Alexandre2016-03-181-2/+2
| |
* | Mark all as done through AJAXPhil Hughes2016-03-171-0/+4
| |
* | Removed the flash success messagePhil Hughes2016-03-171-2/+2
| | | | | | | | Removes the group if empty
* | Adds small AJAX optimistic functionality to todos.Jacob Schatz2016-03-171-1/+6
|/ | | | | Fixes #13656 A good first step and boring solution.
* Allow filtered dashboard/explore results to be paged. Fixes #14104fix-filtered-paginationJosh Frye2016-03-091-2/+2
|
* Add option to show archived projects on dahsboardDmitriy Zaporozhets2016-03-041-16/+8
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Revert "Revert "Sort starred projects on dashboard based on last activity by ↵sort-starred-projectsDmitriy Zaporozhets2016-03-031-1/+1
| | | | | | default"" This reverts commit 617bb1096deb1fb5dea66d04b9bbd7da0dfb57ba.
* Revert "Sort starred projects on dashboard based on last activity by default"Dmitriy Zaporozhets2016-03-031-1/+1
| | | | This reverts commit 70d6455284717f938016b1e1b569e0d0dadb11fc.
* Sort starred projects on dashboard based on last activity by defaultDmitriy Zaporozhets2016-03-031-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Don't show "Welcome to GitLab" when the search didn't return any projectsRémy Coutable2016-03-021-2/+2
|
* Does not raise an error when Todo is already marked as doneDouglas Barbosa Alexandre2016-02-231-1/+1
|
* Use before_action instead of before_filterDouglas Barbosa Alexandre2016-02-211-1/+1
|
* Add "Mark all as done" buttonDouwe Maan2016-02-201-1/+15
|
* Fix rubucop offensesDouglas Barbosa Alexandre2016-02-201-2/+0
|
* Rename Tasks to TodosDouglas Barbosa Alexandre2016-02-202-21/+23
|
* Add filters by project, author, type, and action to task queue page listDouglas Barbosa Alexandre2016-02-201-7/+1
|
* Fix rubocop offensesDouglas Barbosa Alexandre2016-02-201-5/+5
|
* Remove task abilities, since we will only ever show the user their ownDouglas Barbosa Alexandre2016-02-201-8/+0
|
* Add pending tasks badge on top right next to the new and logout buttonDouglas Barbosa Alexandre2016-02-201-3/+0
|
* Allow user to mark each task as done manuallyDouglas Barbosa Alexandre2016-02-201-0/+23
|
* Add tasks queue list pageDouglas Barbosa Alexandre2016-02-201-0/+15
|
* MR feedbackJosh Frye2016-02-091-2/+2
|
* Extract events rendering to own action.Josh Frye2016-02-091-2/+2
|
* Fix double pagingJosh Frye2016-02-051-1/+1
|
* Various filter fixesJosh Frye2016-02-041-3/+11
|
* Paginate + ajax filter dashboard projectsJosh Frye2016-02-041-0/+12
|
* Page project list on dashboardJosh Frye2016-02-041-0/+2
|
* Add sort dropdown to dashboard projects pagedashboard-sort-dropdownDmitriy Zaporozhets2016-02-031-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Don't pluck project IDs for eventsYorick Peterse2016-01-261-1/+1
| | | | | By instead using a sub-query we save ourselves the overhead of loading any data into memory only to pass it on to another query.
* Fixed Rubocop offensesGabriel Mazetto2015-12-151-1/+2
|
* Refactor global and group milestones logicDmitriy Zaporozhets2015-11-161-22/+7
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add last push widget to starred projects dashboardDrew Blessing2015-10-011-0/+1
|
* Clean up overlap between dashboard and explore.Douwe Maan2015-09-082-0/+25
| | | | | - Split up SnippetsController into separate dashboard and explore sections. - Use consistent page titles, header titles and sidebars between dashboard and explore sections when signed in or not.
* Add helpers for header title and sidebar, and move setting those from ↵Douwe Maan2015-05-011-9/+1
| | | | controllers to layouts.
* Add a page title to every page.Douwe Maan2015-04-304-3/+14
|
View Lorry Controller Status