summaryrefslogtreecommitdiff
path: root/app/controllers/projects
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'security-fix-badges-leaked-to-unauthorized-users-11-11' into ↵GitLab Release Tools Bot2019-07-241-1/+2
|\ | | | | | | | | | | | | '11-11-stable' Don't display badges when builds are restricted See merge request gitlab/gitlabhq!3186
| * Don't display badges when builds are restrictedFabio Pitino2019-06-271-1/+2
| | | | | | | | | | | | | | | | Badges were leaked to unauthorized users even when Public Builds project setting is disabled. Added guard clause to the controller to check if user can read build.
* | Merge branch 'security-mr-pipeline-permissions-11-11' into '11-11-stable'GitLab Release Tools Bot2019-07-242-2/+3
|\ \ | | | | | | | | | | | | MR pipeline permissions See merge request gitlab/gitlabhq!3217
| * | Use MergeRequest#source_project as permissions reference for ↵drew cimino2019-07-052-2/+3
| |/ | | | | | | | | | | | | | | | | | | MergeRequest#all_pipelines MergeRequest#all_pipelines fetches Ci::Pipeline records from the source project, so we should specifically check that project for permissions. This was already happening for intra-project merge requests, but in the event that the target and source projects both have private builds, we should ensure that the project permissions are respected.
* | Drop feature to take ownership of a trigger tokenFabio Pitino2019-07-101-11/+1
|/ | | | | | | Removing API and frontend interactions that allowed users to take ownership of a trigger token. Removed mentions from the documentation.
* Authorize access before serving project templateLuke Duncalfe2019-06-122-2/+20
| | | | | | | | | | | | | | | | | | | | | Previously, if a user was a guest member of a private project, they could access the merge request template as we were not checking permission-levels of the user. When a issue template is asked for, the user must have :read_issue for the project; or :read_merge_request when a merge request template is asked for. We also now rescue_from FileNotFoundError and handle as 404. This is because RepoTemplateFinder can raise a FileNotFoundError exception, which Rails previously handled as a 500. Handling these in a way that is consistent with ActiveRecord::RecordNotFound exceptions, within controllers that inherit from Projects::ApplicationController at least, and returning a 404. https://gitlab.com/gitlab-org/gitlab-ce/issues/54943
* Fix the overriding of EE import paramsIgor Drozdov2019-05-291-1/+11
|
* Hide password on import by url formIgor Drozdov2019-05-211-9/+2
|
* Add external dashboard linkAdriel Santiago2019-05-072-0/+5
| | | | | Add settings for linking to external dashboard from metrics dashboard
* Destroy repo mirrors instead of disabling themLuke Bennett2019-05-061-0/+1
| | | | | | | | It is important to destroy data related to repo mirrors when they are disabled. Use `_destroy` nested attribute instead of `enabled` for push mirrors. Call `remove_import_data` after saving a project if its pull mirror is disabled.
* Implement support for CI variables of type fileKrasimir Angelov2019-05-063-3/+3
| | | | | | | | | Add env_var and file as supported types for CI variables. Variables of type file expose to users existing gitlab-runner behaviour - save variable value into a temp file and set the path to this file in an ENV var named after the variable key. Resolves https://gitlab.com/gitlab-org/gitlab-ce/issues/46806.
* Adds a way to start multiple manual jobs in stageMayra Cabrera2019-05-021-0/+25
| | | | | | | | | | - Adds an endpoint on PipelinesController - Adds a service that iterates over every build in a stage and plays it. - Includes 'play_manual' details on EntitySerializer - Builds a new Stage state: PlayManual. An stage can take this status if it has manual builds or an skipped, scheduled or manual status - Includes FE modifications and specs
* Update metrics dashboard API to load yml from repoSarah Yasonik2019-05-011-4/+22
| | | | | | | | | | | Updates the EnvironmentController#metrics_dashboard endpoint to support a "dashboard" param, which can be used to specify the filepath of a dashboard configuration from a project repository. Dashboard configurations are expected to be stored in .gitlab/dashboards/. Updates dashboard post-processing steps to exclude custom metrics, which should only display on the system dashboard.
* Merge branch ↵Ash McKenzie2019-04-301-12/+0
|\ | | | | | | | | | | | | | | | | '60476-actionview-missingtemplate-missing-template-projects-issues-_merge_requests-with-locale-en-formats-html-varian' into 'master' Delete leftover code for referenced_merge_requests endpoint Closes #60476 See merge request gitlab-org/gitlab-ce!27335
| * Delete leftover code for referenced_merge_requests60476-actionview-missingtemplate-missing-template-projects-issues-_merge_requests-with-locale-en-formats-html-varianFatih Acet2019-04-151-12/+0
| | | | | | | | | | | | | | We rewrote Related MRs widget using Vue. The previous implementation was using Haml templates and calling referenced_merge_requests endpoint which is now deprecated. This MR deletes leftover stuff them.
* | Load environment metrics only for JSON endpointPeter Leitzen2019-04-291-4/+4
| | | | | | | | | | | | | | | | When showing the HTML version of the environment metrics we don't need to fetch their metrics because we don't use them anymore on the HTML version. We use additional_metrics.json endpoint now.
* | Merge branch '60383-setup-dashboard-endpoint' into 'master'Grzegorz Bizon2019-04-281-1/+16
|\ \ | | | | | | | | | | | | | | | | | | Create dashboards endpoint & setup dashboard post-processing Closes #60383 See merge request gitlab-org/gitlab-ce!27405
| * | Move MetricsDashboard to Metrics::Dashboardsyasonik2019-04-251-1/+1
| | |
| * | Rubocopsyasonik2019-04-241-0/+1
| | |
| * | Defend against dashboard errors, rework sequencesyasonik2019-04-241-1/+1
| | |
| * | Remove extra spacesyasonik2019-04-241-1/+1
| | |
| * | Refactor metrics_dashboard response conditionalssyasonik2019-04-241-11/+5
| | |
| * | Make EE interactions and transformations cleanersyasonik2019-04-241-1/+1
| | |
| * | Reduce cognitivty complexity moresyasonik2019-04-241-4/+8
| | |
| * | Try to reduce complexity againsyasonik2019-04-241-10/+4
| | |
| * | Reduce congnitive complexitysyasonik2019-04-241-8/+7
| | |
| * | Bring in line with EE needssyasonik2019-04-241-1/+1
| | |
| * | Inherit from BaseServicerpereira22019-04-241-3/+13
| | | | | | | | | | | | | | | Change MetricsDashboard::Service to inherit from BaseService so that it can reuse methods like initialize, success, error.
| * | Refactor dashboard proccesing into stagessyasonik2019-04-241-1/+1
| | |
| * | Rubocop cleanupsyasonik2019-04-241-1/+1
| | |
| * | Add unit tests and fix broken endpointsyasonik2019-04-241-2/+2
| | |
| * | Use existing common metricssyasonik2019-04-241-1/+0
| | |
| * | Save multi-dashboard logic for another MRsyasonik2019-04-241-1/+1
| | |
| * | Add inital dashboard endpoint supportsyasonik2019-04-241-0/+14
| | |
* | | Add ProjectMetricsDashboardSetting model and tableReuben Pereira2019-04-261-0/+2
| | | | | | | | | | | | | | | | | | This new table will be used to store the external_dashboard_url which allows users to add a link to their external dashboards (ex Grafana) to the Metrics dashboard.
* | | Added list_pages method to avoid loading all wiki pages contentFrancisco Javier López2019-04-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inside a wiki, when we show the sidebar or browse to the `pages`, all page contents are retrieved from Gitaly and that is a waste of resources, since no content from that pages are going to be showed. This MR introduces the method `ProjectWiki#list_pages`, which uses new wiki_list_pages RPC call to retrieve pages without content Also in the `WikisController` we're using the method to show pages in the sidebar and also on the `pages` page.
* | | Redirect to settings page on invalid updateMatija Čupić2019-04-241-1/+1
|/ /
* | Introduce ServiceResponse to wrap around responseLin Jen-Shin2019-04-221-4/+4
| | | | | | | | See https://gitlab.com/gitlab-org/gitlab-ce/issues/60730
* | Aligned IssuesController implementation with EEPatrick Derichs2019-04-181-4/+4
| |
* | Revert "Revert "Merge branch '24704-download-repository-path' into 'master'""Nick Thomas2019-04-161-1/+1
| | | | | | | | This reverts commit 171818df0a72097aa1a804c8213666b3f66b0966.
* | Merge branch 'mc/feature/custom-metrics-ce' into 'master'Kamil Trzciński2019-04-161-14/+16
|\ \ | | | | | | | | | | | | Backport metrics report type See merge request gitlab-org/gitlab-ce!26798
| * | Backport changes from EEMatija Čupić2019-04-161-14/+16
| | | | | | | | | | | | | | | This backports the changes from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10452
* | | Merge branch 'forbid-the-usage-of-reload' into 'master'Lin Jen-Shin2019-04-151-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Forbid the usage of reload Closes #60218 See merge request gitlab-org/gitlab-ce!27125
| * | | Forbid the use of `#reload` and prefer `#reset`forbid-the-usage-of-reloadKamil Trzciński2019-04-151-1/+1
| | |/ | |/| | | | | | | | | | | | | | | | The `#reload` makes to load all objects into memory, and the main purpose of `#reload` is to drop the association cache. The `#reset` seems to solve exactly that case.
* | | Add ability to do variable substitutionReuben Pereira2019-04-151-3/+26
| | | | | | | | | | | | | | | | | | - In prometheus proxy api, allow variables to be replaced. For example, if 'up{env="%{ci_environment_slug}"}' is passed to the endpoint, it becomes 'up{env="production"}' before being sent to prometheus.
* | | Added write_repository scope for personal access tokenHoratiu Eugen Vlad2019-04-151-1/+1
| | |
* | | Remove rails-deprecated_sanitizer dependency17014-remove-rails-deprecated_sanitizerDmitriy Zaporozhets2019-04-121-2/+2
|/ / | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Revert "Merge branch '24704-download-repository-path' into 'master'"revert-24704-download-repository-pathPatrick Bajao2019-04-111-1/+1
|/ | | | | This reverts commit 6c75bd015cba181f028bc87c396c3d8e43b5dc3e, reversing changes made to 1be7f5aaa38aba79843eae8835be6c99c025e982.
* Merge branch 'docs-zj-update-n-plus-one-comments' into 'master'Douglas Barbosa Alexandre2019-04-091-1/+1
|\ | | | | | | | | Update comments about N + 1 Gitaly calls See merge request gitlab-org/gitlab-ce!27178
| * Update comments about N + 1 Gitaly callsZeger-Jan van de Weg2019-04-091-1/+1
| | | | | | | | | | To make sure all known issues are linked to the correct epic, I've gone through the code base, and updated the comments where required.
View Lorry Controller Status