| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove project from NotesFinder constructor
Add project parameter to specs
Also look for methods in private scope
Fix specs to match new NotesFinder constructor
|
|
|
|
|
|
|
|
|
|
| |
In the Snippets::NotesController the noteable was resolved and
authorized through the :snippet_id, so by passing a :target_id for a
different snippet it was possible to create a note on a snippet
where the user would be unauthorized to do so otherwise.
This fixes the problem by ignoring the :target_id and :target_type from
the request, and using the same noteable for creation and authorization.
|
|
|
|
|
|
|
| |
Removes unneeded params from permitted list
This also fixes commenting on commits with a hash starting with a large
number
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables frozen string for some vestigial files as
well as the following:
* app/controllers/projects/**/*.rb
* app/controllers/sherlock/**/*.rb
* app/controllers/snippets/**/*.rb
* app/controllers/users/**/*.rb
Partially addresses #47424.
|
|
|
|
|
| |
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The status is shown for
- The author of a commit when viewing a commit
- Notes on a commit (regular/diff)
- The user that triggered a pipeline when viewing a pipeline
- The author of a merge request when viewing a merge request
- The author of notes on a merge request (regular/diff)
- The author of an issue when viewing an issue
- The author of notes on an issue
- The author of a snippet when viewing a snippet
- The author of notes on a snippet
- A user's profile page
- The list of members of a group/user
|
| |
|
| |
|
|
|