summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'dbalexandre/gitlab-ce-fix-personal-snippet-access-workflow' ↵Robert Speicher2015-11-191-22/+60
|\ | | | | | | | | | | | | | | | | | | | | | | into 'master' Improve personal snippet access workflow. Replaces !1709 Fixes #3258 See merge request !1817
| * Rename `not_auth_*` ability methods to `anonymous_*`dbalexandre/gitlab-ce-fix-personal-snippet-access-workflowRobert Speicher2015-11-171-10/+9
| |
| * Minor refactoringDouwe Maan2015-11-171-8/+14
| |
| * Merge branch 'master' into ↵Douwe Maan2015-11-171-0/+2
| |\ | | | | | | | | | dbalexandre/gitlab-ce-fix-personal-snippet-access-workflow
| * | Fix ability name for public or internal personal snippetsDouglas Barbosa Alexandre2015-11-021-1/+1
| | |
| * | Improve personal snippet access workflow. Fixes #3258Douglas Barbosa Alexandre2015-10-291-16/+49
| | |
* | | Refactor ability changesDouwe Maan2015-11-171-24/+30
| | |
* | | Merge branch 'master' into james11/gitlab-ce-removable-group-ownerDouwe Maan2015-11-171-3/+5
|\ \ \ | | |/ | |/|
| * | Group masters should be able to create/close milestonesDmitriy Zaporozhets2015-11-161-0/+1
| | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * | Implement Build ArtifactsKamil Trzcinski2015-11-101-0/+1
| |/ | | | | | | | | | | | | - Offloads uploading to GitLab Workhorse - Use /authorize request for fast uploading - Added backup recipes for artifacts - Support download acceleration using X-Sendfile
* | fixing rubocop indentsJames Lopez2015-11-121-11/+11
| |
* | refactored code as projects only have one owner. Kept some refactoring in ↵James Lopez2015-11-111-26/+26
| | | | | | | | place (has_owners concern)
* | refactored permissions and added update_project_member ability logic. Also ↵James Lopez2015-11-031-0/+18
|/ | | | refactored owner methods to a concern.
* Merge branch 'master' into remove-forks-from-projects-settingsHan Loong Liauw2015-10-171-0/+4
|\
| * Added builds viewKamil Trzcinski2015-10-141-0/+2
| |
| * Implement Commit Status APIKamil Trzcinski2015-10-121-0/+2
| |
* | Adds ability to remove the forked relationshipHan Loong Liauw2015-10-131-1/+2
|/ | | | | | | This was previously possible through the API but can now be done through the project#edit settings screen if the current user is the owner of the project. Update changelog
* integration with gitlab authValery Sizov2015-09-091-0/+1
|
* Add specific ability for managing group membersDouwe Maan2015-07-281-2/+3
|
* Add admin_merge_request ability to Developer level and upRobert Speicher2015-07-241-1/+2
| | | | | | | This was necessary because this permission is checked dynamically by `app/views/shared/issuable/_context` when on a Merge Request. Closes #2058
* Merge branch 'fix-disabled-feature-access' into 'master'Stan Hu2015-07-201-23/+31
|\ | | | | | | | | | | | | | | | | | | Fix (i.e. prevent) access to disabled features for unauthenticated users Unauthenticated users had access to disabled features of public projects. The code has been slightly refactored so that feature checks are done in a separate method and can also be applied for public access. See merge request !1006
| * Fix access to disabled features for unauthenticated usersDaniel Gerhardt2015-07-201-23/+31
| | | | | | | | | | | | Unauthenticated users had access to disabled features of public projects. The code has been slightly refactored so that feature checks are done in a separate method and can also be applied for public access.
* | Fix label read access for unauthenticated usersDaniel Gerhardt2015-07-191-0/+1
|/ | | | | | | | | | | | | | The label page was added to navigation for unauthorized users because the previously used milestone read permission was still checked. This has been fixed and read access to labels is now granted (again) for public projects. This regression has been introduced in 07efb17e10fe26a01b60d8441868f9fbda0768f2 (7.12). See also 9bcd36396b9b71467f66dd4ed79ab709bb5d027a. Refs !836, !842.
* Reporter role can manage issue tracker nowreporter-manage-issuesDmitriy Zaporozhets2015-06-301-4/+4
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Refactor issue, mr, note abilities to include project abilities tooDmitriy Zaporozhets2015-06-261-13/+30
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Change dynamic abilities to new formatDmitriy Zaporozhets2015-06-261-11/+7
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Rename abilities to correspond contoller/model action namesrename-abilitiesDmitriy Zaporozhets2015-06-261-13/+13
| | | | | | | | | | | | | | | | | write_ was renamed to create_ modify_ was renamed to update_ So now in update action we have next code def create can?(current_user, :create_issue, @issue) end def update can?(current_user, :update_issue, @issue) end Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Simplify set of assignee, milestone and label to admin_issue ruleDmitriy Zaporozhets2015-06-261-4/+0
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Dont allow guest to set assigne, milestone and label when create new issue ↵Dmitriy Zaporozhets2015-06-251-0/+3
| | | | | | or merge request Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Fix Error 500 when one user attempts to access a personal, internal snippetStan Hu2015-06-191-1/+1
| | | | Closes #1815
* Fix 403 Access Denied error messages when accessing Labels section in a ↵Stan Hu2015-06-181-0/+1
| | | | | | project that has MRs disabled but issues enabled Closes #1813
* Fix project snippets button appearing when it is disabledStan Hu2015-05-271-1/+1
| | | | Closes #1705
* Refactor permission checks to use `can?` instead of `issues_enabled` and ↵Stan Hu2015-05-251-0/+5
| | | | `merge_requests_enabled`
* Disable "New Issue" and "New Merge Request" buttons when features are ↵Stan Hu2015-05-251-0/+27
| | | | | | disabled in project settings Closes #1676
* Rename manage_group ability to admin_group for consistency with project.Douwe Maan2015-04-141-6/+6
|
* Merge branch 'fix-restricted-visibility' into 'master'Dmitriy Zaporozhets2015-03-161-2/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restricted visibility levels - bug fix and new feature This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903. ## Move configuration location I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked: ![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png) ## Allow admins to override To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level. The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected. Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level. ## TODO * [x] Add more tests for restricted visibility functionality cc @sytse @dzaporozhets See merge request !1655
| * Update snippet authorizationVinnie Okada2015-03-141-2/+4
| | | | | | | | | | Allow authors and admins to update the visibility level of personal and project snippets.
* | Use `project_member` instead of `team_member`.Douwe Maan2015-03-151-3/+3
| |
* | Use `group_member` instead of `users_group` or `membership`.Douwe Maan2015-03-151-5/+5
|/
* Append in place for strings and arraysCiro Santilli2015-01-011-13/+13
|
* Factor abilities methodsCiro Santilli2014-10-191-0/+8
| | | | in app controller, user model and services.
* Add parenthesis to function def with arguments.Ciro Santilli2014-10-031-2/+2
|
* Huge replace of old users_project and users_group referencesDmitriy Zaporozhets2014-09-141-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Improve labelsDmitriy Zaporozhets2014-07-301-1/+1
| | | | | | | * allow developers to manage labels * add ability to remove label Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add create/update to Labels controllerDmitriy Zaporozhets2014-07-301-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Merge pull request #7131 from skv-headless/per_request_rules_cachingDmitriy Zaporozhets2014-07-141-24/+26
|\ | | | | per request project rules caching
| * per request project rules cachingskv-headless2014-06-141-24/+26
| |
* | Improve files/snippets action buttonsDmitriy Zaporozhets2014-06-131-1/+5
|/ | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Refactor some search scopes to prevent wierd behaviour and PG::Error issuesDmitriy Zaporozhets2014-06-051-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Improve performance of application for large teamsDmitriy Zaporozhets2014-06-041-4/+4
| | | | | | | This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
View Lorry Controller Status