| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`avatar.present?` goes through CarrierWave, and checks that the file
exists on disk and checks its filesize. Because we're hitting the disk,
this adds extra overhead to something where the worst-case scenario is
rendering a broken image.
Instead, we now just check that the _database attribute_ is present,
which is good enough for our purposes.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/19273
|
|
|
|
|
|
| |
And create new Project#requesters, Group#requesters scopes.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
private projects
The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.
Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.
Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...
My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.
Now they are all secure.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
| |
This allows the owners to be eager loaded where needed.
|
|
|
|
|
|
|
|
|
| |
+ Move 'Edit Project/Group' out of membership-related partial
+ Show the access request buttons only to logged-in users
+ Put the request access buttons out of in a more visible button
+ Improve the copy in the #remove_member_message helper
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
|
|
|
|
|
| |
In 8278b763d96ef10c6494409b18b7eb541463af29 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.
Fixes: #17382
|
| |
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bring from EE: Share Project with Group
- [x] Models and migrations
- [x] Logic, UI
- [x] Tests
- [x] Documentation
- [x] Share with group lock
- [x] Api feature
- [x] Api docs
- [x] Api tests
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
For #12831
cc @DouweM @rspeicher @vsizov
See merge request !3186
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
| | |
| | |
| | |
| | | |
We can just use "arel_table" in these cases instead of
"SomeClass.arel_table".
|
| |/ |
|
| |
| |
| |
| |
| |
| | |
Prevent Groups to have smaller visibility than projects
Add default_group_visibility_level to configuration
Code improvements
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
These methods will be used to get a list of groups, optionally
restricted to only those visible to a given user.
|
| |
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
|
| |
| |
| |
| | |
place (has_owners concern)
|
|/
|
|
| |
refactored owner methods to a concern.
|
|
|
|
|
| |
This ensures we don't end up running N+1 queries for the objects in the
affected collections.
|
|
|
|
| |
Closes #2340
|
|
|
|
| |
Encapsulates the logic for `Gitlab::Access::WHATEVER` levels.
|
| |
|
| |
|
|
|
|
| |
attributes to API
|
|
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| |
|
|
|
|
|
| |
Now there is a single source of information for which attribute a model
uses to be referenced, and its special character.
|
|
|
|
|
|
|
|
|
|
|
| |
during removal.
This would result in a 404 error in certain views.
The `save` call was being rolled back due to an error in the validation step.
Relax the validation step so that this works.
Closes #1570
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This reverts commit 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.
|