summaryrefslogtreecommitdiff
path: root/app/models/group.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add expiration date to group membershipsSean McGivern2016-08-181-9/+15
|
* Replace optional parameters with keyword arguments.Adam Niedzielski2016-08-021-1/+1
|
* Dumb-down avatar presence check in `avatar_url` methodsRobert Speicher2016-07-051-1/+1
| | | | | | | | | | | | `avatar.present?` goes through CarrierWave, and checks that the file exists on disk and checks its filesize. Because we're hitting the disk, this adds extra overhead to something where the worst-case scenario is rendering a broken image. Instead, we now just check that the _database attribute_ is present, which is good enough for our purposes. See https://gitlab.com/gitlab-org/gitlab-ce/issues/19273
* Exclude requesters from Project#members, Group#members and User#membersexplicit-requesters-scopeRémy Coutable2016-07-011-4/+5
| | | | | | And create new Project#requesters, Group#requesters scopes. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Fix an information disclosure when requesting access to a group containing ↵Rémy Coutable2016-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Turn Group#owners into a has_many associationYorick Peterse2016-06-161-4/+6
| | | | This allows the owners to be eager loaded where needed.
* UI and copywriting improvements13948-access-request-to-projects-and-groupsRémy Coutable2016-06-141-1/+1
| | | | | | | | | + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me>
* Factorize members mails into a new Emails::Members moduleRémy Coutable2016-06-141-0/+4
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add request access for groupsRémy Coutable2016-06-141-0/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Remove the annotate gem and delete old annotationsJeroen van Baarsen2016-05-091-17/+0
| | | | | | | | | In 8278b763d96ef10c6494409b18b7eb541463af29 the default behaviour of annotation has changes, which was causing a lot of noise in diffs. We decided in #17382 that it is better to get rid of the whole annotate gem, and instead let people look at schema.rb for the columns in a table. Fixes: #17382
* Annotate the modelsZeger-Jan van de Weg2016-05-061-10/+11
|
* Remove useless require 'file_size_validator' causing warningsRémy Coutable2016-04-191-1/+0
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Update NotificationService to use NotificationSettings instead of membershipDmitriy Zaporozhets2016-03-301-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Address feedbackDouwe Maan2016-03-221-4/+2
|
* Tweaks, refactoring, and specsDouwe Maan2016-03-201-8/+1
|
* Improve group visibility level featureZeger-Jan van de Weg2016-03-181-0/+22
|
* Merge 4009-external-users into issue_12658Felipe Artur2016-03-161-1/+13
|\
| * Merge branch 'share-project-ce' into 'master' Dmitriy Zaporozhets2016-03-141-0/+2
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bring from EE: Share Project with Group - [x] Models and migrations - [x] Logic, UI - [x] Tests - [x] Documentation - [x] Share with group lock - [x] Api feature - [x] Api docs - [x] Api tests Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> For #12831 cc @DouweM @rspeicher @vsizov See merge request !3186
| | * Bring ProjectGroupLink model and migrations from EEDmitriy Zaporozhets2016-03-111-0/+2
| | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * | Removed arel_table receiver from search methodsYorick Peterse2016-03-111-1/+1
| | | | | | | | | | | | | | | We can just use "arel_table" in these cases instead of "SomeClass.arel_table".
| * | Use ILIKE/LIKE for searching groupsYorick Peterse2016-03-111-1/+11
| |/
* | Prevent projects to have higher visibility than groupsFelipe Artur2016-03-101-1/+0
| | | | | | | | | | | | Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements
* | Code improvementsFelipe Artur2016-03-101-5/+5
| |
* | Add permission level to groupsFelipe Artur2016-03-101-9/+16
|/
* Make sorting preference reusable for all projects.Rubén Dávila2016-01-221-1/+0
|
* Remember last sort option used.Rubén Dávila2016-01-201-1/+2
|
* Annotate modelsStan Hu2016-01-061-1/+0
|
* remove public field from namespace and refactoringnamespace-clean_upValery Sizov2016-01-041-8/+0
|
* Group methods for filtering public/visible groupsYorick Peterse2015-11-181-0/+8
| | | | | These methods will be used to get a list of groups, optionally restricted to only those visible to a given user.
* Refactor ability changesDouwe Maan2015-11-171-2/+21
|
* Merge branch 'master' into james11/gitlab-ce-removable-group-ownerDouwe Maan2015-11-171-1/+2
|\
| * Annotate modelsDmitriy Zaporozhets2015-11-131-0/+1
| | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * Allow groups to appear in the search results if the group owner allows itValery Sizov2015-11-051-1/+1
| |
* | refactored code as projects only have one owner. Kept some refactoring in ↵James Lopez2015-11-111-5/+1
| | | | | | | | place (has_owners concern)
* | refactored permissions and added update_project_member ability logic. Also ↵James Lopez2015-11-031-20/+2
|/ | | | refactored owner methods to a concern.
* Eager load various issue/note associationsYorick Peterse2015-10-151-1/+1
| | | | | This ensures we don't end up running N+1 queries for the objects in the affected collections.
* Fix Error 500 in API when accessing a group that has an avatarStan Hu2015-08-241-0/+1
| | | | Closes #2340
* Add `Group#add_*` convenience methodsrs-group-convenience-methodsRobert Speicher2015-08-071-1/+17
| | | | Encapsulates the logic for `Gitlab::Access::WHATEVER` levels.
* No more web urlDouwe Maan2015-07-301-5/+0
|
* Use URL helpersDouwe Maan2015-07-291-2/+2
|
* Add project star and fork count, group avatar URL and user/group web URL ↵Douwe Maan2015-07-281-0/+11
| | | | attributes to API
* Log group creation and removalDmitriy Zaporozhets2015-06-031-0/+4
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add `reference_pattern` to Referable modelsRobert Speicher2015-05-261-1/+5
|
* Add `to_reference` for models that support referencesRobert Speicher2015-05-261-0/+10
| | | | | Now there is a single source of information for which attribute a model uses to be referenced, and its special character.
* Fix bug where avatar filenames were not actually deleted from the database ↵Stan Hu2015-05-071-1/+1
| | | | | | | | | | | during removal. This would result in a 404 error in certain views. The `save` call was being rolled back due to an error in the validation step. Relax the validation step so that this works. Closes #1570
* Remove duplication between Group and ProjectMember.Douwe Maan2015-04-141-19/+2
|
* Let members be invited from Add members pane.Douwe Maan2015-04-141-3/+17
|
* Track who created a group or project member.Douwe Maan2015-04-141-7/+9
|
* Split up AttachmentUploader.Douwe Maan2015-02-201-1/+1
|
* Revert "Fix broken access control and refactor avatar upload"Dmitriy Zaporozhets2015-02-191-1/+1
| | | | This reverts commit 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.
View Lorry Controller Status