summaryrefslogtreecommitdiff
path: root/app/policies
Commit message (Collapse)AuthorAgeFilesLines
* Freeze string literalsPeter Leitzen2018-08-101-0/+2
| | | | | See Danger's suggestions: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6869#note_93730253
* Create empty Commits::UpdateService and wire it upPeter Leitzen2018-08-101-0/+3
|
* CE Port of Protected Environments backendMayra Cabrera2018-08-101-0/+1
|
* Merge branch 'bvl-user-status-message-35463' into 'master'Rémy Coutable2018-08-011-0/+1
|\ | | | | | | | | | | | | Allow users to set a status Closes #35463 See merge request gitlab-org/gitlab-ce!20614
| * Allow users to set a statusBob Van Landuyt2018-07-301-0/+1
| | | | | | | | | | This can be done trough the API for the current user, or on the profile page.
* | Spec instance statisticsBob Van Landuyt2018-07-271-1/+3
| |
* | Add read_instance_statistics global policyLuke Bennett2018-07-271-0/+3
| |
* | Revert "Merge branch '41416-making-instance-wide-data-tools-more-accessible' ↵Sean McGivern2018-07-271-5/+0
| | | | | | | | | | into 'master'" This reverts merge request !20679
* | Merge branch '41416-making-instance-wide-data-tools-more-accessible' into ↵Sean McGivern2018-07-271-0/+5
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | 'master' Resolve "Making instance-wide data tools more accessible" Closes #41416 and #48507 See merge request gitlab-org/gitlab-ce!20679
| * | Spec instance statisticsBob Van Landuyt2018-07-271-1/+3
| | |
| * | Add read_instance_statistics global policyLuke Bennett2018-07-261-0/+3
| |/
* | Rename the module and add a simple test to checkLin Jen-Shin2018-07-271-1/+1
| | | | | | | | if all methods are also presented in the user.
* | Introduce PolicyCheckable for checking policiesce-7000-introduce-PolicyCheckableLin Jen-Shin2018-07-251-0/+36
|/
* Enable frozen string in presenters and policiesrepo-forks/gitlab-ce-frozen-string-enable-app-presentersgfyoung2018-07-2432-0/+64
| | | | | | | | | Enable frozen string in: * app/presenters * app/policies Partially addresses #47424.
* Add an option to have a private profile on GitLabJX Terry2018-07-241-0/+6
|
* Rename environments stop action methodGrzegorz Bizon2018-07-121-2/+3
| | | | | This makes it more explicit that an environment is not a stop action, but instead is merely contains a stop action.
* Resolve "Rename the `Master` role to `Maintainer`" BackendMark Chao2018-07-114-9/+9
|
* Support manually stopping any environment from the UIWinnie Hellmann2018-07-101-3/+7
|
* Create cross project group featuresBob Van Landuyt2018-07-061-0/+13
| | | | | This allows us to check specific abilities in views, while still enabling/disabling them at once.
* Web Terminal Ci BuildFrancisco Javier López2018-07-051-0/+6
|
* Operations and Kubernetes items are now omitted in the sidebar when ↵47631-operations-kubernetes-option-is-always-visible-when-repository-or-builds-are-disabledTiago Botelho2018-06-201-0/+1
| | | | repository or builds are disabled
* policyMark Chao2018-06-061-1/+1
|
* Rephrase "maintainer" to more precise "members who can merge to the target ↵42751-rename-mr-maintainer-pushMark Chao2018-06-012-6/+6
| | | | | | branch" "Maintainer" will be freed to be used for #42751
* Refactor out duplication in runner_policy.rb46010-allow-managing-group-runners-via-apiDylan Griffith2018-05-161-4/+8
|
* Change policy list_runner_jobs -> read_runnerDylan Griffith2018-05-161-1/+0
|
* Rename User#ci_authorized_runners -> ci_owned_runnersDylan Griffith2018-05-161-6/+6
|
* Improve efficiency of authorized_runner policy queryDylan Griffith2018-05-161-1/+1
|
* Use can? policies for lib/api/runners.rbDylan Griffith2018-05-161-4/+4
|
* Enable update_(build|pipeline) for maintainersJan Provaznik2018-05-153-3/+18
|
* Allows `access_(git|api)` to anonymous usersBob Van Landuyt2018-05-101-6/+4
| | | | | | | | | | | The `access_git` and `access_api` were currently never checked for anonymous users. And they would also be allowed access: An anonymous user can clone and pull from a public repo An anonymous user can request public information from the API So the policy didn't actually reflect what we were enforcing.
* Block access to API & git when terms are enforcedBob Van Landuyt2018-05-101-0/+9
| | | | | | When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms.
* Adds remote mirror table migrationTiago Botelho2018-05-071-0/+7
|
* Enforces terms in the web applicationBob Van Landuyt2018-05-041-4/+2
| | | | | | | | | | | | | | | | | | | | This enforces the terms in the web application. These cases are specced: - Logging in: When terms are enforced, and a user logs in that has not accepted the terms, they are presented with the screen. They get directed to their customized root path afterwards. - Signing up: After signing up, the first screen the user is presented with the screen to accept the terms. After they accept they are directed to the dashboard. - While a session is active: - For a GET: The user will be directed to the terms page first, after they accept the terms, they will be directed to the page they were going to - For any other request: They are directed to the terms, after they accept the terms, they are directed back to the page they came from to retry the request. Any information entered would be persisted in localstorage and available on the page.
* Allow a user to accept/decline termsBob Van Landuyt2018-05-041-0/+30
| | | | | When a user accepts, we store this in the agreements to keep track of which terms they accepted. We also update the flag on the user.
* Make the user dropdown reusableBob Van Landuyt2018-05-041-2/+4
| | | | | | | We will reuse the the dropdown, but exclude some menu items based on permissions. So moving the menu to a partial, and adding checks for each menu item here.
* Fix users not seeing labels from private groups when being a member of a ↵Felipe Artur2018-04-231-2/+6
| | | | child project
* Prevent awarding emoji when a project is archivedBob Van Landuyt2018-04-113-1/+5
| | | | This prevents performing the requests, and disables all emoji reaction buttons
* Rename `create_merge_request` permissionsBob Van Landuyt2018-04-111-5/+6
| | | | | | | | | | So we can distinguish between the permissions on the source and the target project. - `create_merge_request_from` indicates a user can create a merge request with the project as a source_project - `create_merge_request_in` indicates a user can create a merge request with the project as a target_project
* Prevent new merge requests for archived projectsBob Van Landuyt2018-04-111-0/+4
| | | | | | | This prevents creating merge requests targeting archived projects. This could happen when a project was already forked, but then the source was archived.
* Move `ProjectPolicy`-class methods into moduleBob Van Landuyt2018-04-102-16/+21
| | | | | | That way the ProjectPolicy class can be extended with this module before we prepend the EE::ProjectPolicy. This makes the classmethods available for rules defined in the EE::ProjectPolicy.
* Update policies to make archived projects completely read-onlyDouwe Maan2018-04-104-44/+66
|
* Remove edit_note and update_note abilities in favor of admin_noteDouwe Maan2018-04-102-7/+1
|
* Rename delete_protected_branch ability to push_to_delete_protected_branch to ↵Douwe Maan2018-04-101-2/+2
| | | | prevent confusion with destroy_protected_branch
* Support Deploy Tokens properly without hacking abilitiesKamil Trzciński2018-04-061-2/+2
|
* Addreses backend review suggestionsMayra Cabrera2018-04-061-0/+11
| | | | | | - Remove extra method for authorize_admin_project - Ensure project presence - Rename 'read_repo' to 'read_repository' to be more verbose
* Removes logic from Jwt and handle different scenarios on Gitlab::AuthMayra Cabrera2018-04-061-3/+3
| | | | | | | - When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token
* Fix N+1 in MergeRequestParserSean McGivern2018-04-054-18/+34
| | | | | | | | read_project can be prevented by a very expensive condition, which we want to avoid, while still not writing manual SQL queries. read_project_for_iids is used by read_issue_iid and read_merge_request_iid to satisfy both of those constraints, and allow the declarative policy runner to use its normal caching strategy.
* Revert exploratory branch restriction policyjej/add-protected-branch-policyJames Edwards-Jones2018-03-261-10/+0
|
* ProtectedBranchPolicy used from Controller for destroy/updateJames Edwards-Jones2018-03-261-0/+4
|
* Branch unprotection restriction starting pointJames Edwards-Jones2018-03-261-0/+15
| | | | Explored Policy framework to create something I can use as a starting point.
View Lorry Controller Status