summaryrefslogtreecommitdiff
path: root/app/policies
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'siemens/gitlab-ce-fix/subgroup-hide-button' into 'master' Rémy Coutable2017-04-121-0/+1
|\ | | | | | | | | | | | | Hide new subgroup button if user has no permission to create one Closes #30139 See merge request !10627
| * Move permission to create subgroup into GroupPolicyDmitriy Zaporozhets2017-04-111-0/+1
| | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Remove the User#is_admin? methodblackst0ne2017-04-091-1/+1
| |
* | Merge branch 'feature/service-desk-be-backport' into 'master' Sean McGivern2017-04-071-0/+1
|\ \ | | | | | | | | | | | | Backport permissions and multi-line array to CE See merge request !10507
| * | Backport permissions and multi-line array to CEFelipe Artur2017-04-071-0/+1
| |/
* | ProjectsFinder should handle more optionsJacopo2017-04-061-2/+2
|/ | | | | | | | | | | | | | | | | | | Extended ProjectFinder in order to handle the following options: - current_user - which user use - project_ids_relation: int[] - project ids to use - params: - trending: boolean - non_public: boolean - starred: boolean - sort: string - visibility_level: int - tags: string[] - personal: boolean - search: string - non_archived: boolean GroupProjectsFinder now inherits from ProjectsFinder. Changed the code in order to use the new available options.
* use policies to protect sending emailhttp://jneen.net/2017-03-091-0/+1
|
* use the policy stack to protect loginshttp://jneen.net/2017-03-091-1/+1
|
* add User#internal? and some global permissionshttp://jneen.net/2017-03-091-0/+6
|
* use a magic default :global symbol instead of nilhttp://jneen.net/2017-03-091-2/+7
| | | | to make sure we mean the global permissions
* Improve pipeline triggers UIKamil Trzciński2017-03-071-0/+13
|
* Merge branch 'remove_group_policy_add_rules' into 'master' Douwe Maan2017-03-021-6/+0
|\ | | | | | | | | Remove now unnecessary `additional_rules!` method from GroupPolicy See merge request !9595
| * Remove now unnecessary `additional_rules!` method from GroupPolicyDrew Blessing2017-02-281-6/+0
| | | | | | | | | | | | | | | | | | The intention was for this to be used to override group policy in EE. This led to all sort of strange problems in practice - for example, https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1025 needed to override `owner` permissions, but `additional_rules!` passed `master` only. The better solution is to use an EE module to override the policy. Removing this now defunct method.
* | Don't allow deleting a ghost user.Timothy Andrew2017-02-241-0/+8
|/ | | | | | | | | | | | | | | - Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
* Enable Rails/DelegateDouwe Maan2017-02-231-3/+1
|
* Merge branch 'ee-1439-read-only-user' into 'master' Douwe Maan2017-02-072-20/+29
|\ | | | | | | | | Backport changes from gitlab-org/gitlab-ee!998 See merge request !8984
| * Backport changes from gitlab-org/gitlab-ee!998Timothy Andrew2017-02-062-20/+29
| | | | | | | | | | | | Some changes in EE for the auditor user feature need to be backported to CE to avoid merge conflicts. This commit encapsulates all these backports.
* | Fix pages abilitiesKamil Trzcinski2017-01-311-0/+2
| |
* | Initial work on GitLab Pages updateKamil Trzcinski2017-01-311-0/+1
| |
* | Add GitLab PagesKamil Trzcinski2017-01-311-0/+1
|/ | | | | | | | | | | | | | | | - The pages are created when build artifacts for `pages` job are uploaded - Pages serve the content under: http://group.pages.domain.com/project - Pages can be used to serve the group page, special project named as host: group.pages.domain.com - User can provide own 403 and 404 error pages by creating 403.html and 404.html in group page project - Pages can be explicitly removed from the project by clicking Remove Pages in Project Settings - The size of pages is limited by Application Setting: max pages size, which limits the maximum size of unpacked archive (default: 100MB) - The public/ is extracted from artifacts and content is served as static pages - Pages asynchronous worker use `dd` to limit the unpacked tar size - Pages needs to be explicitly enabled and domain needs to be specified in gitlab.yml - Pages are part of backups - Pages notify the deployment status using Commit Status API - Pages use a new sidekiq queue: pages - Pages use a separate nginx config which needs to be explicitly added
* Fix build access policies when pipelines are publicGrzegorz Bizon2017-01-231-2/+0
|
* More improvements to presenters23563-document-presentersRémy Coutable2017-01-181-1/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Handle presenters in BasePolicyRémy Coutable2017-01-181-0/+4
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'issue_25682' into 'master' Sean McGivern2016-12-291-3/+10
|\ | | | | | | | | | | | | Parse JIRA issue references even if Issue Tracker is disabled Closes #25682 See merge request !8238
| * Parse JIRA issue references even if Issue Tracker is disabledFelipe Artur2016-12-291-3/+10
| |
* | Include group parents into read access for project and groupDmitriy Zaporozhets2016-12-262-2/+2
|/ | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Enable Style/MultilineOperationIndentation in Rubocop, fixes #25741Rydkin Maxim2016-12-162-7/+7
|
* Backport hooks on group policies for the EE-specific implementationbackport/group-policiesDouglas Barbosa Alexandre2016-12-132-0/+12
|
* Merge branch 'features/api-snippets' into 'master' Sean McGivern2016-12-121-0/+5
|\ | | | | | | | | | | | | Adding support for personal snippet endpoint on the API Closes #22042 See merge request !6373
| * API: Endpoint to expose personal snippets as /snippetsGuyzmo2016-12-011-0/+5
| | | | | | | | | | | | | | | | | | | | Adding the necessary API for the new /snippets Restful resource added with this commit. Added a new Grape class `Snippets`, as well as a `PersonalSnippet` entity. Issue: #20042 Merge-Request: !6373 Signed-off-by: Guyzmo <guyzmo+gitlab+pub@m0g.net>
* | Update effected testszj-guest-reads-public-buildsZ.J. van de Weg2016-12-041-3/+0
| |
* | Guests can read builds if those are publicZ.J. van de Weg2016-12-042-0/+7
|/ | | | Fixes #18448
* Allow access to the wiki with git when repository feature disabledDouglas Barbosa Alexandre2016-11-301-0/+3
|
* Merge branch 'pipeline-notifications' into 'master' Sean McGivern2016-11-092-1/+5
|\ | | | | | | | | | | | | Integrate CI emails into notification system Closes #21930 See merge request !6342
| * Merge remote-tracking branch 'upstream/master' into pipeline-notificationsLin Jen-Shin2016-11-082-8/+3
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (70 commits) Fix routing spec for group controller Add small improvements to constrainers and specs Faster search Fix broken commits search Changed helper method to check for none on params Moved if statements around in view API: Return 400 when creating a systemhook fails Update non-exist group spinach test to match routing Bump omniauth-gitlab to 1.0.2 to fix incompatibility with omniauth-oauth2 Replace trigger with the new ID of the docs project Refactor method name 17492 Update link color for more accessible contrast Fixed todos empty state when filtering Refactor namespace regex implements reset incoming email token on issues modal and account page, reactivates all tests and writes more tests for it Use separate email-friendly token for incoming email and let incoming email token be reset Use the Gitlab Workhorse HTTP header in the admin dashboard Refactor project routing Fix 404 when visit /projects page Rewritten spinach git_blame tests to rspec feature tests Add tests for project#index routing ...
| * \ Merge remote-tracking branch 'upstream/master' into pipeline-notificationsLin Jen-Shin2016-11-031-4/+8
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (26 commits) Add a `--force` option to bin/changelog Update examples in changelog docs to use single quotes around title Use the server's base URL without relative URL part when creating links in JIRA Make ESLint ignore instrumented files for coverage analysis (!7236) Check that JavaScript file names match convention (!7238) Removed z-index for filters on issue boards GitLab 8.13 not 13 Replace MR Description Format links Fix gdb backtrace command Update gitlab.yml.example remove extra spaces from app/workers/post_receive.rb Add Rake task to create/repair GitLab Shell hooks symlinks Added guide for upgrading Postgres using Slony Ensure hook tokens are write-only in the API Add support for token attr in project hooks API Add a CHANGELOG entry Fix edit button wiki Updated Sortable JS plugin Allow owners to fetch source code in CI builds fixes milestone dropdown not select issue ...
| * | | Send only to users have :read_build access, feedback:Lin Jen-Shin2016-10-212-1/+5
| | | | | | | | | | | | | | | | https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6342#note_17193335
* | | | Merge branch 'issue_23548_dev' into 'master'Douwe Maan2016-11-091-0/+4
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Process commits in a separate workerprocess-commits-using-sidekiqYorick Peterse2016-11-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves the code used for processing commits from GitPushService to its own Sidekiq worker: ProcessCommitWorker. Using a Sidekiq worker allows us to process multiple commits in parallel. This in turn will lead to issues being closed faster and cross references being created faster. Furthermore by isolating this code into a separate class it's easier to test and maintain the code. The new worker also ensures it can efficiently check which issues can be closed, without having to run numerous SQL queries for every issue.
* | | Added IssueCollectionYorick Peterse2016-11-072-8/+3
| |/ |/| | | | | | | | | This class can be used to reduce a list of issues down to a subset based on user permissions. This class operates in such a way that it can reduce issues using as few queries as possible, if any at all.
* | Allow owners to fetch source code in CI buildsallow-owner-to-run-ci-buildsKamil Trzcinski2016-11-011-4/+8
|/ | | | Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.
* Use delegate! on group and project labels policiesDouglas Barbosa Alexandre2016-10-192-2/+2
|
* Add ProjectLabel modelDouglas Barbosa Alexandre2016-10-191-3/+1
|
* Use policies to handle with global/project label permissionsDouglas Barbosa Alexandre2016-10-192-0/+12
|
* Add CRUD for Group LabelsDouglas Barbosa Alexandre2016-10-191-0/+1
|
* Add visibility level to project repositoryissue_19734_2Felipe Artur2016-10-171-2/+12
|
* Make guests unable to view MRsguests_cant_see_mrsValery Sizov2016-10-111-1/+2
|
* Improve project policy specAlejandro Rodríguez2016-10-061-6/+12
|
* Cycle analytics should be accessible to all for public projects.Timothy Andrew2016-09-201-1/+2
| | | | | - Public projects - anyone can access - Private projects - any member (guest level and above) can access
* Merge remote-tracking branch 'origin/master' into 21170-cycle-analyticsTimothy Andrew2016-09-201-4/+13
|\
View Lorry Controller Status