Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix N+1 in MergeRequestParser | Sean McGivern | 2018-04-05 | 4 | -18/+34 |
| | | | | | | | | read_project can be prevented by a very expensive condition, which we want to avoid, while still not writing manual SQL queries. read_project_for_iids is used by read_issue_iid and read_merge_request_iid to satisfy both of those constraints, and allow the declarative policy runner to use its normal caching strategy. | ||||
* | Revert exploratory branch restriction policyjej/add-protected-branch-policy | James Edwards-Jones | 2018-03-26 | 1 | -10/+0 |
| | |||||
* | ProtectedBranchPolicy used from Controller for destroy/update | James Edwards-Jones | 2018-03-26 | 1 | -0/+4 |
| | |||||
* | Branch unprotection restriction starting point | James Edwards-Jones | 2018-03-26 | 1 | -0/+15 |
| | | | | Explored Policy framework to create something I can use as a starting point. | ||||
* | Limit queries to a user-branch combination | Bob Van Landuyt | 2018-03-07 | 1 | -13/+5 |
| | | | | | The query becomes a lot simpler if we can check the branch name as well instead of having to load all branch names. | ||||
* | Allow maintainers to edit directly in a fork | Bob Van Landuyt | 2018-03-07 | 1 | -0/+6 |
| | |||||
* | Allow abilities on forks while MR is open | Bob Van Landuyt | 2018-03-07 | 1 | -0/+16 |
| | | | | | | | | When an MR is created using `allow_maintainer_to_push`, we enable some abilities while the MR is open. This should allow every user with developer abilities on the target project, to push to the source project. | ||||
* | Bring one group board to CE | Felipe Artur | 2018-03-03 | 1 | -1/+6 |
| | |||||
* | Port `read_cross_project` ability from EE | Bob Van Landuyt | 2018-02-22 | 5 | -15/+34 |
| | |||||
* | Merge branch ↵ | Douwe Maan | 2018-02-09 | 1 | -1/+0 |
| | | | | | | 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4' [Port for security-10-4]: Makes SnippetFinder ensure feature visibility | ||||
* | Hide pipeline schedule 'take ownership' for current owner | Mark Fletcher | 2018-02-01 | 1 | -0/+8 |
| | |||||
* | Remove unused push_code_to_protected_branches38056-remove-unused-option | Lin Jen-Shin | 2018-01-05 | 1 | -1/+0 |
| | |||||
* | EE-BACKPORT group boards | Felipe Artur | 2018-01-04 | 1 | -1/+7 |
| | |||||
* | Refactor common protected ref check | Stan Hu | 2017-12-12 | 2 | -16/+10 |
| | |||||
* | Fix conditions for checking pipeline schedule rules | Stan Hu | 2017-12-12 | 1 | -3/+3 |
| | |||||
* | Create a play_pipeline_schedule policy and use it | Stan Hu | 2017-12-12 | 1 | -0/+18 |
| | |||||
* | Support uploads for groups | Jarka Kadlecova | 2017-12-07 | 1 | -1/+6 |
| | |||||
* | Introduce :read_namespace access policy for namespace and group | Tomasz Maczukin | 2017-11-23 | 2 | -0/+3 |
| | |||||
* | Merge branch 'master' into fix/sm/31771-do-not-allow-jobs-to-be-erased-new | Shinya Maeda | 2017-11-07 | 1 | -2/+2 |
|\ | |||||
| * | This works | Shinya Maeda | 2017-10-23 | 1 | -2/+2 |
| | | |||||
* | | Add doc. Fix spec. Add erase_build in protected_ref rule | Shinya Maeda | 2017-11-07 | 1 | -4/+8 |
| | | |||||
* | | Do not allow jobs to be erased | Shinya Maeda | 2017-11-06 | 1 | -0/+5 |
|/ | |||||
* | Merge branch ↵ | Kamil Trzciński | 2017-10-06 | 2 | -0/+14 |
|\ | | | | | | | | | | | | | | | | | 'feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service' into 'master' Create Kubernetes cluster on GKE from k8s service Closes #35954 See merge request gitlab-org/gitlab-ce!14470 | ||||
| * | Cluster can be read only by master | Kamil Trzcinski | 2017-10-05 | 1 | -2/+2 |
| | | |||||
| * | Specify defaults, fix policies, fix db columns | Kamil Trzcinski | 2017-10-04 | 1 | -5/+1 |
| | | |||||
| * | Merge branch 'master' into ↵ | Shinya Maeda | 2017-10-04 | 2 | -0/+15 |
| |\ | | | | | | | | | | feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service | ||||
| * | | Implement Policy. Use show instead of edit. Chnage db column. fix comments. ↵ | Shinya Maeda | 2017-10-03 | 2 | -1/+18 |
| | | | | | | | | | | | | dry up workers | ||||
| * | | authorize in controller. validation in model. | Shinya Maeda | 2017-10-01 | 1 | -0/+1 |
| | | | |||||
* | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into ↵ | Jarka Kadlecova | 2017-10-03 | 2 | -0/+15 |
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | 18608-lock-issues-v2 # Conflicts: # db/schema.rb | ||||
| * | | moved fork checks into policiesfork-btn-enabled-user-groups | Phil Hughes | 2017-09-29 | 2 | -0/+10 |
| | | | |||||
| * | | Support custom attributes on users | Markus Koller | 2017-09-28 | 1 | -0/+5 |
| |/ | |||||
* | | Merge remote-tracking branch 'origin/master' into 18608-lock-issues | Luke "Jared" Bennett | 2017-09-20 | 2 | -2/+3 |
|\ \ | |/ | |||||
| * | Allow DEVELOPER role to admin milestonesissue_32215 | Felipe Artur | 2017-09-18 | 2 | -2/+3 |
| | | |||||
* | | Create system notes for MR too, improve doc + clean up code | Jarka Kadlecova | 2017-09-14 | 2 | -11/+10 |
| | | |||||
* | | Check the discussion lock only for issuables & clean style | Jarka Kadlecova | 2017-09-14 | 1 | -1/+1 |
| | | |||||
* | | Support discussion locking in the backend | Jarka Kadlecova | 2017-09-14 | 2 | -0/+15 |
|/ | |||||
* | Make Members with Owner and Master roles always able to create subgroups30473-allow-creation-of-subgroups-with-gitlab_default_can_create_group-set-to-false | Ruben Davila | 2017-09-07 | 1 | -1/+1 |
| | |||||
* | Optimize policy rule | Michael Kozono | 2017-09-07 | 1 | -2/+3 |
| | |||||
* | Refer to “Share with group lock” consistentlyimprove-share-locking-feature-for-subgroups | Michael Kozono | 2017-09-06 | 1 | -3/+3 |
| | |||||
* | Fix ability when Share lock is off | Michael Kozono | 2017-09-06 | 1 | -1/+2 |
| | |||||
* | Refactor based on code review | Michael Kozono | 2017-09-06 | 1 | -1/+1 |
| | |||||
* | Fix “Share lock” policy for deeply nested groups | Michael Kozono | 2017-09-06 | 1 | -2/+2 |
| | |||||
* | Enforce share_with_group_lock rules | Michael Kozono | 2017-09-06 | 1 | -0/+5 |
| | | | | …in Groups::UpdateService instead of only in the browser. | ||||
* | `current_application_settings` belongs on `Gitlab::CurrentSettings` | Sean McGivern | 2017-08-31 | 1 | -3/+1 |
| | | | | | | | | | | | | | | | | The initializers including this were doing so at the top level, so every object loaded after them had a `current_application_settings` method. However, if someone had rack-attack enabled (which was loaded before these initializers), it would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't have that method. To fix this: 1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need `Object.new.current_application_settings` to work. 2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it like that in several places. 3. Change the initializers to use that new form. | ||||
* | replace `is_team_member?` with `team_member?` | Maxim Rydkin | 2017-08-29 | 1 | -3/+3 |
| | |||||
* | Improves subgroup creation permissions35845-improve-subgroup-creation-permissions | Tiago Botelho | 2017-08-21 | 1 | -1/+3 |
| | |||||
* | Allow logged in users to read user list under public restriction | Lin Jen-Shin (godfat) | 2017-08-01 | 1 | -1/+1 |
| | |||||
* | Merge branch '30634-protected-pipeline' into 'master' | Kamil Trzciński | 2017-07-25 | 2 | -5/+15 |
|\ | | | | | | | | | | | | | Implement "Block pipelines on protected branches" Closes #30634, #34616, and #33130 See merge request !11910 | ||||
| * | Rename :user_cannot_update to :protected_ref | Lin Jen-Shin | 2017-07-18 | 2 | -4/+4 |
| | | |||||
| * | Rename can_push_or_merge_to_branch? to can_update_branch? | Lin Jen-Shin | 2017-07-18 | 2 | -4/+8 |
| | | | | | | | | Also make sure pipeline would also check against tag as well |