summaryrefslogtreecommitdiff
path: root/app/policies
Commit message (Collapse)AuthorAgeFilesLines
* Fix N+1 in MergeRequestParserSean McGivern2018-04-054-18/+34
| | | | | | | | read_project can be prevented by a very expensive condition, which we want to avoid, while still not writing manual SQL queries. read_project_for_iids is used by read_issue_iid and read_merge_request_iid to satisfy both of those constraints, and allow the declarative policy runner to use its normal caching strategy.
* Revert exploratory branch restriction policyjej/add-protected-branch-policyJames Edwards-Jones2018-03-261-10/+0
|
* ProtectedBranchPolicy used from Controller for destroy/updateJames Edwards-Jones2018-03-261-0/+4
|
* Branch unprotection restriction starting pointJames Edwards-Jones2018-03-261-0/+15
| | | | Explored Policy framework to create something I can use as a starting point.
* Limit queries to a user-branch combinationBob Van Landuyt2018-03-071-13/+5
| | | | | The query becomes a lot simpler if we can check the branch name as well instead of having to load all branch names.
* Allow maintainers to edit directly in a forkBob Van Landuyt2018-03-071-0/+6
|
* Allow abilities on forks while MR is openBob Van Landuyt2018-03-071-0/+16
| | | | | | | | When an MR is created using `allow_maintainer_to_push`, we enable some abilities while the MR is open. This should allow every user with developer abilities on the target project, to push to the source project.
* Bring one group board to CEFelipe Artur2018-03-031-1/+6
|
* Port `read_cross_project` ability from EEBob Van Landuyt2018-02-225-15/+34
|
* Merge branch ↵Douwe Maan2018-02-091-1/+0
| | | | | | 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4' [Port for security-10-4]: Makes SnippetFinder ensure feature visibility
* Hide pipeline schedule 'take ownership' for current ownerMark Fletcher2018-02-011-0/+8
|
* Remove unused push_code_to_protected_branches38056-remove-unused-optionLin Jen-Shin2018-01-051-1/+0
|
* EE-BACKPORT group boardsFelipe Artur2018-01-041-1/+7
|
* Refactor common protected ref checkStan Hu2017-12-122-16/+10
|
* Fix conditions for checking pipeline schedule rulesStan Hu2017-12-121-3/+3
|
* Create a play_pipeline_schedule policy and use itStan Hu2017-12-121-0/+18
|
* Support uploads for groupsJarka Kadlecova2017-12-071-1/+6
|
* Introduce :read_namespace access policy for namespace and groupTomasz Maczukin2017-11-232-0/+3
|
* Merge branch 'master' into fix/sm/31771-do-not-allow-jobs-to-be-erased-newShinya Maeda2017-11-071-2/+2
|\
| * This worksShinya Maeda2017-10-231-2/+2
| |
* | Add doc. Fix spec. Add erase_build in protected_ref ruleShinya Maeda2017-11-071-4/+8
| |
* | Do not allow jobs to be erasedShinya Maeda2017-11-061-0/+5
|/
* Merge branch ↵Kamil Trzciński2017-10-062-0/+14
|\ | | | | | | | | | | | | | | | | 'feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service' into 'master' Create Kubernetes cluster on GKE from k8s service Closes #35954 See merge request gitlab-org/gitlab-ce!14470
| * Cluster can be read only by masterKamil Trzcinski2017-10-051-2/+2
| |
| * Specify defaults, fix policies, fix db columnsKamil Trzcinski2017-10-041-5/+1
| |
| * Merge branch 'master' into ↵Shinya Maeda2017-10-042-0/+15
| |\ | | | | | | | | | feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service
| * | Implement Policy. Use show instead of edit. Chnage db column. fix comments. ↵Shinya Maeda2017-10-032-1/+18
| | | | | | | | | | | | dry up workers
| * | authorize in controller. validation in model.Shinya Maeda2017-10-011-0/+1
| | |
* | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into ↵Jarka Kadlecova2017-10-032-0/+15
|\ \ \ | | |/ | |/| | | | | | | | | | | | | 18608-lock-issues-v2 # Conflicts: # db/schema.rb
| * | moved fork checks into policiesfork-btn-enabled-user-groupsPhil Hughes2017-09-292-0/+10
| | |
| * | Support custom attributes on usersMarkus Koller2017-09-281-0/+5
| |/
* | Merge remote-tracking branch 'origin/master' into 18608-lock-issuesLuke "Jared" Bennett2017-09-202-2/+3
|\ \ | |/
| * Allow DEVELOPER role to admin milestonesissue_32215Felipe Artur2017-09-182-2/+3
| |
* | Create system notes for MR too, improve doc + clean up codeJarka Kadlecova2017-09-142-11/+10
| |
* | Check the discussion lock only for issuables & clean styleJarka Kadlecova2017-09-141-1/+1
| |
* | Support discussion locking in the backendJarka Kadlecova2017-09-142-0/+15
|/
* Make Members with Owner and Master roles always able to create subgroups30473-allow-creation-of-subgroups-with-gitlab_default_can_create_group-set-to-falseRuben Davila2017-09-071-1/+1
|
* Optimize policy ruleMichael Kozono2017-09-071-2/+3
|
* Refer to “Share with group lock” consistentlyimprove-share-locking-feature-for-subgroupsMichael Kozono2017-09-061-3/+3
|
* Fix ability when Share lock is offMichael Kozono2017-09-061-1/+2
|
* Refactor based on code reviewMichael Kozono2017-09-061-1/+1
|
* Fix “Share lock” policy for deeply nested groupsMichael Kozono2017-09-061-2/+2
|
* Enforce share_with_group_lock rulesMichael Kozono2017-09-061-0/+5
| | | | …in Groups::UpdateService instead of only in the browser.
* `current_application_settings` belongs on `Gitlab::CurrentSettings`Sean McGivern2017-08-311-3/+1
| | | | | | | | | | | | | | | | The initializers including this were doing so at the top level, so every object loaded after them had a `current_application_settings` method. However, if someone had rack-attack enabled (which was loaded before these initializers), it would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't have that method. To fix this: 1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need `Object.new.current_application_settings` to work. 2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it like that in several places. 3. Change the initializers to use that new form.
* replace `is_team_member?` with `team_member?`Maxim Rydkin2017-08-291-3/+3
|
* Improves subgroup creation permissions35845-improve-subgroup-creation-permissionsTiago Botelho2017-08-211-1/+3
|
* Allow logged in users to read user list under public restrictionLin Jen-Shin (godfat)2017-08-011-1/+1
|
* Merge branch '30634-protected-pipeline' into 'master'Kamil Trzciński2017-07-252-5/+15
|\ | | | | | | | | | | | | Implement "Block pipelines on protected branches" Closes #30634, #34616, and #33130 See merge request !11910
| * Rename :user_cannot_update to :protected_refLin Jen-Shin2017-07-182-4/+4
| |
| * Rename can_push_or_merge_to_branch? to can_update_branch?Lin Jen-Shin2017-07-182-4/+8
| | | | | | | | Also make sure pipeline would also check against tag as well
View Lorry Controller Status