summaryrefslogtreecommitdiff
path: root/app/policies
Commit message (Collapse)AuthorAgeFilesLines
* Port `read_cross_project` ability from EEBob Van Landuyt2018-02-225-15/+34
|
* Merge branch ↵Douwe Maan2018-02-091-1/+0
| | | | | | 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4' [Port for security-10-4]: Makes SnippetFinder ensure feature visibility
* Hide pipeline schedule 'take ownership' for current ownerMark Fletcher2018-02-011-0/+8
|
* Remove unused push_code_to_protected_branches38056-remove-unused-optionLin Jen-Shin2018-01-051-1/+0
|
* EE-BACKPORT group boardsFelipe Artur2018-01-041-1/+7
|
* Refactor common protected ref checkStan Hu2017-12-122-16/+10
|
* Fix conditions for checking pipeline schedule rulesStan Hu2017-12-121-3/+3
|
* Create a play_pipeline_schedule policy and use itStan Hu2017-12-121-0/+18
|
* Support uploads for groupsJarka Kadlecova2017-12-071-1/+6
|
* Introduce :read_namespace access policy for namespace and groupTomasz Maczukin2017-11-232-0/+3
|
* Merge branch 'master' into fix/sm/31771-do-not-allow-jobs-to-be-erased-newShinya Maeda2017-11-071-2/+2
|\
| * This worksShinya Maeda2017-10-231-2/+2
| |
* | Add doc. Fix spec. Add erase_build in protected_ref ruleShinya Maeda2017-11-071-4/+8
| |
* | Do not allow jobs to be erasedShinya Maeda2017-11-061-0/+5
|/
* Merge branch ↵Kamil Trzciński2017-10-062-0/+14
|\ | | | | | | | | | | | | | | | | 'feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service' into 'master' Create Kubernetes cluster on GKE from k8s service Closes #35954 See merge request gitlab-org/gitlab-ce!14470
| * Cluster can be read only by masterKamil Trzcinski2017-10-051-2/+2
| |
| * Specify defaults, fix policies, fix db columnsKamil Trzcinski2017-10-041-5/+1
| |
| * Merge branch 'master' into ↵Shinya Maeda2017-10-042-0/+15
| |\ | | | | | | | | | feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service
| * | Implement Policy. Use show instead of edit. Chnage db column. fix comments. ↵Shinya Maeda2017-10-032-1/+18
| | | | | | | | | | | | dry up workers
| * | authorize in controller. validation in model.Shinya Maeda2017-10-011-0/+1
| | |
* | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into ↵Jarka Kadlecova2017-10-032-0/+15
|\ \ \ | | |/ | |/| | | | | | | | | | | | | 18608-lock-issues-v2 # Conflicts: # db/schema.rb
| * | moved fork checks into policiesfork-btn-enabled-user-groupsPhil Hughes2017-09-292-0/+10
| | |
| * | Support custom attributes on usersMarkus Koller2017-09-281-0/+5
| |/
* | Merge remote-tracking branch 'origin/master' into 18608-lock-issuesLuke "Jared" Bennett2017-09-202-2/+3
|\ \ | |/
| * Allow DEVELOPER role to admin milestonesissue_32215Felipe Artur2017-09-182-2/+3
| |
* | Create system notes for MR too, improve doc + clean up codeJarka Kadlecova2017-09-142-11/+10
| |
* | Check the discussion lock only for issuables & clean styleJarka Kadlecova2017-09-141-1/+1
| |
* | Support discussion locking in the backendJarka Kadlecova2017-09-142-0/+15
|/
* Make Members with Owner and Master roles always able to create subgroups30473-allow-creation-of-subgroups-with-gitlab_default_can_create_group-set-to-falseRuben Davila2017-09-071-1/+1
|
* Optimize policy ruleMichael Kozono2017-09-071-2/+3
|
* Refer to “Share with group lock” consistentlyimprove-share-locking-feature-for-subgroupsMichael Kozono2017-09-061-3/+3
|
* Fix ability when Share lock is offMichael Kozono2017-09-061-1/+2
|
* Refactor based on code reviewMichael Kozono2017-09-061-1/+1
|
* Fix “Share lock” policy for deeply nested groupsMichael Kozono2017-09-061-2/+2
|
* Enforce share_with_group_lock rulesMichael Kozono2017-09-061-0/+5
| | | | …in Groups::UpdateService instead of only in the browser.
* `current_application_settings` belongs on `Gitlab::CurrentSettings`Sean McGivern2017-08-311-3/+1
| | | | | | | | | | | | | | | | The initializers including this were doing so at the top level, so every object loaded after them had a `current_application_settings` method. However, if someone had rack-attack enabled (which was loaded before these initializers), it would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't have that method. To fix this: 1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need `Object.new.current_application_settings` to work. 2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it like that in several places. 3. Change the initializers to use that new form.
* replace `is_team_member?` with `team_member?`Maxim Rydkin2017-08-291-3/+3
|
* Improves subgroup creation permissions35845-improve-subgroup-creation-permissionsTiago Botelho2017-08-211-1/+3
|
* Allow logged in users to read user list under public restrictionLin Jen-Shin (godfat)2017-08-011-1/+1
|
* Merge branch '30634-protected-pipeline' into 'master'Kamil Trzciński2017-07-252-5/+15
|\ | | | | | | | | | | | | Implement "Block pipelines on protected branches" Closes #30634, #34616, and #33130 See merge request !11910
| * Rename :user_cannot_update to :protected_refLin Jen-Shin2017-07-182-4/+4
| |
| * Rename can_push_or_merge_to_branch? to can_update_branch?Lin Jen-Shin2017-07-182-4/+8
| | | | | | | | Also make sure pipeline would also check against tag as well
| * Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-181-3/+7
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (25 commits) Remove unneeded asserts and add tests for inactive RequestStore Rename the methods to make it fit with current name Follow feedback on the merge request Make sure it checks against the tag only when it's a tag Renamed Gitaly services fix transient rspec failure due to Poll.js race condition Refactor variables initialization in dropzone_input.js cache the cache key... avoid #respond_to? in Cache.id_for cache DeclarativePolicy.class_for at the class level Update 9.3-to-9.4.md fix padding on filtered search dropdown. Styles should only apply to li in list Cache Note#notable for commits and fix tests Add changelog entry Update the comments for the new functionality Use RequestStoreWrap for Commit#author Skip dead jobs queue for web hooks and project services Add RequestStoreWrap to cache via RequestStore Don't track cached queries in Gitlab::PerformanceBar::PeekQueryTracker Add changelog entry ...
| * \ Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-173-2/+12
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (638 commits) Simplify background migrations stealing code Expire cached user IDs that can see the performance after 5 minutes Promote visibility level helpers from Group to Namespace Fix off-by-one error in background migration retries Recover from all exceptions when stealing bg migration Fix label creation from new list for subgroup projects move click handler to button. when on the icon it wasn't triggered in firefox Fix incorrect AWS ELB metrics. Fix wrong link to docs in docs styleguide Update issue-related docs Refactor groups docs Add subgroups limitations to Pages docs Update Google launcher details Split docs on IP whitelist for monitoring access Update health check docs Bump fog-core to 1.44.3 and fog providers' plugins to latest Introduce have_gitlab_http_status Remove Repository#search_files Update Pipeline's badge count in Merge Request and Commits view to match real-time content Fixes the user order being overriden in the autocomplete controller ...
| * \ \ Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-053-9/+19
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (67 commits) Revert "Merge branch 'revert-12499' into 'master'" Prevent accidental deletion of protected MR source branch by repeating checks before actual deletion Document that GitLab 9.3 requires the TRIGGER permission on MySQL Instrument Unicorn with Ruby exporter Remove group modal like remove project modal. Closes #33130 Update prometheus client gem Enables the option in user preferences to turn on the new navigation Simplify authentication logic in the v4 users API for !12445. wait_for_requests is not needed when AJAX is not in play Don't resolve fork relationships for projects pending delete Clean up the ForkedProjectLink specs Remove unnecessary clear_stubs calls Add test for GitalyClient::Ref#find_ref_name DeleteMergedBranchesService should not delete protected branches Optimize creation of commit API by using Repository#commit instead of Repository#commits Update CHANGELOG.md for 9.3.4 Make autosize fields more performant and remove broken autosize handle Update GITLAB_SHELL_VERSION to 5.1.1 Fixed the y_label not setting correctly for each graph on the monitoring dashboard Refactor and copyedit "Using Docker images" docs ...
| * | | | Fix bad conflict resolutionLin Jen-Shin2017-07-041-1/+1
| | | | |
| * | | | Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-0425-657/+607
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (119 commits) Speed up operations performed by gitlab-shell Change the force flag to a keyword argument add image - issue boards - moving card copyedit == ee !2296 Reset @full_path to nil when cache expires Replace existing runner links with icons and tooltips, move into btn-group. add margin between captcha and register button Eagerly create a milestone that is used in a feature spec Adjust readme repo width Resolve "Issue Board -> "Remove from board" button when viewing an issue gives js error and fails" Set force_remove_source_branch default to false. Fix rubocop offenses Make entrypoint and command keys to be array of strings Add issuable-list class to shared mr/issue lists to fix new responsive layout New navigation breadcrumbs Restore timeago translations in renderTimeago. Fix curl example paths (missing the 'files' segment) Automatically hide sidebar on smaller screens Fix typo in IssuesFinder comment Make Project#ensure_repository force create a repo ...
| * | | | | Consistently check permission for creating pipelines,Lin Jen-Shin2017-07-042-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | updating builds and updating pipelines. We check against being able to merge or push if the ref is protected.
* | | | | | Allow admin to read_users_list even if it's restrictedLin Jen-Shin2017-07-251-1/+1
| | | | | |
* | | | | | Don't treat anonymous users as owners when group has pending invitesSean McGivern2017-07-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `members` table can have entries where `user_id: nil`, because people can invite group members by email. We never want to include those as members, because it might cause confusion with the anonymous (logged out) user.
View Lorry Controller Status