summaryrefslogtreecommitdiff
path: root/lib/api/issues.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add some API endpoints for time tracking.Ruben Davila2017-01-181-0/+2
| | | | | | | | | | | | | | New endpoints are: POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_time_estimate" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/add_spent_time" POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_spent_time" GET :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_stats"
* API: Implement project issues iid param with IssuesFinder and add tests23194-fix-no-milestone-option-for-projects-endpointDavid Eisner2017-01-121-21/+26
| | | | | | | | | | | | | - Use IssuesFinder for the /issues API resouce - Tests for iid filter in project issues API resource - Tests for No Milestone filter in issues API resources The "No Milestone" case was not previously tested, and the `/issues` resource did not support the the `milestone` parameter. - Return issues where all labels match from the issues and project issues API resources, like the group issues resource already does. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6825#note_17474533 Signed-off-by: Rémy Coutable <remy@rymai.me>
* Adding 'IssueFinder' for 'projects' API endpointPanagiotis Atmatzidis2017-01-121-6/+8
| | | | | | | | Current filtering for "/projects/:id/issues" endpoint returns no results for "No Milestone" query. This PR introduces fix by copying filtering from "/groups/:id/issues" which works as expected.
* Add missing milestone parameterRobert Schilling2017-01-041-0/+1
|
* Refactor issues filter in APIRobert Schilling2017-01-041-21/+7
|
* Fix state_event parameter to reopen an issuefixes-issues-api-reopenRobert Schilling2016-12-221-2/+1
|
* Grapify the issues APIgrapify-issues-apiRobert Schilling2016-12-071-151/+112
|
* A simpler implementation of finding a merge requestBob Van Landuyt2016-12-061-9/+6
| | | | Following a discussion in !7180
* Feature: delegate all open discussions to IssueBob Van Landuyt2016-12-051-10/+22
| | | | | | | | | | | | | When a merge request can only be merged when all discussions are resolved. This feature allows to easily delegate those discussions to a new issue, while marking them as resolved in the merge request. The user is presented with a new issue, prepared with mentions of all unresolved discussions, including the first unresolved note of the discussion, time and link to the note. When the issue is created, the discussions in the merge request will get a system note directing the user to the newly created issue.
* Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security' Douwe Maan2016-11-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
* Merge branch 'zj-fix-label-creation-non-members' into 'security'Douwe Maan2016-11-281-37/+37
| | | | | | | | Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
* API: Introduce `#find_group!` which also check access permission22373-reduce-queries-in-api-helpers-find_projectRémy Coutable2016-11-241-1/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Remove default value for `project` argument on subscribable concernDouglas Barbosa Alexandre2016-11-171-5/+5
|
* Fix API issues sortingfix-api-sortingSean McGivern2016-09-091-3/+9
|
* API: Expose issue#confidentialapi-confidential-issuesRobert Schilling2016-08-311-2/+12
|
* if issue is not valid we revert back to the old labels when updatingtiagonbotelho2016-08-301-9/+2
|
* refactors update issue api request and some minor commentstiagonbotelho2016-08-301-16/+10
|
* adds test to check whether or not an email is sent to label subscribers ↵tiagonbotelho2016-08-301-19/+6
| | | | after creating a new issue through the api
* user is now notified when creating an issue through the apitiagonbotelho2016-08-301-2/+16
|
* Refactored AkismetHelper into AkismetService and cleaned up `Spammable`Patricio Cano2016-08-151-2/+0
| | | | - Refactored SpamCheckService into SpamService
* Refactored spam related code even furtherPatricio Cano2016-08-151-1/+1
| | | | | | | - Removed unnecessary column from `SpamLog` - Moved creation of SpamLogs out of its own service and into SpamCheckService - Simplified code in SpamCheckService. - Moved move spam related code into Spammable concern
* Complete refactor of the `Spammable` concern and tests:Patricio Cano2016-08-151-1/+1
| | | | | | | - Merged `AkismetSubmittable` into `Spammable` - Clean up `SpamCheckService` - Added tests for `Spammable` - Added submit (ham or spam) options to `AkismetHelper`
* Refactor spam validation to a concern that can be easily reused and improve ↵akismet-ui-checkPatricio Cano2016-07-261-7/+5
| | | | legibility in `SpamCheckService`
* Refactor `SpamCheckService` to make it cleaner and clearer.Patricio Cano2016-07-261-4/+6
|
* Submit all issues on public projects to Akismet if enabled.Patricio Cano2016-07-261-5/+3
|
* Submit new issues created via the WebUI by non project members to Akismet ↵Patricio Cano2016-07-261-12/+1
| | | | for spam check.
* API: Expose due_date for issuesapi-isssues-due-dateRobert Schilling2016-07-121-4/+6
|
* gitlab-org/gitlab-ce#17818 - add api call for issues by groupMarc Siegfriedt2016-06-231-0/+35
| | | | | rely only on IssuesFinder docs and changelog
* Fix pseudo n+1 queries with Note and Note Authors in issuables APIsAlejandro Rodríguez2016-06-081-2/+2
| | | | | | | | | This was not a clear cut n+1 query, given that if you're directly subscribed to all issues that the API is returning you never really need to check for the notes. However, if you're subscribed to _all_ of them, then for each issuable you need to go once to `notes`, and once to `users` (for the authors). By preemtively loading notes and authors, at worst you have 1 extra query, and at best you saved 2n extra queries. We also took advantage of this preloading of notes when counting user notes.
* Add API endpoints for un/subscribing from/to a labelAhmad Sherif2016-05-121-38/+1
| | | | Closes #15638
* Use ActionDispatch Remote IP for Akismet checkingStan Hu2016-04-271-2/+2
| | | | | | | | Previously all remote IPs appeared at 127.0.0.1, which made Akismet not very useful. Using the ActionDispatch Remote IP (http://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html) should provide more reliable results. Closes #16629
* Allow back dating issues on updateMichael Greene2016-04-131-2/+5
|
* Ensure that issues and merge requests are foundRobert Schilling2016-04-131-4/+4
|
* Make subscription API more RESTfulRobert Schilling2016-04-131-23/+6
|
* API: Ability to subscribe and unsubscribe from a merge requestRobert Schilling2016-04-131-2/+2
|
* API: Ability to subscribe and unsubscribe from an issueRobert Schilling2016-04-131-0/+53
|
* Update tests for moving issues via APIRobert Schilling2016-04-131-7/+7
|
* API: Ability to move an issueRobert Schilling2016-04-131-0/+23
|
* API: Expose subscribed? on issuesRobert Schilling2016-04-081-5/+5
|
* Back dating of issues when creating throught the APIZeger-Jan van de Weg2016-03-281-6/+10
|
* Minor improvements on IssuableActionsZeger-Jan van de Weg2016-03-211-6/+2
|
* minor improvements and fixed specsZeger-Jan van de Weg2016-03-191-1/+2
|
* Dry destroy action on issuablesZeger-Jan van de Weg2016-03-191-2/+3
|
* Soft delete issuablesZeger-Jan van de Weg2016-03-191-2/+7
|
* Restrict access to confidential issues through APIDouglas Barbosa Alexandre2016-03-171-1/+2
|
* Refactor spam filtering on issues APIDouglas Barbosa Alexandre2016-02-021-7/+8
|
* Support Akismet spam checking for creation of issues via APIStan Hu2016-02-021-1/+21
| | | | | | | Currently any spam detected by Akismet by non-members via API will be logged in a separate table in the admin page. Closes #5612
* Merge branch 'rename-abilities' into 'master'Dmitriy Zaporozhets2015-06-261-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename abilities to correspond contoller/model action names write_ was renamed to create_ modify_ was renamed to update_ So now in update action we have next code ``` def create can?(current_user, :create_issue, @issue) end def update can?(current_user, :update_issue, @issue) end ``` See merge request !896
| * Rename abilities to correspond contoller/model action namesrename-abilitiesDmitriy Zaporozhets2015-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | write_ was renamed to create_ modify_ was renamed to update_ So now in update action we have next code def create can?(current_user, :create_issue, @issue) end def update can?(current_user, :update_issue, @issue) end Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Only people who can manage issue can assign labels to itpermission-improvementsDmitriy Zaporozhets2015-06-261-1/+1
|/ | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
View Lorry Controller Status