| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix missing Note access checks in by moving Note#search to updated NoteFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
## Which fixes are in this MR?
:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested
### Note lookup without access check
- [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check
- [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder`
- [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`]
- [x] :white_check_mark: lib/gitlab/project_search_results.rb:113
- This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`.
- It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked.
### Previous discussions
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used
- `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223
### Acceptance criteria met?
- [x] Tests added for new code
- [x] TODO comments removed
- [x] Squashed and removed skipped tests
- [x] Changelog entry
- [ ] State Gitlab versions affected and issue severity in description
- [ ] Create technical debt issue for NotesFinder.
- Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two.
- Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)`
- Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes`
See merge request !2035
|
|\
| |
| |
| |
| |
| |
| | |
Render math in Asciidoc and Markdown with KaTeX using code blocks
Closes #13690 and #13180
See merge request !8003
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Detailed build statuses
## What does this MR do?
Implements detailed statuses for `Ci::Builds` and `CommitStatus`.
It also adds a new icon for manual build.
## Screenshots
![manual_builds_icon](/uploads/22b5c594350856c85398ef705a635f8b/manual_builds_icon.png)
## What are the relevant issue numbers?
See #24273, closes #22642
See merge request !7989
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
[ci skip]
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds the ability to cherry pick a commit via the API. Right now it only supports to directly cherry pick a commit and not starting a MR from it. Shall we do that also for the API?
Closes #25450
See merge request !8047
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
API: Memoize the current_user so that the sudo can work properly
Closes #25482
See merge request !8017
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The issue was arising when `#current_user` was called a second time
after a user was impersonated: the `User#is_admin?` check would be
performed on it and it would fail.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
API: Ability to get group's project in simple representation
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/25412
See merge request !8060
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add index to routes table on lower path for postgresql
Improve performance of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121
See merge request !8041
|
| | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allow all alphanumeric characters in file names
## What does this MR do?
Allow more characters in file names such as Chinese symbols.
## Why was this MR needed?
It is annoying that some files which can be uploaded using Git CLI cannot be created with the web editor.
## What are the relevant issue numbers?
fixes #20190
See merge request !8002
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Minor improvements to nested groups code
See merge request !8011
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Don't allow blank MR titles in API
Closes #25033
See merge request !7848
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Grapify the service API
Related to #22928
See merge request !7970
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Avoid escaping relative links in Markdown twice
## What does this MR do?
Avoid escaping relative links in Markdown twice.
## Why was this MR needed?
Relative links with special characters (e.g. spaces) were escaped twice.
## What are the relevant issue numbers?
closes #25191, #25318
See merge request !7940
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
API: Add the project filter to the groups endpoint.
Related to #22928. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/25420
See merge request !8034
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Allow branch names with dots on API endpoint
closes #25030
See merge request !7963
|