summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Grapify the commit status APIgrapify-commit-statuses-apiRobert Schilling2016-10-191-26/+27
|
* Merge branch 'feature/issues-board' into 'master' Sean McGivern2016-10-131-14/+17
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactoring Issues Board ## What does this MR do? This MR aims to minimize conflicts between the CE issues board feature with EE multiple boards feature. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? To avoid a lot of conflicts with EE multiple boards feature. ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] ~~[CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added~~ - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [x] API support added - Tests - [X] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ee/issues/929 https://gitlab.com/gitlab-org/gitlab-ee/issues/1084 See merge request !6727
| * Update Issue Board API to handle with has_many associationDouglas Barbosa Alexandre2016-10-111-14/+17
| |
* | Merge branch 'zj-grapedsl-variable' into 'master' Rémy Coutable2016-10-131-47/+42
|\ \ | | | | | | | | | | | | | | | | | | GrapeDSL for variables See merge request !6838
| * | GrapeDSL for variableszj-grapedsl-variableZ.J. van de Weg2016-10-131-47/+42
| | |
* | | Merge branch 'api-version' into 'master' Robert Speicher2016-10-122-0/+13
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Version information ## What does this MR do? Adds a new endpoint to retrieve the version information. ## Why was this MR needed? Clients can now use this information to enable/disable certain API features depending on the version. ## What are the relevant issue numbers? Closes #22608, https://gitlab.com/gitlab-org/gitlab-ce/issues/23148 See merge request !6822
| * | API: Version informationapi-versionRobert Schilling2016-10-122-0/+13
| | |
* | | Merge branch '17541-move-licenses-api-endpoint-to-templates-licenses' into ↵Rémy Coutable2016-10-123-83/+100
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'master' Resolve "Move `/licenses` api endpoint to `/templates/licenses`" ## What does this MR do? It moves the `/licenses`, `/gitignores` and `/gitlab_ci_ymls` API endpoints under the `/templates` namespace ## Why was this MR needed? In EE we now have somewhat ambiguous API endpoints. `/license` refers to the EE license while `/licenses` (plural) refers to license templates. @DouweM mentioned that we're adding .gitignore templates in #14106 so it may make sense to add a /templates namespace. Then, move the /license templates endpoint to be underneath, along with .gitignore endpoints. Closes #17541 See merge request !5717
| * | Create a new /templates API namespaceThomas Balthazar2016-10-123-83/+100
| | | | | | | | | | | | | | | | | | The /licenses, /gitignores and /gitlab_ci_ymls endpoints are now also available under a new /templates namespace. Old endpoints will be deprecated when GitLab 9.0.0 is released.
* | | Merge branch 'user-events-api' into 'master' Robert Speicher2016-10-121-0/+20
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: New /users/:id/events endpoint ## What does this MR do? If add a new `/users/:id/events` endpoint to retrieve a user's contribution events. The events returned are filtered so that only the events for projects that the current user can see are returned (similarly to what we do at the controller level). ## Why was this MR needed? Because it's a nice feature to calculate leaderboards, for instance for #17815. ## What are the relevant issue numbers? Closes #20866. See merge request !6771
| * | API: New /users/:id/events endpointRémy Coutable2016-10-101-0/+20
| | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'api-fix-project-group-sharing' into 'security'Rémy Coutable2016-10-111-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Share projects only with groups current_user can access Aims to address the issues here: https://gitlab.com/gitlab-org/gitlab-ce/issues/23004 * Projects can be shared with non-existent groups * Projects can be shared with groups that the current user does not have access to read Concerns: The new implementation of the API endpoint allows projects to be shared with a larger range of groups than can be done via the web UI. The form for sharing a project with a group uses the following API endpoint to index the available groups: https://gitlab.com/gitlab-org/gitlab-ce/blob/494269fc92f61098ee6bd635a0426129ce2c5456/lib/api/groups.rb#L17. The groups indexed in the web form will only be those groups that the user is currently a member of. The new implementation allows projects to be shared with any group that the authenticated user has access to view. This widens the range of groups to those that are public and internal. See merge request !2005 Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'atom-routes' into 'master' Robert Speicher2016-10-111-2/+31
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow browsing branches that end with '.atom' ## What does this MR do? 1. Simplify the regex capture in the routing for the CommitsController to not exclude the '.atom' suffix. That's a perfectly valid git branch name, so we shouldn't blow up if we get it. 2. Because Rails now can't automatically detect the request format, add some code to do so in `ExtractPath` when there is no path. This means that, given branches 'foo' and 'foo.atom', the Atom feed for the former is unroutable. To fix this: don't do that! Give the branches different names! ## Why was this MR needed? Creating a branch or tag name ending in '.atom' would cause some 500s on that repo. ## What are the relevant issue numbers? Closes #21955. Related to !5994. See merge request !6750
| * | Allow browsing branches that end with '.atom'Sean McGivern2016-10-111-2/+31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | We need to do two things to support this: 1. Simplify the regex capture in the routing for the CommitsController to not exclude the '.atom' suffix. That's a perfectly valid git branch name, so we shouldn't blow up if we get it. 2. Because Rails now can't automatically detect the request format, add some code to do so in `ExtractPath` when there is no path. This means that, given branches 'foo' and 'foo.atom', the Atom feed for the former is unroutable. To fix this: don't do that! Give the branches different names!
* | Merge branch 'docs/refactor-reply-by-email' into 'master' Achilleas Pipinellis2016-10-111-3/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move reply by email docs to a new location ## What does this MR do? Move reply by email docs to a new location. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/3349 ## Moving docs to a new location? See the guidelines: http://docs.gitlab.com/ce/development/doc_styleguide.html#changing-document-location - [ ] Make sure the old link is not removed and has its contents replaced with a link to the new location. - [ ] Make sure internal links pointing to the document in question are not broken. - [ ] Search and replace any links referring to old docs in GitLab Rails app, specifically under the `app/views/` directory. - [ ] If working on CE, submit an MR to EE with the changes as well. See merge request !6517
| * | Move reply by email docs to a new locationdocs/refactor-reply-by-emailAchilleas Pipinellis2016-09-251-3/+3
| | | | | | | | | | | | [ci skip]
* | | Add a new gitlab:users:clear_all_authentication_tokens taskRémy Coutable2016-10-111-0/+11
| | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'dz-cleanup-routing' into 'master' Dmitriy Zaporozhets2016-10-111-0/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove NamespacesController * removes unnecessary NamespacesController. The main purpose of this controller was redirect to group or user page when URL like https://gitlab.com/gitlab-org was used. Now this functionality is handled by constrainers (like this https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/routes/user.rb#L17-21) and take user to correct controller right from the start. * serve non existing API routes like `/api/v3/whatever` with Grape instead of Rails. Before this change wrong API url was served by rails with not obvious 404, 405 & 500 errors See merge request !6733
| * | | Replace undefined Grape routing code from 400 to 404Dmitriy Zaporozhets2016-10-101-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * | | Catch any undefined API routing and return 400 Bad RequestDmitriy Zaporozhets2016-10-101-0/+4
| | |/ | |/| | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | Merge branch 'fix-misnamed-constant' into 'master' Robert Speicher2016-10-102-2/+2
|\ \ \ | | | | | | | | | | | | | | | | Rename HTMLEntityFilter to HtmlEntityFilter to fix autoloading See merge request !6776
| * | | HTMLEntityFilter -> HtmlEntityFilterNick Thomas2016-10-102-2/+2
| | | |
* | | | Merge branch 'explain-0600' into 'master' Robert Speicher2016-10-101-1/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Explain the extra chmod There is confusion about what passing `0600` to File.open does. ``` $ touch /tmp/foobar $ ls -l /tmp/foobar -rw-r--r-- 1 jacobvosmaer wheel 0 Sep 26 14:20 /tmp/foobar $ ruby -e 'File.open("/tmp/foobar", "w", 0600)' $ ls -l /tmp/foobar -rw-r--r-- 1 jacobvosmaer wheel 0 Sep 26 14:20 /tmp/foobar $ $ $ rm /tmp/foobar $ ruby -e 'File.open("/tmp/foobar", "w", 0600)' $ ls -l /tmp/foobar -rw------- 1 jacobvosmaer wheel 0 Sep 26 14:21 /tmp/foobar ``` See merge request !6523
| * | | Explain the extra chmodJacob Vosmaer2016-09-261-1/+1
| | | |
* | | | Correct namespace validation to forbid bad names #21077Will Starms2016-10-071-2/+2
| |/ / |/| | | | | | | | | | | | | | Adds .git and .atom to the master namespace regex Updates existing group tests and adds two new ones Updates path cleaning to also forbid .atom
* | | Merge branch 'memoize_shell_secret_token' into 'master' Rémy Coutable2016-10-073-17/+33
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Memoize Github::Shell's secret token ## What does this MR do? `API::Helpers#secret_token` was reading the secret file on every invocation. This MR reads the file in the `gitlab_shell_secret_token.rb` initializer and saves it as a class variable at `Gitlab::Shell.secret_token` ## Are there points in the code the reviewer needs to double check? - I'm not sure if the use of `cattr_accessor` is the best approach, or if should be moved into the `class << self` block? - Should `API::Helpers#secret_token` be removed in favor of using `Gitlab::Shell.secret_token`? ## Why was this MR needed? Performance optimization. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22510 See merge request !6599
| * | | Load Github::Shell's secret token from file on initialization instead of ↵Justin DiPierro2016-10-063-17/+33
| | | | | | | | | | | | | | | | every request.
* | | | Merge branch 'ben.boeckel/gitlab-ce-api-visible-projects' into 'master' Rémy Coutable2016-10-071-20/+31
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add visible projects API ## What does this MR do? Add a new `/projects/visible` API endpoint. Originally created by @ben.boeckel in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5970. ## Are there points in the code the reviewer needs to double check? Does the API make sense? ## Why was this MR needed? The `/projects` endpoint only returned projects the user was explicitly a member of. Closes #19361, #3119. See merge request !6681
| * | | | Tidy up project list actionsben.boeckel/gitlab-ce-api-visible-projectsSean McGivern2016-10-051-28/+24
| | | | |
| * | | | api: add /projects/visible API endpointBen Boeckel2016-10-041-0/+15
| | | | | | | | | | | | | | | | | | | | FIxes #19361, #3119.
* | | | | Merge branch '22820-api-use-env-not-request-in-helpers' into 'master' Rémy Coutable2016-10-071-1/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolve "NameError: undefined local variable or method `request' for #<Grape::Middleware::Error:0x007fc990..." ## What does this MR do? Switches from `request` to `env` in an API helper method as the helpers are included in contexts lacking `request`. ## Are there points in the code the reviewer needs to double check? I couldn't build a reproducer for this. Closes #22820 See merge request !6615
| * | | | | Switch from request to env in ::API::HelpersNick Thomas2016-10-061-1/+1
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | Per https://gitlab.com/gitlab-org/gitlab-ce/issues/22820, this helper is mixed in to classes that lack a `request` method. They do include `env`, so use it instead.
* | | | | Enable CacheMarkdownField for the remaining modelsNick Thomas2016-10-072-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit alters views for the following models to use the markdown cache if present: * AbuseReport * Appearance * ApplicationSetting * BroadcastMessage * Group * Issue * Label * MergeRequest * Milestone * Project At the same time, calls to `escape_once` have been moved into the `single_line` Banzai pipeline, so they can't be missed out by accident and the work is done at save, rather than render, time.
* | | | | Use CacheMarkdownField for notesNick Thomas2016-10-072-32/+26
| | | | |
* | | | | Add markdown cache columns to the database, but don't use them yetNick Thomas2016-10-073-16/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a number of _html columns and, with the exception of Note, starts updating them whenever the content of their partner fields changes. Note has a collision with the note_html attr_accessor; that will be fixed later A background worker for clearing these cache columns is also introduced - use `rake cache:clear` to set it off. You can clear the database or Redis caches separately by running `rake cache:clear:db` or `rake cache:clear:redis`, respectively.
* | | | | Merge branch 'fix-already-selected-activity-link' into 'master' Fatih Acet2016-10-061-10/+13
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix inconsistent highlighting of already selected activity nav-links ## What does this MR do? * Remove edge case where user could deselect an activity nav-link (which seems to be returning all the events) * Explicitly add an `All` tab to return all the events ## Are there points in the code the reviewer needs to double check? Shouldn't be ## Why was this MR needed? Resolves existing UI inconsistency ## Screenshots (if relevant) Before: ![4OzkoQVJYc](/uploads/fd2a7fdbde2159e875482ec7b828fe60/4OzkoQVJYc.gif) After: ![E0lj8UhEUU](/uploads/7eb5155861eb79d72957de04c9f172c9/E0lj8UhEUU.gif) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? * Closes #21631 * Closes #21452 See merge request !6091
| * | | | | Fix inconsistent highlighting of already selected activity nav-linksClement Ho2016-10-051-10/+13
| | | | | |
* | | | | | Make user constrainer lookup same as controller and add more constrainer testsDmitriy Zaporozhets2016-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | | | | Change user & group landing page routing from /u/:name & /groups/:name to /:nameDmitriy Zaporozhets2016-10-063-0/+27
| |/ / / / |/| | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | | | Merge branch 'fix/github-importer-client' into 'master' Rémy Coutable2016-10-061-2/+12
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix broken handling of certain calls in GitHub importer client ## What does this MR do? It changes/fixes the behavior of request handling in GH client. Now it returns the response directly if it's not a collection of resources. Otherwise, it checks for a passed block, if true, then it yield each page to said block, if not, it collects all response in a single array then returns it. Closes #22998 See merge request !6703
| * | | | | Fix broken handling of certain calls in GitHub importer clientfix/github-importer-clientAhmad Sherif2016-10-061-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | Closes #22998
* | | | | | Merge branch 'rc-use-grape-dsl-to-document-members-api' into 'master' Robert Speicher2016-10-062-93/+67
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Use Grape DSL to document access requests and members endpoints Part of #21979, depends on gitlab-org/gitlab-ce!6267 and gitlab-org/gitlab-ce!6266. See merge request !6269
| * | | | | | Use Grape DSL to document methods and their paramsrc-use-grape-dsl-to-document-members-apiRémy Coutable2016-10-052-93/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | | | | | Merge branch 'mahcsig/gitlab-ce-17350-multi-file-commit'Rémy Coutable2016-10-061-0/+36
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | See !6096.
| * | | | | | | multi-file commitMarc Siegfriedt2016-10-051-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add docs and tests - add additional validation allow move without content updated response
* | | | | | | | Merge branch 'issue-board-api-support' into 'master' Dmitriy Zaporozhets2016-10-063-1/+133
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue Board API support ## What does this MR do? Adds support for Issue Board in the API. ## Are there points in the code the reviewer needs to double check? ~~Double check whether the Issue Board list movement fix is needed.~~ *Moved to a separate issue.* [#22890](https://gitlab.com/gitlab-org/gitlab-ce/issues/22890) ## Why was this MR needed? Currently the API offers partial support to a project's Issue Board indirectly through Labels. This MR adds support for listing, creating, moving and removing board lists. ## Does this MR meet the acceptance criteria? - [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [X] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [X] API support added - Tests - [X] Added for this feature/bug - [X] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if you do - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? [#22195](https://gitlab.com/gitlab-org/gitlab-ce/issues/22195) See merge request !6646
| * | | | | | | | Added Issue Board API supportAndre Guedes2016-10-053-1/+133
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | - Includes documentation and tests
* | | | | | | | Use higher size on Gitlab::Redis connection pool on Sidekiq serversPaco Guzman2016-10-061-1/+11
| | | | | | | |
* | | | | | | | Merge remote-tracking branch 'dev/master'Rémy Coutable2016-10-063-5/+25
|\ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ Merge branch 'fix/id-claim-import-issue' into 'master' Douwe Maan2016-09-303-5/+25
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent claiming associated model IDs via import On the import side, we should be careful not to use any IDs as part of the JSON file that could have been manipulated. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/20821 Things we already do (__before__ this fix): 1. Remove all primary keys 1. **Always** reassign some of the foreign keys, such as ALL project IDs and user IDs (so it would be difficult to impersonate or try to gain access to another project) 1. Ignore/reject attributes that do not exist in the model 1. If someone reassigns a foreign key `submodel_id`, and that object has another json as the submodel, the new submodel will reassign the `submodel_id` to the newly created submodel ID. Things we should do: 1. Remove/nullify any other foreign keys that we don't reassign (checked this, and there aren't many, fortunately. In fact, I don't think much harm can be done at all - at the moment). See merge request !1985
View Lorry Controller Status