| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Resolves #24576
Modify the guard clause of the `ApplicationController#require_email`
before action to skip requests where an admin is impersonating the
current user.
|
|
|
|
|
|
|
| |
If notification_email is blank, it's set from email. If an admin
attempted to create a user with an invalid email, an error would be
displayed for both fields. Only validate the notification_email if it's
different from email.
|
|
|
|
| |
Closes #21015
|
|\
| |
| |
| |
| |
| |
| | |
Submit to Akismet Part 1 (Issues)
Related to #5932 #5573 gitlab-com/infrastructure#14
See merge request !5538
|
| | |
|
| |
| |
| |
| | |
- Refactored SpamCheckService into SpamService
|
| |
| |
| |
| |
| | |
- Added controller actions as reusable concerns
- Added controller tests
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a race condition in DestroyGroupService now that projects are deleted asynchronously:
1. User attempts to delete group
2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project
3. DestroyGroupService destroys the Group, leaving all its projects without a namespace
4. Projects::DestroyService runs later but the can?(current_user,
:remove_project) is `false` because the user no longer has permission to
destroy projects with no namespace.
5. This leaves the project in pending_delete state with no namespace/group.
Projects without a namespace or group also adds another problem: it's not possible to destroy the container
registry tags, since container_registry_path_with_namespace is the wrong value.
The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService.
Closes #17893
|
| |
|
| |
|
| |
|
|
|
|
| |
Also removes the note from the development/testing.md guide
|
|
|
|
|
|
| |
When an admin changes a user's password for them, force the user to
reset the password after logging in by expiring the new password
immediately.
|
| |
|
| |
|
|
|
|
| |
The SQL query was ambiguous and in this case we want to filter projects.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Currently any spam detected by Akismet by non-members via API will be logged
in a separate table in the admin page.
Closes #5612
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Modifies the existing "login as" feature to be called impersonation, as
well as keeping track of who is impersonating to revert back to that
user without having to log out.
|
|
|
|
|
|
|
|
|
|
| |
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.
Closes #3122
Closes https://github.com/gitlabhq/gitlabhq/issues/9731
|
| |
|
|
|
|
| |
Closes #2291
|
|
|
|
|
| |
Closes #2116
Closes https://github.com/gitlabhq/gitlabhq/issues/9502
|
| |
|
|
|
|
| |
Closes https://github.com/gitlabhq/gitlabhq/issues/9381
|
|
Closes #1856
Closes https://github.com/gitlabhq/gitlabhq/issues/9394
|