| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Fix permissions check in `RelativeLinkFilter`
See merge request gitlab-org/gitlab-ce!32448
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When post-processing relative links to absolute links
RelativeLinkFilter didn't take into consideration that
internal repository data could be exposed for users
that do not have repository access to the project.
This commit solves that by checking whether the user
can `download_code` at this repository, avoiding any
processing of this filter if the user can't.
Additionally, if we're processing for a group (
no project was given), we check if the user can
read it in order to expand the href as an extra.
That doesn't seem necessarily a breach now,
but an extra check doesn't hurt as after all
the user needs to be able to `read_group`.
|
|\
| |
| |
| |
| | |
Prevent disclosure of merge request id via email
See merge request gitlab/gitlabhq!3350
|
| |
| |
| |
| |
| | |
Do not disclosure merge request id via email for unauthorized users
when closing issues.
|
|/ |
|
|
|
|
|
|
| |
- Adds UI to configure in group and project settings
- Removes notification configuration for users when
disabled at group or project level
|
|
|
|
|
| |
This link is shown when a user tries to login with an unconfirmed
email address and the grace period has expired
|
|
|
|
|
| |
This introduces several changes, but these are all just ported from the
EE project.
|
|
|
|
|
|
| |
into 'master'"
This reverts merge request !30808
|
|
|
|
|
|
|
|
| |
This adds a notification to let users know of our updated privacy
policy.
Users can dismiss the notification either by following the link or
closing the notification via an "x" icon.
|
|
|
|
|
|
| |
Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Remove code related to object hierarchy and MySQL
Closes #65056 and #65055
See merge request gitlab-org/gitlab-ce!31095
|
| |
| |
| |
| |
| | |
These are not required because MySQL is not
supported anymore
|
|/
|
|
| |
Without this change, we get a NoMethodError on nil
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
into 'master'
Remove project param from `#show_label_issuables_link?`
Closes #62217
See merge request gitlab-org/gitlab-ce!31038
|
| |
| |
| |
| | |
The project param is unnecessary here
|
|/
|
|
|
|
| |
Introduces new `feature_entry` helper for dashboard.
This helper reduces code duplication when listing available features
and relevant links to configuration sections
|
| |
|
|
|
|
| |
remove frontend spec unnecessary tests
|
|
|
|
|
| |
Show a message if many levels are restricted and a
different message if all levels are restricted.
|
| |
|
|
|
|
|
|
|
| |
When opening the IDE on a project where the user doesn't have push
access, we create a fork and then redirect back to the IDE. To make
sure the user can actually commit, we need to open the IDE in the forked
project rather than the upstream project.
|
|\
| |
| |
| |
| | |
[CE] Upgrade to Rails 5.2
See merge request gitlab-org/gitlab-ce!30052
|
| |
| |
| |
| | |
Updates changed method names and fixes spec failures
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Resolve "Follow up: Simplify sort direction logic"
Closes #60798
See merge request gitlab-org/gitlab-ce!30443
|
| | |
| | |
| | |
| | | |
Minor refactor specs
|
| | |
| | |
| | |
| | | |
Refactor sort direction icon
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added tests with project_list_filter_bar set to off
Added tests for projects_sort_option_titles
Refactor project sort options hash
|
| |/ |
|
|/
|
|
| |
(cherry picked from commit 1e8bdd01bff96122fe80c51fa8f024f18675b58b)
|
|\
| |
| |
| |
| |
| |
| | |
Fix `simple_format` undefined error #60179
Closes #60179
See merge request gitlab-org/gitlab-ce!30366
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`simple_format` is not defined in ActionView::Helpers::TagHelper, but
it is actually located in ActionView::Helpers::TextHelper.
The solution is to include the correct helper.
I've also added tests for `#markup_unsafe` because they were missing.
|
|/
|
|
|
|
| |
Converted storage details into a small partial
Reworded the storage details summary as suggested
Updated pot file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we label items to be done as "Todo." This is grammatically
incorrect and (therefore) confusing—especially to our Spanish-speaking
users for whom "todo" has a specific and unrelated meaning.
We should use "To Do" and always use it as singular (not "To Dos").
Updates to wording in a few places per MR (ee) discussion
Updating locale/gitlab.pot
Updates to wording in a few places per MR (ee) discussion
Updating locale/gitlab.pot
|
|\
| |
| |
| |
| | |
Add new onboarding to flipper A/B testing
See merge request gitlab-org/gitlab-ce!30125
|
| |
| |
| |
| |
| |
| | |
OnboardingExperimentHelpers take care of
determining if the current_user should or should
not see the new onboarding feature.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29889,
only the project context were set for the Markdown renderer. For a note
on an issuable, the group context was set to `nil` because
`note.noteable.try(:group)` attempted to get the issuable's group, which
doesn't exist.
To make group notifications work, now both the project and group context
are set. The context gets passed to `RelativeLinkFilter`, which
previously assumed that it wasn't possible to have both a group and a
project in the Markdown context. However, if a group were defined, it
would take precedence, and the URL rendered for uploads would be
`/group/-/uploads` instead of `/group/project/uploads/`. This led to
404s in e-mails.
However, now that we have both project and group in the context, we
render the Markdown giving priority to the project context if is set.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63910
|
|
|
|
|
| |
RecaptchaExperimentHelper contains helper methods
to assist in the controller and view layers.
|
|
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
|
|
|
| |
This saves about 5 SQL calls per page if no custom appearance is
specified.
|
|
|
|
|
|
| |
Fixed inconsistencies in variable names for deployment
endpoints for monitoring dashboard which causes
deployment rocket icons to disappear
|
|
|
|
|
|
| |
Update frontend code to use /-/ scope for milestones and labels routes
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
If the default, instance-wide visibility were set to internal but a
group were private, the radio button would be set on internal even
though that setting were not allowed. We now consider the allowed
visibility setting for the group in determining what the default should
be.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62298
|
|\
| |
| |
| |
| |
| |
| | |
Use Redis for CacheMarkDownField on non AR models
Closes #54140
See merge request gitlab-org/gitlab-ce!29054
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows using `CacheMarkdownField` for models that are not backed
by ActiveRecord.
When the including class inherits `ActiveRecord::Base` we include
`Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the
markdown fields to be rendered and the generated HTML stored in a
`<field>_html` attribute on the record. We also store the version
used for generating the markdown.
All other classes that include this model will include the
`Gitlab::MarkdownCache::Redis::Extension`. This add the `<field>_html`
attributes to that model and will generate the html in them. The
generated HTML will be cached in redis under the key
`markdown_cache:<class>:<id>`. The class this included in must
therefore respond to `id`.
|
|/
|
|
|
| |
Helps build a hash of snowplow tracking data attrs.
Updates import project pane to use new helper.
|
|
|
|
| |
There are no namespaces in the strings so we don't need those
|