summaryrefslogtreecommitdiff
path: root/spec/models/note_spec.rb
Commit message (Collapse)AuthorAgeFilesLines
...
* Throttle the number of UPDATEs triggered by touchYorick Peterse2017-12-061-1/+1
| | | | | | | This throttles the number of UPDATE queries that can be triggered by calling "touch" on a Note, Issue, or MergeRequest. For Note objects we also take care of updating the associated "noteable" relation in a smarter way than Rails does by default.
* add the missing specmicael.bergeron2017-11-201-0/+31
|
* Commenting on image diffsFelipe Artur2017-10-071-0/+50
|
* Change all `:empty_project` to `:project`rs-empty_project-defaultRobert Speicher2017-08-021-6/+6
|
* Use described_class when possibleRémy Coutable2017-07-271-1/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Remove superfluous lib: true, type: redis, service: true, models: true, ↵Rémy Coutable2017-07-271-1/+1
| | | | | | services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me>
* Enable Style/DotPosition Rubocop :cop:Grzegorz Bizon2017-06-211-8/+8
|
* Correct RSpec/SingleLineHook cop offensesRobert Speicher2017-06-141-2/+6
|
* Allow commenting on older versions of the diff and comparisons between diff ↵dm-link-discussion-to-outdated-diffDouwe Maan2017-05-031-17/+69
| | | | versions
* Fix issue's note cache expiration after deletemhasbini2017-04-111-1/+11
|
* Address review commentsDouwe Maan2017-04-051-15/+15
|
* Fix specsDouwe Maan2017-04-051-6/+6
|
* Don't use original_discussion_idDouwe Maan2017-04-051-39/+0
|
* Add specsDouwe Maan2017-04-051-11/+214
|
* Fix some specsDouwe Maan2017-04-051-2/+2
|
* Add option to start a new discussion on an MRDouwe Maan2017-04-051-25/+92
|
* Invalidate ETag cache when note changesAdam Niedzielski2017-03-011-0/+12
|
* Use `:empty_project` where possible in model specsrs-empty_project-modelsRobert Speicher2017-01-261-6/+6
|
* Merge branch 'rs-empty_project-for-associations' into 'master' Rémy Coutable2017-01-261-1/+1
|\ | | | | | | | | Factories with a project association use `:empty_project` by default See merge request !8770
| * Use a project factory with a repository where necessaryrs-empty_project-for-associationsRobert Speicher2017-01-251-1/+1
| |
* | address commentsJarka Kadlecova2017-01-251-1/+67
| |
* | make mentions working when project not specifiedJarka Kadlecova2017-01-181-0/+2
| |
* | Support notes without projectJarka Kadlecova2017-01-181-0/+13
|/
* Merge branch 'jej-note-search-uses-finder' into 'security' Douwe Maan2016-12-151-38/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Note lookup without access check - [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check - [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder` - [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`] - [x] :white_check_mark: lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035
* Rephrase some system notes to be compatible with new system note stylerephrase-system-notesDouwe Maan2016-11-241-1/+1
|
* remove Ability.abilitieshttp://jneen.net/2016-08-301-10/+9
|
* remove six, and use a Set insteadhttp://jneen.net/2016-08-301-2/+1
|
* Capitalize mentioned issue timeline notesClement Ho2016-08-251-1/+1
|
* Store discussion_id on Note for faster discussion lookup.Douwe Maan2016-08-171-0/+25
|
* Merge branch 'master' into diff-line-comment-vuejsDouwe Maan2016-08-121-3/+3
|\
| * adds second batch of tests changed to active tenseactive-tense-test-coveragetiagonbotelho2016-08-091-3/+3
| |
* | Add specs for new Note and DiffNote methods.Douwe Maan2016-08-121-0/+54
|/
* Retrieve rendered HTML from cache in one requestfix/get-cached-rendered-html-using-single-redis-requestAhmad Sherif2016-07-211-16/+24
| | | | See #19985
* Optimize system note visibility checking by hiding notes thatStan Hu2016-07-111-0/+14
| | | | | | | | | | | | | have been fully redacted and contain cross-project references. The previous implementation relied on Note#cross_reference_not_visible_for?, which essentially tries to render all the Markdown references in a system note and only displays the note if the user can see the referring project. But this duplicated the work that Banzai::NotesRenderer was doing already. Instead, for each note we render, we memoize the number of visible user references and use it later if it is available. Improves #19273
* Don't garbage collect commits that have related DB records like commentsDouwe Maan2016-07-041-0/+4
|
* Project members with guest role can't access confidential issuesDouglas Barbosa Alexandre2016-06-131-4/+11
|
* Backend awardables on commentsZJ van de Weg2016-06-061-0/+10
|
* Merge branch 'master' into awardablesawardablesZ.J. van de Weg2016-06-031-2/+42
|\
| * Fix note validation spec failuresStan Hu2016-06-011-1/+1
| |
| * Merge branch 'separate-banzai-references' into 'master' Douwe Maan2016-06-011-2/+23
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Separate reference gathering from rendering This is a required step to allow batch processing when gathering references. This in turn would allow grabbing (for example) all mentioned users of an issue/merge request using a single query. cc @rspeicher @DouweM See merge request !3969
| | * Refactor ParticipableYorick Peterse2016-06-011-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several changes to this module: 1. The use of an explicit stack in Participable#participants 2. Proc behaviour has been changed 3. Batch permissions checking == Explicit Stack Participable#participants no longer uses recursion to process "self" and all child objects, instead it uses an Array and processes objects in breadth-first order. This allows us to for example create a single Gitlab::ReferenceExtractor instance and pass this to any Procs. Re-using a ReferenceExtractor removes the need for running potentially many SQL queries every time a Proc is called on a new object. == Proc Behaviour Changed Previously a Proc in Participable was expected to return an Array of User instances. This has been changed and instead it's now expected that a Proc modifies the Gitlab::ReferenceExtractor passed to it. The return value of the Proc is ignored. == Permissions Checking The method Participable#participants uses Ability.users_that_can_read_project to check if the returned users have access to the project of "self" _without_ running multiple SQL queries for every user.
| * | Merge branch 'data_leak' into 'master' Robert Speicher2016-05-311-0/+19
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | Confidential notes data leak Fixes part of https://gitlab.com/gitlab-org/gitlab-ee/issues/575 See merge request !1967
| | * | Confidential notes data leakValery Sizov2016-05-311-0/+19
| | |/
* | | Merge branch 'master' into awardablesZJ van de Weg2016-05-301-3/+31
|\ \ \ | |/ /
| * | Shut up, RuboCopfeature/note-validatorRobert Speicher2016-05-291-2/+2
| | | | | | | | | | | | :heart:
| * | Minor changes in note validation specsGrzegorz Bizon2016-05-291-5/+6
| | |
| * | Update specs to carry out changes in note factoryGrzegorz Bizon2016-05-291-2/+8
| | |
| * | Add more validation tests for note modelGrzegorz Bizon2016-05-291-0/+27
| | |
| * | Update note factory to include noteable associationGrzegorz Bizon2016-05-291-3/+3
| |/
* | Remove old tests, and use right factoriesZJ van de Weg2016-05-251-60/+0
| |
View Lorry Controller Status