summaryrefslogtreecommitdiff
path: root/spec/policies
Commit message (Collapse)AuthorAgeFilesLines
* Ensure all project factories use `:repository` trait or `:empty_project`rs-empty_project-cleanupRobert Speicher2017-08-013-6/+6
|
* Use described_class when possibleRémy Coutable2017-07-272-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Remove superfluous lib: true, type: redis, service: true, models: true, ↵Rémy Coutable2017-07-279-9/+9
| | | | | | services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me>
* Remove superfluous type defs in specsKeifer Furzland2017-07-272-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch '30634-protected-pipeline' into 'master'Kamil Trzciński2017-07-252-53/+89
|\ | | | | | | | | | | | | Implement "Block pipelines on protected branches" Closes #30634, #34616, and #33130 See merge request !11910
| * Unify build policy tests and pipeline policy testsLin Jen-Shin2017-07-182-13/+32
| |
| * Restore some tests from masterLin Jen-Shin2017-07-181-5/+33
| |
| * Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-181-8/+0
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (25 commits) Remove unneeded asserts and add tests for inactive RequestStore Rename the methods to make it fit with current name Follow feedback on the merge request Make sure it checks against the tag only when it's a tag Renamed Gitaly services fix transient rspec failure due to Poll.js race condition Refactor variables initialization in dropzone_input.js cache the cache key... avoid #respond_to? in Cache.id_for cache DeclarativePolicy.class_for at the class level Update 9.3-to-9.4.md fix padding on filtered search dropdown. Styles should only apply to li in list Cache Note#notable for commits and fix tests Add changelog entry Update the comments for the new functionality Use RequestStoreWrap for Commit#author Skip dead jobs queue for web hooks and project services Add RequestStoreWrap to cache via RequestStore Don't track cached queries in Gitlab::PerformanceBar::PeekQueryTracker Add changelog entry ...
| * \ Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-051-0/+34
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (67 commits) Revert "Merge branch 'revert-12499' into 'master'" Prevent accidental deletion of protected MR source branch by repeating checks before actual deletion Document that GitLab 9.3 requires the TRIGGER permission on MySQL Instrument Unicorn with Ruby exporter Remove group modal like remove project modal. Closes #33130 Update prometheus client gem Enables the option in user preferences to turn on the new navigation Simplify authentication logic in the v4 users API for !12445. wait_for_requests is not needed when AJAX is not in play Don't resolve fork relationships for projects pending delete Clean up the ForkedProjectLink specs Remove unnecessary clear_stubs calls Add test for GitalyClient::Ref#find_ref_name DeleteMergedBranchesService should not delete protected branches Optimize creation of commit API by using Repository#commit instead of Repository#commits Update CHANGELOG.md for 9.3.4 Make autosize fields more performant and remove broken autosize handle Update GITLAB_SHELL_VERSION to 5.1.1 Fixed the y_label not setting correctly for each graph on the monitoring dashboard Refactor and copyedit "Using Docker images" docs ...
| * | | Fix bad conflict resolutionLin Jen-Shin2017-07-042-8/+8
| | | |
| * | | Merge remote-tracking branch 'upstream/master' into 30634-protected-pipelineLin Jen-Shin2017-07-0412-275/+300
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * upstream/master: (119 commits) Speed up operations performed by gitlab-shell Change the force flag to a keyword argument add image - issue boards - moving card copyedit == ee !2296 Reset @full_path to nil when cache expires Replace existing runner links with icons and tooltips, move into btn-group. add margin between captcha and register button Eagerly create a milestone that is used in a feature spec Adjust readme repo width Resolve "Issue Board -> "Remove from board" button when viewing an issue gives js error and fails" Set force_remove_source_branch default to false. Fix rubocop offenses Make entrypoint and command keys to be array of strings Add issuable-list class to shared mr/issue lists to fix new responsive layout New navigation breadcrumbs Restore timeago translations in renderTimeago. Fix curl example paths (missing the 'files' segment) Automatically hide sidebar on smaller screens Fix typo in IssuesFinder comment Make Project#ensure_repository force create a repo ...
| * | | | Consistently check permission for creating pipelines,Lin Jen-Shin2017-07-042-35/+64
| | | | | | | | | | | | | | | | | | | | | | | | | updating builds and updating pipelines. We check against being able to merge or push if the ref is protected.
* | | | | Allow admin to read_users_list even if it's restrictedLin Jen-Shin2017-07-251-0/+20
| | | | |
* | | | | Don't treat anonymous users as owners when group has pending invitesSean McGivern2017-07-241-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `members` table can have entries where `user_id: nil`, because people can invite group members by email. We never want to include those as members, because it might cause confusion with the anonymous (logged out) user.
* | | | | Associate Issues tab only with internal issues trackerJarka Kadlecova2017-07-241-0/+24
| |_|_|/ |/| | |
* | | | Make sure it checks against the tag only when it's a tag34927-protect-manual-actions-on-tagsLin Jen-Shin2017-07-181-0/+19
| | | |
* | | | Protect manual actions against protected tag tooLin Jen-Shin2017-07-171-6/+19
| |_|/ |/| |
* | | Implement review comments for !12445 from @jneen.34141-allow-unauthenticated-access-to-the-users-apiTimothy Andrew2017-07-031-0/+34
| |/ |/| | | | | | | - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy`
* | convert all the policies to DeclarativePolicyhttp://jneen.net/2017-06-272-3/+3
| |
* | update the specs to not require a set to be returnedhttp://jneen.net/2017-06-2711-271/+296
|/
* Enable Style/DotPosition Rubocop :cop:Grzegorz Bizon2017-06-211-2/+2
|
* Correct RSpec/SingleLineHook cop offensesRobert Speicher2017-06-142-6/+18
|
* Update tests and applicationfix-external-ci-servicesKamil Trzcinski2017-06-131-0/+12
|
* Merge branch '25934-project-snippet-vis' into 'security-9-2'DJ Mountney2017-06-081-2/+2
| | | | | | Fix visibility when referencing snippets See merge request !2101
* Merge branch '3191-deploy-keys-update' into 'master'Rémy Coutable2017-06-071-0/+56
|\ | | | | | | | | | | | | Implement ability to update deploy keys Closes #3191 See merge request !10383
| * Implement ability to update deploy keysAlexander Randa2017-06-021-0/+56
| |
* | Allow group reporters to manage group labels33154-permissions-for-project-labels-and-group-labelsSean McGivern2017-06-051-3/+29
|/ | | | | | | | | Previously, only group masters could do this. However, project reporters can manage project labels, so there doesn't seem to be any need to restrict group labels further. Also, save a query or two by getting a single GroupMember object to find out if the user is a master or not.
* Use CTEs for nested groups and authorizationsYorick Peterse2017-05-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit introduces the usage of Common Table Expressions (CTEs) to efficiently retrieve nested group hierarchies, without having to rely on the "routes" table (which is an _incredibly_ inefficient way of getting the data). This requires a patch to ActiveRecord (found in the added initializer) to work properly as ActiveRecord doesn't support WITH statements properly out of the box. Unfortunately MySQL provides no efficient way of getting nested groups. For example, the old routes setup could easily take 5-10 seconds depending on the amount of "routes" in a database. Providing vastly different logic for both MySQL and PostgreSQL will negatively impact the development process. Because of this the various nested groups related methods return empty relations when used in combination with MySQL. For project authorizations the logic is split up into two classes: * Gitlab::ProjectAuthorizations::WithNestedGroups * Gitlab::ProjectAuthorizations::WithoutNestedGroups Both classes get the fresh project authorizations (= as they should be in the "project_authorizations" table), including nested groups if PostgreSQL is used. The logic of these two classes is quite different apart from their public interface. This complicates development a bit, but unfortunately there is no way around this. This commit also introduces Gitlab::GroupHierarchy. This class can be used to get the ancestors and descendants of a base relation, or both by using a UNION. This in turn is used by methods such as: * Namespace#ancestors * Namespace#descendants * User#all_expanded_groups Again this class relies on CTEs and thus only works on PostgreSQL. The Namespace methods will return an empty relation when MySQL is used, while User#all_expanded_groups will return only the groups a user is a direct member of. Performance wise the impact is quite large. For example, on GitLab.com Namespace#descendants used to take around 580 ms to retrieve data for a particular user. Using CTEs we are able to reduce this down to roughly 1 millisecond, returning the exact same data. == On The Fly Refreshing Refreshing of authorizations on the fly (= when users.authorized_projects_populated was not set) is removed with this commit. This simplifies the code, and ensures any queries used for authorizations are not mutated because they are executed in a Rails scope (e.g. Project.visible_to_user). This commit includes a migration to schedule refreshing authorizations for all users, ensuring all of them have their authorizations in place. Said migration schedules users in batches of 5000, with 5 minutes between every batch to smear the load around a bit. == Spec Changes This commit also introduces some changes to various specs. For example, some specs for ProjectTeam assumed that creating a personal project would _not_ lead to the owner having access, which is incorrect. Because we also no longer refresh authorizations on the fly for new users some code had to be added to the "empty_project" factory. This chunk of code ensures that the owner's permissions are refreshed after creating the project, something that is normally done in Projects::CreateService.
* Merge branch 'snippets-finder-visibility' into 'security'Douwe Maan2017-05-101-15/+65
| | | | | | Refactor snippets finder & dont return internal snippets for external users See merge request !2094
* Robustify environment policy specs to pass on EEfix/gb/make-environment-policy-specs-to-pass-on-eeGrzegorz Bizon2017-05-091-1/+1
|
* Add confirm delete protected branch modalSam Rose2017-05-081-1/+1
|
* Merge branch 'feature/gb/manual-actions-protected-branches-permissions' into ↵Kamil Trzciński2017-05-062-0/+110
|\ | | | | | | | | | | | | | | | | | | 'master' Check access to a branch when user triggers manual action Closes #20261 See merge request !10494
| * Use update build policy instead of new play policyGrzegorz Bizon2017-05-051-9/+9
| |
| * Merge commit '3a2b60f7' from 'master'Grzegorz Bizon2017-05-051-0/+141
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '3a2b60f7a0109cdb84e8727a2625318a746e84dc': (151 commits) Fixed Karma spec Reject EE reserved namespace paths in CE as well Updated webpack config Include the bundler:audit job into the static-analysis job Document serializers Add artifact file page that uses the blob viewer Pipeline table mini graph dropdown remains open when table is refreshed Adds off for event hub Compile gitlab-shell go executables Allow to create new branch and empty WIP merge request from issue page Moved to a view spec Improving copy of CONTRIBUTING.md, PROCESS.md, and code_review.md Convert seconds to minutes and hours on chat notifations Disable navigation to Pages config if Pages is disabled Sort the network graph both by commit date and topographically. Add tooltips to note action buttons Add breadcrumb, build header and pipelines submenu to artifacts browser Update todos screenshots removes the possibility of commit messages having carriage returns Handle incoming emails from aliases correctly ...
| * | Fix environment policy class name in specsGrzegorz Bizon2017-05-021-1/+1
| | |
| * | Merge branch 'master' into ↵Grzegorz Bizon2017-05-022-279/+160
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | feature/gb/manual-actions-protected-branches-permissions * master: (314 commits) Better Explore Groups view Update Carrierwave and fog-core Add specs for Gitlab::RequestProfiler Add scripts/static-analysis to run all the static analysers in one go Shorten and improve some job names Group static-analysis jobs into a single job Don't blow up when email has no References header Update CHANGELOG.md for 9.1.2 Add changelog Add changelog Show Raw button as Download for binary files Use blob viewers for snippets Fix typo Fixed transient failure related to dropdown animations Revert "Merge branch 'tc-no-todo-service-select' into 'master'" fix link to MR 10416 Another change from .click -> .trigger('click') to make spec pass Change from .click -> .trigger('click') to make spec pass Disable AddColumnWithDefaultToLargeTable cop for pre-existing migrations Add AddColumnWithDefaultToLargeTable cop ... Conflicts: spec/requests/api/jobs_spec.rb
| * | | Add new ability check for stopping environmentGrzegorz Bizon2017-05-011-0/+57
| | | |
| * | | Merge branch 'master' into ↵Grzegorz Bizon2017-04-131-1/+2
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | feature/gb/manual-actions-protected-branches-permissions * master: (641 commits) Revert "Fix registry for projects with uppercases in path" Fix registry for projects with uppercases in path Move event icons into events_helper Reset New branch button when issue state changes Add link to environments on kubernetes.md Indent system notes on desktop screens Improve webpack-dev-server compatibility with non-localhost setups. Add changelog entry Fix recent searches icon alignment in Safari Use preload to avoid Rails using JOIN Fix NUMBER_OF_TRUNCATED_DIFF_LINES re-definition error Prepare for zero downtime migrations Fix filtered search input width for IE Fix the `gitlab:gitlab_shell:check` task Fixed random failures with Poll spec Include CONTRIBUTING.md file when importing .gitlab-ci.yml templates Let uses hide verbose output by default Separate examples for each other Collapse similar sibling scenarios Use empty_project for resources that are independent of the repo ... Conflicts: app/views/projects/ci/builds/_build.html.haml
| * | | | Implement new rule for manual actions in policiesGrzegorz Bizon2017-04-121-0/+53
| | | | |
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into mia_backort[ci ↵Valery Sizov2017-05-051-0/+141
|\ \ \ \ \ | | |_|_|/ | |/| | | | | | | | skip]
| * | | | Support uploaders for personal snippets comments12910-uploader-pers-snippetJarka Kadlecova2017-05-021-0/+141
| | |_|/ | |/| |
* | | | Fix specsClement Ho2017-05-041-4/+4
|/ / /
* | | Enable RSpec/FilePath copenable-spec-file-name-copSean McGivern2017-04-262-279/+160
| |/ |/| | | | | | | | | - Ignore JS fixtures - Ignore qa directory - Rewrite concern specs to put concern name first
* | Merge branch 'siemens/gitlab-ce-fix/subgroup-hide-button' into 'master' Rémy Coutable2017-04-121-1/+2
|\ \ | |/ |/| | | | | | | | | Hide new subgroup button if user has no permission to create one Closes #30139 See merge request !10627
| * Move permission to create subgroup into GroupPolicyDmitriy Zaporozhets2017-04-111-1/+2
| | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Use `:empty_project` where possible in policy specsRobert Speicher2017-03-272-2/+2
|/
* spec the new behavior of .class_forhttp://jneen.net/2017-03-091-4/+6
| | | | and more robustly spec the ancestor behavior
* Improve pipeline triggers UIKamil Trzciński2017-03-071-0/+103
|
* Don't allow deleting a ghost user.Timothy Andrew2017-02-241-0/+37
| | | | | | | | | | | | | | | - Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
* More backportDouwe Maan2017-02-062-32/+131
|
View Lorry Controller Status