summaryrefslogtreecommitdiff
path: root/spec/policies
Commit message (Collapse)AuthorAgeFilesLines
* Guard against deleted project feature entryStan Hu2019-08-261-0/+13
| | | | | | | | | | | | | | In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a project's `project_feature` association may be lazily loaded and hence return `nil` if the entry is deleted if the `Project` is already loaded in memory. To ensure we don't fail hard when this happens, assume all features are disabled. We can fix this issue by eager loading the `project_feature` in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we shouldn't have to depend on that. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
* Expose namespace storage statistics with GraphQLAlessio Caiazza2019-08-222-1/+81
| | | | | | | | | | | | | | | | | | | Root namespaces have storage statistics. This commit allows namespace owners to get those stats via GraphQL queries like the following one { namespace(fullPath: "a_namespace_path") { rootStorageStatistics { storageSize repositorySize lfsObjectsSize buildArtifactsSize packagesSize wikiSize } } }
* Merge remote-tracking branch ↵John T Skarbek2019-08-141-0/+28
|\ | | | | | | 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
| * Restrict slash commands to users who can log inHordur Freyr Yngvason2019-07-191-0/+28
| |
* | Improve cluster policy spec coveragespec_cluster_policy_coverageThong Kuah2019-08-121-0/+4
| |
* | Remove code related to object hierarchy in MySQLremove-nested-groups-checksHeinrich Lee Yu2019-07-252-58/+3
| | | | | | | | | | These are not required because MySQL is not supported anymore
* | Allowing all users to view historyAlex Kalderimis2019-07-231-0/+120
| | | | | | | | | | | | | | | | This removes the create_wiki permission check from the history controller, allowing show and history to have the same level of permissions. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/29528
* | Style rules; Revert some examplesFabio Papa2019-07-191-8/+0
| |
* | Add examples specing the setting to choose who can create subgroupsFabio Papa2019-07-191-0/+8
| | | | | | | | | | | | | | This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing.
* | Fix some code style issuesFabio Papa2019-07-191-7/+6
| |
* | Add descriptions to examplesFabio Papa2019-07-191-2/+2
| |
* | Make subgroup_creation_level default to maintainer at SQL levelFabio Papa2019-07-191-7/+36
| | | | | | | | | | | | - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples
* | Style rules; Revert some examplesFabio Papa2019-07-191-5/+16
| |
* | Add examples specing the setting to choose who can create subgroupsFabio Papa2019-07-191-0/+70
|/ | | | | | | This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing.
* Allow use of legacy triggers with feature flagFabio Pitino2019-07-151-46/+48
| | | | | | | | | Keep feature flag disabled by default and turn off all functionality related to legacy triggers. * Block legacy triggers from creating pipeline * Highlight legacy triggers to be invalid via the UI * Make legacy triggers invalid in the model
* Merge branch '62826-graphql-emoji-mutations' into 'master'Jan Provaznik2019-06-281-0/+54
|\ | | | | | | | | GraphQL mutations for add, remove and toggle emoji See merge request gitlab-org/gitlab-ce!29919
| * GraphQL mutations for add, remove and toggle emoji62826-graphql-emoji-mutationsLuke Duncalfe2019-06-281-0/+54
| | | | | | | | | | | | | | | | | | | | | | | | Adding new `AddAwardEmoji`, `RemoveAwardEmoji` and `ToggleAwardEmoji` GraphQL mutations. Adding new `#authorized_find_with_pre_checks!` and (unused, but for completeness `#authorized_find_with_post_checks!`) authorization methods. These allow us to perform an authorized find, and run our own additional checks before or after the authorization runs. https://gitlab.com/gitlab-org/gitlab-ce/issues/62826
* | Remove instance_clusters feature_flagremove_group_and_instance_clusters_feature_flagThong Kuah2019-06-281-15/+3
|/ | | | | | Now we have terminals for instance and group clusters we can remove the FF now. Deploying to instance clusters has been working without complaints too.
* Add documentation and testsManoj MJ2019-06-191-1/+1
| | | | | | | | This commit adds - feature specs - to test the ability of a user with "developer" permission to delete tags in repositories. - documentation
* Allow Developer role to delete tags via container registry apiJason Goodman2019-06-171-1/+1
| | | | This brings the API permissions in line with the UI permissions
* Do not blindly expose public project statisticsMayra Cabrera2019-06-141-0/+83
| | | | Add the missing check on GraphQL API for project statistics
* Expose comments on Noteables in GraphQLBob Van Landuyt2019-06-141-0/+19
| | | | | | | | | This exposes `Note`s on Issues & MergeRequests using a `Types::Notes::NoteableType` in GraphQL. Exposing notes on a new type can be done by implementing the `NoteableType` interface on the type. The presented object should be a `Noteable`.
* API issues - minor cleanup of permission checkJan Provaznik2019-06-111-1/+1
| | | | | | Adds `set_issue_updated_at` similar to `set_issue_created_at` permission and cleans up the related permission check in issues API.
* Check instance cluster feature at policy levelJames Fargher2019-05-071-5/+16
| | | | Try to simplify feature flag checks by using policies
* Allow projects to use instance level clustersJames Fargher2019-05-071-0/+2
| | | | | | There are two cluster hierarchies one for the deployment platform and one for controllers. The main difference is that deployment platforms do not check user permissions and only return the first match.
* Instance level kubernetes clusters adminJames Fargher2019-05-072-0/+39
| | | | | Instance level clusters were already mostly supported, this change adds admin area controllers for cluster CRUD
* Allow guests users to access project releasesKrasimir Angelov2019-05-031-2/+2
| | | | | | | | | | | | | | | | | | This is step one of resolving https://gitlab.com/gitlab-org/gitlab-ce/issues/56838. Here is what changed: - Revert the security fix from bdee9e8412d. - Do not leak repository information (tag name, commit) to guests in API responses. - Do not include links to source code in API responses for users that do not have download_code access. - Show Releases in sidebar for guests. - Do not display links to source code under Assets for users that do not have download_code access. GET ':id/releases/:tag_name' still do not allow guests to access releases. This is to prevent guessing tag existence.
* Remove the `comment_personal_snippet` permissionremove-comment-personal-snippet-permissionSean McGivern2019-05-021-19/+12
| | | | | | | | | This is now entirely handled by `create_note`: 1. Project snippets prevent `create_note`. 2. Uploads already only support routing for personal snippets. This simplifies some policies and access checks, too!
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-094-0/+114
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Add new permission model `read-pipeline-variable`Agustin Henze2019-04-091-0/+46
| | | | | | | Used to get the variables via the API endpoint `/projects/:id/pipelines/:pipeline_id/variables` Signed-off-by: Agustin Henze <tin@redhat.com>
* Add part of needed codeGosia Ksionek2019-04-051-0/+114
| | | | | | | | | | | | | | | | | Add columns to store project creation settings Add project creation level column in groups and default project creation column in application settings Remove obsolete line from schema Update migration with project_creation_level column existence check Rename migrations to avoid conflicts Update migration methods Update migration method
* Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"Andreas Brandl2019-04-054-114/+0
| | | This reverts merge request !26823
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-054-0/+114
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Add cr remarksGosia Ksionek2019-04-041-0/+105
| | | | | | Chnage method used in model to make it more efficient database-wise Add additional spec
* Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq into ↵jarv/dev-to-gitlab-2019-04-02John Jarvis2019-04-021-0/+90
|\ | | | | | | jarv/dev-to-gitlab-2019-04-02
| * Disallow guest users from accessing ReleasesShinya Maeda2019-03-261-2/+2
| | | | | | | | As they do not have a permission to read git tag
* | [CE] Reduce the diff with EE in spec/policies/group_policy_spec.rbRémy Coutable2019-03-271-49/+1
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Factorize policy helpers into PolicyHelpersRémy Coutable2019-03-273-24/+0
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | [CE] Reduce the diff with EE in spec/policies/project_policy_spec.rbRémy Coutable2019-03-272-373/+52
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | [CE] Reduce the diff with EE in spec/policies/namespace_policy_spec.rbRémy Coutable2019-03-271-1/+1
|/ | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Move out link\unlink ability checks to a policyPavel Shutsin2019-03-191-0/+30
| | | | We can extend the policy in EE for additional behavior
* Add cr remarksfix-false-positive-specsMałgorzata Ksionek2019-03-131-23/+4
|
* Fix false positive specsMałgorzata Ksionek2019-03-121-2/+12
|
* Disallow reopening of locked merge requestsJan Beckmann2019-03-082-3/+53
| | | | Fixes #56864
* Allow protected branch creation via web and APIPatrick Bajao2019-03-061-2/+1
| | | | | | | | | | | | This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches.
* Add metadata about the GitLab server to GraphQLNick Thomas2019-03-051-0/+12
|
* Resolve conflicts in group policyMałgorzata Ksionek2019-03-051-2/+2
|
* Add frozen_string_literal to new filesStan Hu2019-03-041-0/+2
|
* Resolve conflicts in spec/policies/group_policy_spec.rbStan Hu2019-03-041-12/+0
|
* Merge dev master into GitLab.com masterYorick Peterse2019-03-044-57/+150
|\
View Lorry Controller Status