summaryrefslogtreecommitdiff
path: root/spec/services/merge_requests/build_service_spec.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security' Douwe Maan2016-11-281-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031
* Add validation errors to Merge Request formAlex Sanford2016-11-011-0/+49
| | | | | If source branch or target branch doesn't exist in the project, display form validation errors. Previously, this caused a 500 error code.
* Allow empty merge requestsArtem Sidorenko2016-10-111-2/+18
|
* Prepend blank line to close message on merge requestLuke Howell2016-09-011-2/+2
| | | | | | - Added an extra new line to the prepend of the Close message Fixes #21710
* Introduce Compare model in the codebase.Paco Guzman2016-08-031-4/+4
| | | This object will manage Gitlab::Git::Compare instances
* Don't auto-set MR title for confidential issuesSean McGivern2016-05-061-1/+10
|
* Auto-set title for branches created from issuesSean McGivern2016-05-061-1/+27
| | | | | | | | | | If a branch starts with an issue's IID, followed by a hyphen, the description will be updated to say that is closes the issue. This also updates the title of the merge request to 'Resolves "$issue-title"', as long as: - There is more than one commit in the merge request (if there is only one commit, the commit's title will be used as before) - The issue's IID is valid for the project
* Add specs for MergeRequests::BuildServiceSean McGivern2016-05-061-0/+146
View Lorry Controller Status