- 30 6月, 2017 1 次提交
-
-
由 Timothy Andrew 提交于
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE.
-
- 26 6月, 2017 2 次提交
-
-
由 Timothy Andrew 提交于
-
由 Timothy Andrew 提交于
- The issue filtering frontend code needs access to this API for non-logged-in users + public projects. It uses the API to fetch information for a user by username. - We don't authenticate this API anymore, but instead - if the `current_user` is not present: - Verify that the `username` parameter has been passed. This disallows an unauthenticated user from grabbing a list of all users on the instance. The `UsersFinder` class performs an exact match on the `username`, so we are guaranteed to get 0 or 1 users. - Verify that the resulting user (if any) is accessible to be viewed publicly by calling `can?(current_user, :read_user, user)`
-
- 25 6月, 2017 1 次提交
-
-
由 Marcia Ramos 提交于
Resolve "Replace 'Settings ➔ CI/CD Pipelines' with 'Settings ➔ Pipelines' in docs" Closes #34264 See merge request !12433
-
- 24 6月, 2017 13 次提交
-
-
由 Phil Hughes 提交于
Fix interpolation in app/views/profile/show.html/haml See merge request !12439
-
由 Nick Thomas 提交于
-
由 sytses 提交于
-
由 sytses 提交于
-
由 sytses 提交于
-
由 Grzegorz Bizon 提交于
Don't match tilde and exclamation mark as part of requirements.txt package name Closes #34166 See merge request !12431
-
由 bikebilly 提交于
-
由 Douwe Maan 提交于
Add User#full_private_access? to check if user has access to all private groups & projects Closes #31745 See merge request !12373
-
由 Douwe Maan 提交于
Fix breadcrumb order Closes #33938 See merge request !12322
-
由 Douwe Maan 提交于
Fix 500 on failure to create a private group Closes #34068 See merge request !12394
-
由 Douwe Maan 提交于
-
由 Michael Kozono 提交于
Fixes #34068
-
由 Michael Kozono 提交于
-
- 23 6月, 2017 23 次提交
-
-
由 Yorick Peterse 提交于
Improve `update_column_in_batches` migration helper Closes #34064 See merge request !12350
-
由 Phil Hughes 提交于
Remove extra symbol in notifications modal Closes #34219 See merge request !12417
-
由 Annabel Dunstone Gray 提交于
Limit the width of commit & snippet comment sections Closes #20920 See merge request !12088
-
由 Phil Hughes 提交于
-
由 Annabel Dunstone Gray 提交于
Limit the width of project READMEs Closes #20919 See merge request !12165
-
由 Phil Hughes 提交于
-
由 Annabel Dunstone Gray 提交于
-
由 Grzegorz Bizon 提交于
Update QA Dockerfile to use stable Chrome package Closes #33538 See merge request !12071
-
由 Phil Hughes 提交于
Make JavaScript tests fail for unhandled Promise rejections Closes #33845 and #33623 See merge request !12264
-
由 Winnie Hellmann 提交于
-
由 Toon Claes 提交于
In CE only the admin has access to all private groups & projects. In EE also an auditor can have full private access. To overcome merge conflicts, or accidental incorrect access rights, abstract this out in `User#full_private_access?`. `User#admin?` now only should be used for admin-only features. For private access-related features `User#full_private_access?` should be used. Backported from gitlab-org/gitlab-ee!2199
-
由 Tim Zallmann 提交于
hot reloading for .vue files Closes #33729 See merge request !12180
-
由 Phil Hughes 提交于
Add bootstrap_form gem See merge request !10985
-
由 Phil Hughes 提交于
Add padding to target branch container Closes #33992 See merge request !12353
-
由 Phil Hughes 提交于
Remove layout nav from scroll calculation Closes #33984 See merge request !12399
-
由 Phil Hughes 提交于
Fix offset for fixed nav Closes #34095 See merge request !12365
-
由 Annabel Dunstone Gray 提交于
-
由 Tim Zallmann 提交于
Refactor Notes into ES class syntax See merge request !12254
-
由 Sean McGivern 提交于
Remove unnecessary top padding on group MR index See merge request !12392
-
由 Phil Hughes 提交于
Fix mobile environment detail view Closes #34120 See merge request !12382
-
由 Annabel Dunstone Gray 提交于
-
由 Annabel Dunstone Gray 提交于
Added limited width container to project settings See merge request !12045
-
由 Annabel Dunstone Gray 提交于
Fix dropdown position for the new button on mobile for the top navbar Closes #34139 See merge request !12388
-