- 30 11月, 2016 1 次提交
-
-
由 Luke "Jared" Bennett 提交于
Change airbnb eslint config package to `eslint-config-airbnb-base` and update plugins. Change `airbnb` to `airbnb-base` for .eslintrc `extends` value. Added changelog entry Made sure all plugins and envs are set Corrected new failing specs
-
- 29 11月, 2016 19 次提交
-
-
由 James Lopez 提交于
-
由 James Lopez 提交于
-
由 Douwe Maan 提交于
Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x]🚦 app/finders/notes_finder.rb:15 [`visible_to_user`] - [x]🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x]✅ app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x]✅ lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x]✅ lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x]✅ lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031 -
由 Douwe Maan 提交于
Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested - [x]✅ app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x]🚥 app/models/cycle_analytics/summary.rb:9 [`.count`] - [x]✅ app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030 -
由 Douwe Maan 提交于
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023
-
由 Douwe Maan 提交于
Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
-
由 David Wagner 提交于
Signed-off-by: NDavid Wagner <david@marvid.fr>
-
由 David Wagner 提交于
Apart from Issues and Merge Requests pages, there are other sort/filter dropdowns that needed updating. Signed-off-by: NDavid Wagner <david@marvid.fr>
-
由 David Wagner 提交于
The chevron now has the same darker shade when the dropdown is opened it had when hovered on. Signed-off-by: NDavid Wagner <david@marvid.fr>
-
由 David Wagner 提交于
Make sort and filter dropdowns look the same and tweak their icon and colors according to #24150. Signed-off-by: NDavid Wagner <david@marvid.fr>
-
由 Fatih Acet 提交于
-
由 Ruben Davila 提交于
This new global setting will allow admins to specify if HTML emails should be sent or not, this is basically useful when system administrators want to save some disk space by avoiding emails in HTML format and using only the Plain Text version.
-
由 Chris Peressini 提交于
-
由 Sean McGivern 提交于
-
由 Sean McGivern 提交于
-
由 Sean McGivern 提交于
In the browser, we remove the + and - signs from the front of a diff line because we add them in with CSS, so they aren't copied. We can't do that in an email, because the CSS isn't supported, so we should keep them in that case.
-
由 Sean McGivern 提交于
-
由 tauriedavis 提交于
-
由 Chris Peressini 提交于
-
- 28 11月, 2016 5 次提交
-
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Adam Niedzielski 提交于
We only know the tag SHA after we create the tag. This means that we pass a different value to the hooks that happen before creating the tag, and a different value to the hooks that happen after creating the tag. This is not an ideal situation, but it is a trade-off we decided to make. For discussion of the alternatives please refer to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7700#note_18982873 "pre-receive" and "update" hooks always get the SHA of the commit that the tag points to. "post-receive" gets the tag SHA if it is an annotated tag or the commit SHA if it is an lightweight tag. Currently we always create annotated tags if UI is used.
-
由 Adam Niedzielski 提交于
This reverts commit ae51774b.
-
由 Adam Niedzielski 提交于
-
- 26 11月, 2016 6 次提交
-
-
由 Semyon Pupkov 提交于
-
由 Gabriel Mazetto 提交于
-
由 Filipa Lacerda 提交于
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Mike Greiling 提交于
-
由 Luke "Jared" Bennett 提交于
-
- 25 11月, 2016 8 次提交
-
-
由 hhoopes 提交于
* Added keyword arguments to truncated_diff_lines method to allow for using highlighting or not (html templates vs. text) * Tweaked templates for consistency and format appropriateness
-
由 hhoopes 提交于
Previously the `truncated_diff_lines` method for outputting a discussion diff took in already highlighted lines, which meant it wasn't reuseable for truncating ANY lines. In the way it was used, it also meant that for any email truncation, the whole diff was being highlighted before being truncated, meaning wasted time highlighting lines that wouldn't even be used (granted, they were being memoized, so perhaps this wasn't that great of an issue). I refactored truncation away from highlighting, in order to truncate formatted diffs for text templates in email, using `>`s to designate each line, but otherwise retaining the parsing already done to create `diff_lines`. Additionally, while notes on merge requests or commits had already been tested, there was no existing test for notes on a diff on an MR or commit. Added mailer tests for such, and a unit test for truncating diff lines.
-
由 hhoopes 提交于
Currently comments on commits and merge requests do not require merge request- or commit-specific information, but can use the same template. Rather than change the method which calls the template, I opted to keep the templates separate and create a new template to highlight their identicality, while preserving the option to distinguish them from each other in the future. Also removed some of the inconsistencies between text and html email versions. Still needed is a text-only version of git diffs and testing.
-
由 hhoopes 提交于
Added diff hunks to notification emails of messages on merge requests. This provides code context to the note. Uses existing template for formatting a diff for email (from repository push notifications).
-
由 Yorick Peterse 提交于
With events no longer being cached this is no longer needed.
-
由 Yorick Peterse 提交于
When I proposed using serializable transactions I was hoping we would be able to refresh data of individual users concurrently. Unfortunately upon closer inspection it was revealed this was not the case. This could result in a lot of queries failing due to serialization errors, overloading the database in the process (given enough workers trying to update the target table). To work around this we're now using a Redis lease that is cancelled upon completion. This ensures we can update the data of different users concurrently without overloading the database. The code will try to obtain the lease until it succeeds, waiting at least 1 second between retries. This is necessary as we may otherwise end up _not_ updating the data which is not an option.
-
-
由 Phil Hughes 提交于
When a board has a lot of lists & issues scrolling stops the user from moving the issue to the lsat list (or any list not on screen). This changes that by making the scrollable element the board-list element. This will need re-thinking when sorting in lists is possible.
-
- 24 11月, 2016 1 次提交
-
-
由 Phil Hughes 提交于
-