- 15 6月, 2019 1 次提交
-
-
由 Mayra Cabrera 提交于
Add the missing check on GraphQL API for project statistics
-
- 14 6月, 2019 1 次提交
-
-
由 Bob Van Landuyt 提交于
This exposes `Note`s on Issues & MergeRequests using a `Types::Notes::NoteableType` in GraphQL. Exposing notes on a new type can be done by implementing the `NoteableType` interface on the type. The presented object should be a `Noteable`.
-
- 12 6月, 2019 1 次提交
-
-
由 Jan Provaznik 提交于
Adds `set_issue_updated_at` similar to `set_issue_created_at` permission and cleans up the related permission check in issues API.
-
- 07 5月, 2019 3 次提交
-
-
由 James Fargher 提交于
Try to simplify feature flag checks by using policies
-
由 James Fargher 提交于
There are two cluster hierarchies one for the deployment platform and one for controllers. The main difference is that deployment platforms do not check user permissions and only return the first match.
-
由 James Fargher 提交于
Instance level clusters were already mostly supported, this change adds admin area controllers for cluster CRUD
-
- 03 5月, 2019 1 次提交
-
-
由 Krasimir Angelov 提交于
This is step one of resolving https://gitlab.com/gitlab-org/gitlab-ce/issues/56838. Here is what changed: - Revert the security fix from bdee9e84. - Do not leak repository information (tag name, commit) to guests in API responses. - Do not include links to source code in API responses for users that do not have download_code access. - Show Releases in sidebar for guests. - Do not display links to source code under Assets for users that do not have download_code access. GET ':id/releases/:tag_name' still do not allow guests to access releases. This is to prevent guessing tag existence.
-
- 02 5月, 2019 1 次提交
-
-
由 Sean McGivern 提交于
This is now entirely handled by `create_note`: 1. Project snippets prevent `create_note`. 2. Uploads already only support routing for personal snippets. This simplifies some policies and access checks, too!
-
- 09 4月, 2019 2 次提交
-
-
由 Imre Farkas 提交于
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
-
由 Agustin Henze 提交于
Used to get the variables via the API endpoint `/projects/:id/pipelines/:pipeline_id/variables` Signed-off-by: NAgustin Henze <tin@redhat.com>
-
- 06 4月, 2019 1 次提交
-
-
由 Gosia Ksionek 提交于
Add columns to store project creation settings Add project creation level column in groups and default project creation column in application settings Remove obsolete line from schema Update migration with project_creation_level column existence check Rename migrations to avoid conflicts Update migration methods Update migration method
-
- 05 4月, 2019 2 次提交
-
-
由 Andreas Brandl 提交于
This reverts merge request !26823
-
由 Imre Farkas 提交于
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
-
- 04 4月, 2019 1 次提交
-
-
由 Gosia Ksionek 提交于
Chnage method used in model to make it more efficient database-wise Add additional spec
-
- 27 3月, 2019 4 次提交
-
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
- 26 3月, 2019 1 次提交
-
-
由 Shinya Maeda 提交于
As they do not have a permission to read git tag
-
- 19 3月, 2019 1 次提交
-
-
由 Pavel Shutsin 提交于
We can extend the policy in EE for additional behavior
-
- 13 3月, 2019 1 次提交
-
-
由 Małgorzata Ksionek 提交于
-
- 12 3月, 2019 1 次提交
-
-
由 Małgorzata Ksionek 提交于
-
- 08 3月, 2019 1 次提交
-
-
由 Jan Beckmann 提交于
Fixes #56864
-
- 06 3月, 2019 1 次提交
-
-
由 Patrick Bajao 提交于
This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches.
-
- 05 3月, 2019 5 次提交
-
-
由 Nick Thomas 提交于
-
由 Małgorzata Ksionek 提交于
-
由 Stan Hu 提交于
-
由 Stan Hu 提交于
-
由 Igor Drozdov 提交于
-
- 28 2月, 2019 1 次提交
-
-
由 Małgorzata Ksionek 提交于
-
- 27 2月, 2019 1 次提交
-
-
由 Jacopo 提交于
The API get projects/:id/traffic/fetches allows user with write access to the repository to get the number of clones for the last 30 days.
-
- 25 2月, 2019 1 次提交
-
-
由 Heinrich Lee Yu 提交于
-
- 15 2月, 2019 1 次提交
-
-
由 Stan Hu 提交于
Due to a bug in `BoardPolicy`, users were getting back a 403 error when trying to assign users to an assignee list and seeing "Something went wrong while fetching assignees list". For some reason, the declarative policy runtime was ignoring the ternary condition. To work around the issue, we make the project board an explicit condition check. Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9727
-
- 11 2月, 2019 1 次提交
-
-
由 Heinrich Lee Yu 提交于
Board list policies are also included
-
- 06 2月, 2019 1 次提交
-
-
由 Stan Hu 提交于
-
- 31 1月, 2019 5 次提交
-
-
由 Kamil Trzciński 提交于
-
由 Heinrich Lee Yu 提交于
This changes the permission check so it uses the policy on Noteable instead of Project. This prevents bypassing of rules defined in Noteable for locked discussions and confidential issues. Also rechecks permissions when reply_to_discussion_id is provided since the discussion_id may be from a different noteable.
-
由 Francisco Javier López 提交于
When the external wiki is enabled, the internal wiki link is replaced by the external wiki url. But the internal wiki is still accessible. In this change the external wiki will have its own tab in the sidebar and only if the services are disabled the tab (and access rights) will not be displayed.
-
由 Heinrich Lee Yu 提交于
When the parent noteable is not visible to the user (e.g. confidential) we prevent the user from adding emoji reactions to notes
-
由 Oswaldo Ferreira 提交于
-