If notification_email is blank, it's set from email. If an admin
attempted to create a user with an invalid email, an error would be
displayed for both fields. Only validate the notification_email if it's
different from email.
There is a race condition in DestroyGroupService now that projects are deleted asynchronously:
1. User attempts to delete group
2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project
3. DestroyGroupService destroys the Group, leaving all its projects without a namespace
4. Projects::DestroyService runs later but the can?(current_user,
:remove_project) is `false` because the user no longer has permission to
destroy projects with no namespace.
5. This leaves the project in pending_delete state with no namespace/group.
Projects without a namespace or group also adds another problem: it's not possible to destroy the container
registry tags, since container_registry_path_with_namespace is the wrong value.
The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService.
Closes#17893
Modifies the existing "login as" feature to be called impersonation, as
well as keeping track of who is impersonating to revert back to that
user without having to log out.
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.
Closes#3122
Closes https://github.com/gitlabhq/gitlabhq/issues/9731
Steve Halasz
Stan Hu
Robert Speicher
Patricio Cano
Kamil Trzcinski
tiagonbotelho
Alfredo Sumaran
Z.J. van de Weg
Robert Speicher
Sean McGivern
Douwe Maan
Douwe Maan
PotHix
Douglas Barbosa Alexandre
Gabriel Mazetto
Andrew Tomaka
James Newton
Pavel Forkert