4024aa8e81
Try to keep token authenticable compatibility
2014-07-09 14:42:25 +02:00
26d1bd7c2a
Set return url as param.
2014-06-19 14:20:25 +02:00
a1eb1ad168
Redirect back to current page after sign in.
2014-06-19 11:24:59 +02:00
ae564c97d4
Dont expose user email via API
...
To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.
What user can get via API:
* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-13 17:46:48 +03:00
a7be3dfa30
Remove set of thread variables
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-10 17:51:49 +03:00
d95d56f0b9
Add current_user_id to gon vars
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-04 18:07:15 +03:00
5f25cdfe19
Implement Merge Request Labels
2014-05-13 06:41:36 -05:00
84d17f7965
Skip require email for devise controllers
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-07 14:32:59 +03:00
a73df4f72d
Allow oauth signup without email
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-07 14:09:29 +03:00
48e9054056
Open/close LDAP in ApplicationController
...
By opening the LDAP connection at the controller level we can reuse it
for all LDAP queries during the request.
2014-03-14 09:03:49 +01:00
c6d39a14d6
Add User#requires_ldap_check? method
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-11 10:24:07 +02:00
e57e1e04e3
Remove non-exist method from ldap security check
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-11 09:15:04 +02:00
b1ff8e31b1
Add ldap check in application_controller and internal api
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-10 17:10:23 +02:00
a9280de11f
Better redirect for edit blod from MergeRequest
...
If you cancel edit you will be redirected back to merge request
If you submit changes you will be redirected back to merge request
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-02-26 14:06:31 +02:00
2171bbcd6e
Update rack profiler
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-02-25 17:41:56 +02:00
439a61783d
User can leave group from group page.
2014-02-12 15:52:53 +01:00
348e44ef06
Dont use avatars for user select if avatar is disabled
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-02-11 15:49:39 +02:00
0c637acb69
Add login and remember_me to devise permit list
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-01-14 20:28:41 +02:00
8a0bfa4998
Do not include subtomains in STS header.
2014-01-03 16:02:57 +01:00
94c96cd445
HTTP headers protect against MIME-sniffing, force https if enabled.
2013-12-30 09:41:05 +01:00
498ec08da3
Force IE use latest engine to render.
2013-12-27 19:38:29 +08:00
f088c867a4
Fix signup for rails4
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-12-10 13:35:10 +02:00
b3c1d0d8df
Added allow_blank to model validations
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-12-10 12:11:27 +02:00
c099074fcc
Fix 404 on project page for unauthenticated user
...
Eliminate a 404 error when user is not logged in and attempts to visit
a project page.
The 404 page will still show up when user is logged in and the project
doesn’t exist or the user doesn’t have access.
2013-12-04 13:10:20 -06:00
da10cad1da
Drop rjs from Issues#index
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-11-29 15:05:32 +02:00
33aea41708
Drop rjs from Infinite scrolling
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-11-28 11:38:20 +02:00
d9bb4230cc
Adding authenticated public mode (internal).
...
Added visibility_level icons to project view (rather than just text).
Added public projects to search results.
Added ability to restrict visibility levels standard users can set.
2013-11-26 22:22:07 -06:00
aefe2e952f
Fixing unsafe use of Thread.current variable :current_user
2013-10-16 01:20:53 -04:00
3cbfb1ee7c
Remove .git from project url end redirect
...
Ex. redirect from
localhost/group/project.git
to
localhost/group/project
It used to prevent 404 error when follow submodule http link
like http://localhost/group/project.git
2013-10-14 13:27:39 +03:00
ca1b67ce38
Don't show users password change page if ldap users
2013-09-17 22:38:08 -04:00
17af835387
Add event filter for group and project show pages
2013-08-26 16:30:03 +03:00
fb492386c5
Fix accidentally removed class name
2013-08-21 12:33:12 +03:00
fd1661468f
Remove can_create_team code from user
2013-08-21 12:31:47 +03:00
9ea5766c35
Improve permissions on tags/branches
2013-07-17 08:26:00 +03:00
b3ef63a0a5
Migrate global project taks. Removed more teams related functionality
2013-06-19 19:48:48 +03:00
fbf6989903
Force admin to change password after first sign-in
2013-06-13 20:06:33 +03:00
94be732026
Add password_expires_at to users table
2013-06-13 20:01:35 +03:00
5b40780290
Password expire: implement password resource inside profile. add before_fiter check
2013-06-13 19:53:04 +03:00
993af5d0d2
cattr_accessor is not threadsafe!
2013-06-11 18:15:18 +03:00
57497e9f25
enforce secure gravatar urls when Gitlab.config.gitlab.https is set
2013-05-31 10:30:21 +02:00
6b4602a733
Grammar fix in error message for blocked login (in "application_controller.rb")
2013-05-28 14:48:51 -03:00
233eb1c693
Rename repo feature
2013-05-25 00:07:19 +03:00
634cbd7138
Refactor API classes. So api classes like Gitlab::Issues become API::Issues
2013-05-14 15:33:31 +03:00
2fc236177f
Merge pull request #3801 from holdtotherod/feature/internally-public-projects
...
Internally public projects
2013-05-03 00:00:48 -07:00
4c44c5ef9a
Internally public projects
...
Public projects listed in the public section will be linked to the
actual project's page. Public projects now give any user Guest
permissions to the project, allowing them to download the code, read
and create issues, and view anything else in the project's pages.
Ample access tests have been added to the project_access_spec to
verify correct permissions and behavior on public projects.
- Visitors to the site who are not logged in still cannot view the
project's pages.
- Logged-in users visiting a public project where they are not a team
member can create issues, but not snippets. They can view the projects
code, issues, merge requests, etc, just as if they were a Guest member
of the project.
- Since this is a public project, the user is also granted :download_code
permissions, a permission normally reserved for Reporters, since they
can clone the repo anyways and browse commits and branches locally.
2013-05-02 00:06:59 -07:00
529376bb0b
[BUGFIX] User suggest at team_members/new not working with relative_url_root
...
* Closing #3540
* Closing #3704
2013-04-24 19:40:09 +02:00
ef05423f47
Finish select2-ajax for users. Added Select2Helper for tests
2013-03-14 10:16:27 +02:00
10f14136f5
fix setting gon.api_token
2013-03-13 23:45:47 +02:00
bf17d976a7
add api users filter and integrate users select2
2013-03-13 23:19:09 +02:00
0d9a6fe7b1
User's blocked field refactored to use state machine
2013-03-04 18:52:30 +04:00
bca72eac74
Default issue tracker name added to gon variables
2013-02-28 16:11:14 +04:00
27d9ac0fe8
Make gitlab works with gitlab-shell
2013-02-04 15:07:56 +02:00
85de55a120
Dont allow gitlab be loaded in iframe
2013-02-02 20:32:13 +02:00
3ddd9f753c
Fix mass-assignment. Dont allow users w/o access to create team
2013-01-25 15:42:41 +02:00
18bd1c9d30
update all teams code. refactoring and some corrections
2013-01-24 22:31:25 +02:00
39ba934c0a
REpostiry, Team models
2013-01-03 21:09:18 +02:00
cc0295b789
Only owner can remove project
2012-12-05 06:14:05 +03:00
c177593e2c
Merge pull request #2059 from dolanor/feature-rewording-blocked-users
...
Rewording for the account being blocked
2012-11-30 12:50:06 -08:00
eb1004f789
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces
2012-11-29 12:39:03 +02:00
70ef433e09
Rewording for the account being blocked
...
When signing in with SSO, if the default behaviour of gitlab is to block SSO user, the only message the people will get is 'Your account was blocked'
They should get the idea this might be only temporary and not because of a technical problem
2012-11-24 18:21:57 +01:00
f37fa968b2
add ability to change namespace from project edit page
2012-11-24 22:00:30 +02:00
c50ec72b52
Deprecate code for Project. Use title and path
2012-11-23 21:11:09 +03:00
26622f4c8f
Improve routing. Project access via namespace
2012-11-22 23:34:06 +03:00
be4138af75
Log caught exceptions
2012-11-06 21:16:47 +01:00
16ceae895e
Separate observing of Note and MergeRequests
...
* Move is_assigned? and is_being_xx? methods to IssueCommonality
This is behavior merge requests have in common with issues. Moved
methods to IssueCommonality role. Put specs directly into
merge_request_spec because setup differs for issues and MRs
specifically in the "closed" factory to use.
* Add MergeRequestObserver. Parallels IssueObserver in almost every way.
Ripe for refactoring.
* Rename MailerObserver to NoteObserver
With merge request observing moved out of MailerObserver, all that
was left was Note logic. Renamed to NoteObserver, added tests and
updated application config for new observer names. Refactored
NoteObserver to use the note's author and not rely on current_user.
* Set current_user for MergeRequestObserver
IssueObserver and MergeRequestObserver are the only observers that
need a reference to the current_user that they cannot look up on
the objects they are observing.
2012-10-10 17:59:25 -04:00
e563e948bb
Merge branch 'master' into simplify_controllers2
...
Conflicts:
app/controllers/commits_controller.rb
app/controllers/refs_controller.rb
2012-09-27 12:25:52 +02:00
afc4a75499
Use Rails.root.join where appropriate
2012-09-26 16:32:26 -04:00
33126227af
Remove check_token_auth filter
...
Because of the way ExtractPaths works, `params[:format]` wouldn't
necessarily be available at the time this filter was running, and so it
would erroneously redirect to `new_user_session_path`
2012-09-26 16:32:23 -04:00
5a5d214de4
Remove unused render_full_content filter
2012-09-26 16:32:22 -04:00
bdf317addc
layout selected by controller name
2012-09-26 22:27:44 +02:00
078a8f0e66
factorize before_filters and layout for projects related controllers
2012-09-26 22:27:43 +02:00
925183ed7a
Add an AdminController base class for Admin controllers
...
Handles stuff that's shared across admin controllers.
2012-09-16 10:06:29 -04:00
367e17cc84
5xx error status code for gitolite & encoding error
2012-09-07 20:47:52 +03:00
79021e674b
Split gitolite backend. Use gitolite_config methods moved to separate class
2012-09-07 08:16:29 +03:00
5e1c63d3f0
Move load_refs out of ApplicationController and into CommitsController
...
That was the only place it was used.
2012-09-05 01:13:41 -04:00
a9f275bc20
Fix load_refs in ApplicationController after default_branch change
...
As a last resort it was calling a method that didn't exist. Woops!
2012-09-05 01:12:44 -04:00
a463353773
Add "empty_repo?" method to Repository role
...
Replaces two calls that this method simplifies
2012-09-04 12:05:21 -04:00
b03ee4666b
Handle invalid ssh exception
2012-08-29 00:44:26 +03:00
7754189187
Fully embrace Ruby 1.9 hash syntax
...
Didn't bother with files in db/, config/, or features/
2012-08-10 18:25:15 -04:00
7dd276817c
Rack mini profiler for dev env
2012-08-02 09:48:53 +03:00
2abd054b0c
update devise
2012-07-05 23:50:24 -07:00
6d92aa6d12
Fix IssueObserver current_user assign. Refactored observers
2012-06-24 10:01:42 +03:00
16427f4c40
Merge pull request #880 from NARKOZ/dashboard-feed
...
Dashboard feed
2012-06-01 07:25:54 -07:00
cc3c6ad0ef
allow login via private token only for atom feeds
2012-06-01 06:56:28 -07:00
17d4cac208
Rescue encoding error on controller level
2012-05-31 23:36:52 +03:00
3272620f72
lib/ refactoring. Module Gitlabhq renamed to Gitlab
2012-05-26 13:37:49 +03:00
fed1c98047
Refactoring: get rid of ruby antipattern unless/else and use if/else instead
2012-05-20 03:01:13 +03:00
c9def945d4
User blocking improved. Admin area styled
2012-04-16 23:33:03 +03:00
497ee5fbbc
Ability to block user
2012-04-13 08:12:34 +03:00
215a01f63c
move notes login to one controller
2012-02-24 09:16:06 +02:00
81092c0198
Status codes for errors, New error pages
2012-02-23 21:04:20 +02:00
7d279f9302
better error handling for not found resource, gitolite error
2012-02-22 07:14:54 +02:00
8c40aab120
Abilities extended. Resources security improved
2012-02-22 00:31:18 +02:00
29b5aa2c76
Bootstrap: Issues restyled
2012-01-28 01:49:14 +02:00
7713f7fefb
Notification refactoring
2011-12-17 15:58:35 +02:00
d68ec5e0fb
default_branch for project & fixed project destroy
2011-12-07 23:56:57 +02:00
bdc658095c
refcatoring. cleaning after gitosis
2011-12-05 09:43:53 +02:00
8134fe0efe
git host fixed
2011-12-05 09:23:53 +02:00
9e089efe5a
gitolite & gitosis support
2011-12-04 01:44:59 +02:00
4bf4efe712
decorators & tree model
2011-11-20 22:32:12 +02:00
Marin Jankovski
Dmitriy Zaporozhets
Drew Blessing
Jacob Vosmaer
Ciro Santillli
xyb
Jason Hollingsworth
Angus MacArthur
Izaak Alpert
Jean-Luc Geering
Peter LeFanu Lumsdaine
Stephen Lottermoser
Christian Simon
Andrew8xx8
Andrey Kumanyaev
Tanguy Herrmann
Riyad Preukschas
Robb Kidd
Cyril
Robert Speicher
Nihad Abbasov
Andrey Vakarev
Dmitriy Zaporozhets
Valery Sizov