- To prevent an attacker from enumerating the `/users` API to get a list of all
the admins.
- Display the `is_admin?` flag wherever we display the `private_token` - at the
moment, there are two instances:
- When an admin uses `sudo` to view the `/user` endpoint
- When logging in using the `/session` endpoint
In APIv1 we've been sending all jobs from previous stages and
a `dependencies` list with names of jobs that user want to download
artifacts from. This was selected on Runners side.
In APIv1 we've planned to send only jobs that were defined (if any; and
all previous jobs by default). However I've missed the fact that
it was Runner who selected jobs, not GitLab. And now current version
of APIV4 sends all jobs everytime.
This commit fixes this. If user will define `dependencies` in his job,
then GitLab will send only selected jobs.
Artifacts download for authorization is using a job token of job to
which the artifact belongs. In APIv1 the token was sent with dependent
jobs details and in APIv4 it was designed to also contain it.
However I forgot about this parameter while working on
`/api/v4/jobs/request` endpoint.
This commit adds a missing parameter which is required for APIv4 to work
properly.
Use strings for the ApplicationSetting properties:
- restricted_visibility_levels
- default_project_visibility
- default_snippet_visibility
- default_group_visibility
Instead of exposing the VisibilityLevel as Integer, expose it as
String `visibility` for Project and ProjectSnippet.
Filter queries also accept the `visibility` as String instead of
`visibility_level` as Integer.
Also remove the `public` boolean.
Rename column in the database
Rename fields related to import/export feature
Rename API endpoints
Rename documentation links
Rename the rest of occurrences in the code
Replace the images that contain the words "build succeeds" and docs referencing to them
Make sure pipeline is green and nothing is missing.
updated doc images
renamed only_allow_merge_if_build_succeeds in projects and fixed references
more updates
fix some spec failures
fix rubocop offences
fix v3 api spec
fix MR specs
fixed issues with partials
fix MR spec
fix alignment
add missing v3 to v4 doc
wip - refactor v3 endpoints
fix specs
fix a few typos
fix project specs
copy entities fully to V3
fix entity error
more fixes
fix failing specs
fixed missing entities in V3 API
remove comment
updated code based on feedback
typo
fix spec
* upstream/master: (247 commits)
Switched CONTRIBUTING.md style guide recommendation for method chaining
Fix new offenses
Stylistic tweaks
Fix OAuth/SAML user blocking behavior
Revert "Enable Style/DotPosition"
Revert "Prefer leading style for Style/DotPosition"
Revert "Enable Style/BarePercentLiterals"
Manually correct autocorrect
Move up delegate calls
Exclude migrations from Style/MutableConstant
ActiveSupport delegation is preferred over Forwardable
Update haml_lint to work with newest rubocop
Add explanations to cops
Update rubocop and rubocop-rspec and regenerate .rubocop_todo.yml
Update rubocop and rubocop-rspec and regenerate .rubocop_todo.yml
Order cops alphabetically
Don’t exclude some file in lib from rubocop
Fix new offenses
Enable Rails/Delegate
Enable Style/WordArray
...
Jarka Kadlecova
Douwe Maan
Douwe Maan
Yorick Peterse
Bob Van Landuyt
Gabriel Mazetto
blackst0ne
Valery Sizov
Timothy Andrew
Rémy Coutable
Sean McGivern
Kushal Pandya
James Edwards-Jones
Adam Niedzielski
mhasbini
Tomasz Maczukin
Kamil Trzciński
Oswaldo Ferreira
Z.J. van de Weg
Toon Claes
James Lopez
Sean McGivern
Tiago Botelho
Simon Vocella
Lin Jen-Shin
Robert Schilling