Previously submitting a DELETE request to an issuable URL would be
enough to destroy it, but this should require human confirmation. We
now require that the `destroy_confirm` parameter is set to a truthy
value before this can complete.
In addition, we log a Sentry error if a deletion arrived without
confirmation.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62387
This spec needs to run as a request-style spec in order to invoke the
Rails router.
A controller-style spec matches the wrong route, and
`session['user_return_to']` becomes incorrect.
Remove project from NotesFinder constructor
Add project parameter to specs
Also look for methods in private scope
Fix specs to match new NotesFinder constructor
Add spec for concern IssuableActions
Add shared samples for discussions endpoint
Add schema validations for discussions
Fix rubocop style issue
Make target assignable
Use new possibility to provide target
Accept a `confidential_issue_project_id` param which will
be used for the system note target.
This also includes some refactoring on the spec to use
shared examples.
In order to let users' sorting preferences transfer between devices, we
save the preference for issues and MRs (one preference for issues, one
for MRs) in the backend inside the UserPreference object
Updates specs to use new rails5 format.
The old format:
`get :show, { some: params }, { some: headers }`
The new format:
`get :show, params: { some: params }, headers: { some: headers }`
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
Changes `Banzai::CrossProjectReference#parent_from_ref` to return the
project in the context if the project's `full_path` matches the ref
we're looking for, as it makes no sense to go to the database to find a
Project we already have loaded.
The status is shown for
- The author of a commit when viewing a commit
- Notes on a commit (regular/diff)
- The user that triggered a pipeline when viewing a pipeline
- The author of a merge request when viewing a merge request
- The author of notes on a merge request (regular/diff)
- The author of an issue when viewing an issue
- The author of notes on an issue
- The author of a snippet when viewing a snippet
- The author of notes on a snippet
- A user's profile page
- The list of members of a group/user
This could only be possible for users that can create merge requests
within a project.
So they need to be a allowed to create a branch and create a merge request.
On epics roadmap page we list all epics in the given time frame
without pagination (at least for the first iteration), in this
case it would be nice to use the existing issuables index logic
except pagination (see MR gitlab-ee!4281). For this reason this
patch allows to easily disable pagination.
Related gitlab-ee!4281
For issuable models we keep two timestamps:
updated_at which is updated whenever any model attribute is changed,
last_edited_at which is changed when only title or description is
changed.
In UI bellow description we display who and when updated the item. But
last_edited_by (used for 'who') is mistakenly combined with updated_at
(when), last_edited_at should be used instead.
Closes#41247
When the target is deleted, todos are destroyed, but we did not reset the todo
cache for users with todos on the deleted target. This would only update after
the next time the todo cache was updated for that user.
Stan Hu
Luke Duncalfe
Patrick Derichs
Peter Leitzen
Patrick Bajao
Brett Walker
gfyoung
Imre Farkas
Andreas Brandl
Sean McGivern
Heinrich Lee Yu
Andrew Newdigate
Mario de la Ossa
Fatih Acet
Felipe Artur
Jasper Maes
Heinrich Lee Yu
blackst0ne
Felipe Artur
Cindy Pallares
Oswaldo Ferreira
Bob Van Landuyt
Mark Chao
Rémy Coutable
Jan Provaznik
Douwe Maan
Luke Bennett
Jarka Kadlecova
Jacopo