- They are not included automatically since `API::Users` does not inherit from
`API::API`, as I initially assumed.
- Scopes declared in `API::API` are considered global (to the API), and need to
be included in all cases.
- Scope declarations of the form:
allow_access_with_scope :read_user, if: -> (request) { request.get? }
will only apply for `GET` requests
- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
test for this case in the `AccessTokenValidationService` unit tests.
- Declaring an endpoint's scopes in a `before` block has proved to be
unreliable. For example, if we're accessing the `API::Users` endpoint - code
in a `before` block in `API::API` wouldn't be able to see the scopes set in
`API::Users` since the `API::API` `before` block runs first.
- This commit moves these declarations to the class level, since they don't need
to change once set.
The ProjectsFinder and GroupFinder both support the same set of params. And the
`/api/v4/projects` and `/api/v4/group/:id/projects` also support the same set of
params. But they do not match the Finder params. So use a helper method to
transform them.
- Currently, (for example) admins can't delete snippets for blocked users, which
is an unexpected limitation.
- We modify `authenticate!` to conduct the `access_api` policy check against the
`initial_current_user`, instead of the user being impersonated.
- Update CHANGELOG for !10842
In API V4 all endpoints were changed so Merge Requests and Issues
should be referred by iid, instead of id. Except the /notes endpoint
was forgotten. So change the endpoints from:
- /projects/:id/issues/:issue_id/notes
- /projects/:id/merge_requests/:merge_request_id/notes
To:
- /projects/:id/issues/:issue_iid/notes
- /projects/:id/merge_requests/:merge_request_iid/notes
For Project Snippets nothing changes.
- As opposed to the `id` that was previously being used.
- This brings the API routes closer to the web interface's routes.
- This is specific to API v4.
- As opposed to the issue `id` that was previously being used.
- This brings the API routes closer to the web interface's routes.
- This is specific to API v4.
It consolidates these endpoints:
- /projects
- /projects/owned
- /projects/visible
- /projects/starred
- /projects/all
Into the /projects endpoint using query parameters.
New endpoints are:
POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_estimate"
POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_time_estimate"
POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/add_spent_time"
POST :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/reset_spent_time"
GET :project_id/(issues|merge_requests)/(:issue_id|:merge_request_id)/time_stats"
* We realized that headers were not set whenever we give 204
because `render_api_error!` doesn't preserve the headers.
* We also realized that `update_runner_info` would be called in
POST /builds/register every time therefore runner is updated
every time, ticking the queue, making this last_update didn't
work very well, and the test would be failing due to that.
This adds counters for build artifacts and LFS objects, and moves
the preexisting repository_size and commit_count from the projects
table into a new project_statistics table.
The counters are displayed in the administration area for projects
and groups, and also available through the API for admins (on */all)
and normal users (on */owned)
The statistics are updated through ProjectCacheWorker, which can now
do more granular updates with the new :statistics argument.
* master: (367 commits)
Set “Remove branch” button to default size
remove unused helper method
reduce common code even further to satisfy rake flay
remove button class size alteration from revert and cherry pick links
factor out common code to satisfy rake flay
homogenize revert and cherry-pick button styles generated by commits_helper
apply margin on alert banners only when there is one or more alerts
Rename MattermostNotificationService back to MattermostService
Rename SlackNotificationService back to SlackService
Fix stage and pipeline specs and rubocop offenses
Added QueryRecorder to test N+1 fix on Milestone#show
Use gitlab-workhorse 1.2.1
Make 'unmarked as WIP' message more consistent
Improve specs for Files API
Allow unauthenticated access to Repositories Files API GET endpoints
Add isolated view spec for pipeline stage partial
Move test for HTML stage endpoint to controller specs
Fix sizing of avatar circles; add border
Fix broken test
Fix broken test Changes after review
...
Conflicts:
app/assets/stylesheets/pages/pipelines.scss
app/controllers/projects/pipelines_controller.rb
app/views/projects/pipelines/index.html.haml
spec/features/projects/pipelines/pipelines_spec.rb
- Move the `Oauth2::AccessTokenValidationService` class to
`AccessTokenValidationService`, since it is now being used for
personal access token validation as well.
- Each API endpoint declares the scopes it accepts (if any). Currently,
the top level API module declares the `api` scope, and the `Users` API
module declares the `read_user` scope (for GET requests).
- Move the `find_user_by_private_token` from the API `Helpers` module to
the `APIGuard` module, to avoid littering `Helpers` with more
auth-related methods to support `find_user_by_private_token`
Timothy Andrew
Rémy Coutable
Kamil Trzcinski
Toon Claes
Robert Speicher
Bob Van Landuyt
blackst0ne
http://jneen.net/
Pawel Chojnacki
Adam Niedzielski
Oswaldo Ferreira
Mark Fletcher
Douwe Maan
Sean McGivern
Robert Schilling
Adam Pahlevi
Ruben Davila
Lin Jen-Shin
Regis
Markus Koller
Grzegorz Bizon