root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
112,909 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

505 Commits

Author SHA1 Message Date
Jacopo 181cd299f9 Adds Rubocop rule for line break after guard clause 
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
 2017-11-16 17:58:29 +01:00
Douwe Maan 294fa6fcdc Remove authentication using user.private_token 2017-11-02 11:39:02 +01:00
Toon Claes d8d7faf68c URI decode Page-Title header to preserve UTF-8 characters 2017-10-20 16:44:29 +00:00
Stan Hu 5d52bb59dc Fix username and ID not logging in production_json.log for Git activity 
Devise sets `current_user`, but not all controllers authenticate users by
session tokens. Try to use the controller-defined `authenticated_user` if
`current_user` is not available.

Closes gitlab-org/gitlab-ee#3611
 2017-10-04 11:47:36 -07:00
Douwe Maan 5adae3d85b Encode Page-Title header as ISO-8859-1 2017-09-26 18:05:19 +02:00
Douwe Maan 711bb28568 Add Page-Title header to tree and blob JSON endpoints 2017-09-26 17:31:47 +02:00
Tiago Botelho 37383d9a9d Rollsback changes made to signing_enabled. 2017-09-01 10:51:40 +01:00
Rémy Coutable c946ee1282
Enable the Layout/SpaceBeforeBlockBraces cop 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-08-09 11:52:22 +02:00
Bob Van Landuyt faabcbd3ae GRPC::Unavailable (< GRPC::BadStatus) is wrapped in a CommandError 2017-08-07 14:37:01 +02:00
Bob Van Landuyt 3598e60bf2 Add a Circuitbreaker for storage paths 2017-08-04 15:38:48 +02:00
Stan Hu 9bc176b2c3 Add remote IP, user ID and username to JSON lograge output 
This makes the logs a bit more useful to search requests by users.
 2017-07-28 00:48:03 -05:00
Robin Bobbitt 672a68d372 Fixes needed when GitLab sign-in is not enabled 
When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController
 2017-07-13 10:08:27 -04:00
Rémy Coutable 186048a404 Allow to enable the performance bar per user or Flipper group 
A `performance_team` Flipper group has been created. By default this
group is nil but this can be customized in `gitlab.yml` via the
performance_bar.allowed_group setting.

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-07-06 11:18:25 +02:00
Stan Hu 73d019e11f Log rescued exceptions to Sentry 
Support noticed that a number of exceptions, such as
"Encoding::CompatibilityError (incompatible character encodings: UTF-8 and
ASCII-8BIT)", failed to report to Sentry. The `rescue_from` in the
ApplicationController prevented these exceptions from being recorded.
This change ensures that these exceptions are properly captured.
 2017-07-04 14:03:46 -07:00
Pawel Chojnacki 15b7b9ec41 Add rescue_from(ActionController::UnknownFormat) in Application Controller 2017-06-20 15:53:23 +02:00
Rémy Coutable b173ae6b48 Fix linting, route, and specs 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable f45094a485 Small adjustments 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable 47054451da Don't use Pygment,rb, use Rouge instead, and put peek-pg in the :postgres group 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable d39ecf1ca7 New performance bar that can be enabled with the `p b` shortcut 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Douwe Maan b3b6c78112 Merge branch '32748-emails-are-being-sent-with-the-wrong-language' into 'master' 
Bugfix: Always use the default language when generating emails.

Closes #32748

See merge request !11662
 2017-05-25 18:05:06 +00:00
Ruben Davila 5c921809cd Bugfix: Always use the default language when generating emails. 
There was a race condition issue when the application was generating an
email and was using a language that was previously being used in other
request.
 2017-05-25 10:22:45 -05:00
Alexis Reigel 6efe9c2f14 atom links with rss token instead of private token 2017-05-24 22:29:59 +02:00
Fatih Acet 0151325dac Merge request widget redesign 2017-05-09 04:15:34 +00:00
Michael Kozono 7d02bcd2e0 Redirect from redirect routes to canonical routes 2017-05-05 12:11:57 -07:00
Ruben Davila dbd1bdaeed More updates for translations plus some refactoring. 2017-05-03 21:08:43 -05:00
Ruben Davila 6d5364cfb0 First round of updates from the code review. 2017-05-02 23:36:36 -05:00
Ruben Davila bbfbcebdf6 Merge branch 'master' into 28433-internationalise-cycle-analytics-page 2017-05-02 13:20:41 -05:00
Dosuken shinya 73ac7b2dd6 Resolve "Add more tests for spec/controllers/projects/builds_controller_spec.rb" 2017-04-28 09:38:32 +00:00
Ruben Davila 1de135bc04 Fix Rubocop complains plus some small refactor 2017-04-19 23:19:24 -05:00
Ruben Davila 73d0730d09 Set locale through controller filter 2017-04-13 01:03:47 -05:00
Markus Koller 7140e09e39 Extract 2FA-related code from ApplicationController 2017-04-06 10:01:13 +02:00
Markus Koller a3430f011f Support 2FA requirement per-group 2017-04-06 10:01:13 +02:00
Markus Koller 57374feabe Move AuthHelper#two_factor_skippable? into ApplicationController 2017-04-06 10:01:13 +02:00
Rémy Coutable 8b6041bce3 Don't try to find a user by personal_access_token if the token is nil 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-03-22 17:06:19 +01:00
http://jneen.net/ 0ea04cc5bf use the policy stack to protect logins 2017-03-09 11:49:52 -08:00
http://jneen.net/ 846e581732 use a magic default :global symbol instead of nil 
to make sure we mean the global permissions
 2017-03-09 11:49:52 -08:00
Pawel Chojnacki 2ff139ddee Make Warden set_user hook validate user ip uniquness 
+ rename shared context
 2017-03-06 15:41:25 +01:00
Pawel Chojnacki 0ef8a64348 Remove unecessary calls to limit_user!, UniqueIps Middleware, and address MR review 
- cleanup formating in haml
 - clarify time window is in seconds
 - cleanup straneous chunks in db/schema
 - rename count_uniqe_ips to update_and_return_ips_count
 - other
 2017-03-06 15:41:25 +01:00
Paweł Chojnacki 76e96878aa Stop setting Strict-Transport-Securty header from within the app 2017-03-03 11:05:24 +00:00
Rémy Coutable b50b5a4461
Fix the redirect to custom home page URL and move it to RootController 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-02-27 16:51:23 +01:00
Douwe Maan 215228b477 Enable Performance/RedundantBlockCall 2017-02-23 09:31:57 -06:00
Douwe Maan f40716f48a No more and/or 2017-02-21 16:31:14 -06:00
Robert Speicher 191bcb4d1b Don't perform Devise trackable updates on blocked User records 2017-02-10 11:51:14 -05:00
Rémy Coutable 103114e3d7 Rename Gogs to Gitea, DRY the controller and improve views 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2016-12-19 17:35:51 +01:00
Kim "BKC" Carlbäcker 5d4531db25 Gogs Importer 2016-12-19 17:35:51 +01:00
Valery Sizov 32c6c9c457 Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into bitbucket-oauth2 2016-11-30 14:53:30 +02:00
Douwe Maan a7a9db803b Merge branch 'dz-allow-nested-group-routing' into 'master' 
Add nested groups support to the routing

## What does this MR do?

It allows routing with `/` in namespace name 

## Why was this MR needed?

For nested groups feature(https://gitlab.com/gitlab-org/gitlab-ce/issues/2772). We need URI like `/group/subgroup/project` be routed correctly


## Does this MR meet the acceptance criteria?

- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- ~~API support added~~
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ce/issues/2772

See merge request !7459
 2016-11-24 04:31:54 +00:00
Dmitriy Zaporozhets 6683fdcfb0
Add nested groups support to the routing 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-11-23 14:08:36 +02:00
Douglas Barbosa Alexandre 267e27b0cd Remove code to clone Bitbucket repositories using SSH 2016-11-21 16:47:26 -08:00
Oren Kanner 8dd9a8b6e0 Allow admins to stop impersonating users without e-mail addresses 
Resolves #24576

Modify the guard clause of the `ApplicationController#require_email`
before action to skip requests where an admin is impersonating the
current user.
 2016-11-17 23:28:39 -05:00
Lin Jen-Shin 5416d0e083 Pass `@ref` along so we know which pipeline to show 
Closes #23615
 2016-10-24 22:26:06 +08:00
Sean McGivern 86dcb79be3 Merge branch 'master' into merge-conflicts-editor-2 2016-10-17 10:56:55 +01:00
Dmitriy Zaporozhets 2b9a25bd5a
Handle unmatched routing with not_found method 
We need this to prevent routing error when user access URL like /123
when there is no resource located under such name

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-10-15 00:36:22 +03:00
Sean McGivern 241cca011f Fix specs 2016-10-13 14:16:34 -05:00
Sean McGivern 3f71c43e88 Allow setting content for resolutions 
When reading conflicts:

1. Add a `type` field. `text` works as before, and has `sections`;
   `text-editor` is a file with ambiguous conflict markers that can only
   be resolved in an editor.
2. Add a `content_path` field pointing to a JSON representation of the
   file's content for a single file.
3. Hitting `content_path` returns a similar datastructure to the `file`,
   but without the `content_path` and `sections` fields, and with a
   `content` field containing the full contents of the file (with
   conflict markers).

When writing conflicts:

1. Instead of `sections` being at the top level, they are now in a
   `files` array. This matches the read format better.
2. The `files` array contains file hashes, each of which must contain:
   a. `new_path`
   b. `old_path`
   c. EITHER `sections` (which works as before) or `content` (with the
      full content of the resolved file).
 2016-10-13 14:16:34 -05:00
Clement Ho b4d614bdbc Fix inconsistent highlighting of already selected activity nav-links 2016-10-05 15:38:18 -05:00
http://jneen.net/ 5853c96b49 remove Ability.abilities 2016-08-30 11:35:06 -07:00
Z.J. van de Weg 4c8e9a8d27 Remove gitorious 2016-08-25 10:10:10 +01:00
Stan Hu 170885edd6 Add Sentry logging to API calls 
Closes #21043
 2016-08-24 12:09:51 -07:00
zs 84a3225b0c State specific default sort order for issuables 
Provide more sensible default sort order for issues and merge requests
based on the following table:

| type           | state  | default sort order |
|----------------|--------|--------------------|
| issues         | open   | last created       |
| issues         | closed | last updated       |
| issues         | all    | last created       |
| merge requests | open   | last created       |
| merge requests | merged | last updated       |
| merge requests | closed | last updated       |
| merge requests | all    | last created       |
 2016-08-01 11:28:56 +02:00
Timothy Andrew 4b33c4c6d1 Load Javascript U2F library selectively. 
1. Only on supported Chrome versions

2. Mainly, this lets us simplify the javascript-based U2F check to
   `window.u2f`, where `window.u2f` can either be loaded from the GitLab
   server (for Chrome) or from the Firefox extension.

3. This is a better way to provide browser detection for U2F.
 2016-07-14 08:19:09 +05:30
Rémy Coutable 654565c9dc Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member 
This is a try for a new approach to put the access checks at the service level.

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2016-06-18 06:06:34 +02:00
Douwe Maan 9b7fd74805 Merge branch 'feature/project-export' into 'master' 
Export project functionality

This is a MR for the export functionality of https://gitlab.com/gitlab-org/gitlab-ce/issues/3050, which adds the ability to export single projects.

- [x] members
- DB data
  - [x] issues
  - [x] issue comments
  - [x] merge requests
  - [x] merge request diff
  - [x] merge request comments
  - [x] labels
  - [x] milestones
  - [x] snippets
  - [x] releases
  - [x] events
  - [x] commit statuses
  - [x] CI builds
- File system data
  - [x] Git repository
  - [x] wiki
  - [x] uploads
  - [ ] ~~CI build traces~~
  - [ ] ~~CI build artifacts~~
  - [ ] ~~LFS objects~~
- DB configuration
  - [x] services
  - [x] web hooks
  - [x] protected branches
  - [x] deploy keys
  - [x] CI variables
  - [x] CI triggers

See merge request !3114
 2016-06-17 15:35:27 +00:00
Timothy Andrew 7ee0898a9e Implement @DouweM's feedback. 
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
  single "authenticate_from_private_token" method, both in the
  application and API. Move relevant logic to
  `User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
  separate constant for personal access tokens since the param is the
  same as for private tokens.
 2016-06-16 08:24:13 +05:30
Timothy Andrew d0bcba1105 Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens 2016-06-14 09:06:53 +05:30
James Lopez e83fc684a5 Merge branches 'feature/project-export-ui-experimental' and 'feature/project-import' of gitlab.com:gitlab-org/gitlab-ce into feature/project-export-ui-experimental 
# Conflicts:
#	Gemfile.lock
#	app/helpers/todos_helper.rb
#	app/models/todo.rb
#	app/views/projects/edit.html.haml
#	lib/gitlab/import_export/import_service.rb
 2016-06-13 14:00:19 +02:00
Timothy Andrew 1779d68bfe Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens 2016-06-09 14:40:14 +05:30
Douwe Maan 8c3ba8d6c9 Add workhorse controller and API helpers 2016-06-06 13:16:30 +02:00
Timothy Andrew 128549f10b Implement U2F registration. 
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
  the page is not used to create a single "two factor auth" anymore. We
  can have a single 2FA authenticator app, along with any number of U2F
  devices, in any combination, so the page will be accessed after the
  first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
  browser's U2F implementation.
- Add tests for the JS components
 2016-06-06 12:50:31 +05:30
Timothy Andrew 791cc9138b Add a `U2fRegistrations` table/model. 
- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.
 2016-06-06 12:50:31 +05:30
Timothy Andrew 0dff6fd714 Fix rubocop spec. 2016-06-03 10:11:36 +05:30
Timothy Andrew ae0d8222af Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens 2016-06-03 09:31:16 +05:30
Robert Speicher 7d33fba7af Merge branch 'upgrade-devise-two-factor' into 'master' 
Upgrade devise, devise-two-factor, and attr_encrypted

Devise 4 includes support for Rails 5, working towards #14286. devise-async doesn't support Devise 4.0 and in 4.1 the bug that was blocking using Devise's built-in ActiveJob integration was fixed. So devise-async is removed. devise-two-factor 3.0.0 is required for Devise 4 support.

attr_encrypted and encryptor are optional but recommended upgrades for devise-two-factor 3.0.0. The mode and algorithm will need to be changed in order to update to attr_encrypted 4.x in the future.

See merge request !4216
 2016-06-02 00:44:41 +00:00
Timothy Andrew 6d44433176 Don't look for personal access tokens in the DB when the parameter/header is not passed. 2016-06-01 14:09:17 +05:30
Timothy Andrew 05b319b0b4 Perform private token and personal access token authentication in the same `before_action`. 
- So that the check for valid personal access tokens happens only if
  private token auth fails.
 2016-06-01 14:04:38 +05:30
Felipe Artur 56f3b243ce Add leading comment space cop 2016-05-31 19:33:46 -03:00
Connor Shea d47b2b92c9
Upgrade devise and devise-two-factor, remove devise-async 
Devise (3.5.4 => 4.1.1) Changelog:
https://github.com/plataformatec/devise/blob/master/CHANGELOG.md

devise-two-factor (2.0.1 => 3.0.0) Changelog:
https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md

These are reliant on each other, so they have to be upgraded together.

devise-async is no longer necessary as Devise 4.1 fixes a bug with the
ActiveJob integration.
 2016-05-30 13:51:21 -06:00
Gabriel Mazetto f5a0ac0fc1 Codestyle: make sure we have space around operators 2016-05-13 04:46:56 -03:00
Timothy Andrew d915e7d5ca Reuse the private token param and header for personal access tokens. 
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_11626427
- Personal access tokens are still a separate entity as far as the
  codebase is concerned - they just happen to use the same entry point
  as private tokens.
- Update tests and documentation to reflect this change
 2016-05-11 10:16:23 +05:30
Timothy Andrew 2e9742997d Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens 2016-05-11 09:52:58 +05:30
James Lopez 6fe8b5da1f Merge branch 'feature/project-import' of gitlab.com:gitlab-org/gitlab-ce into feature/project-export-ui-experimental 2016-05-09 18:06:20 +02:00
Artem Sidorenko d6c2d6bab9 Use sign out path only if not empty 2016-05-03 22:10:49 +02:00
Timothy Andrew bafbf22c6a Address @DouweM's feedback on !3749. 
- Use `TokenAuthenticatable` to generate the personal access token
- Remove a check for `authenticity_token` in application controller;
  this should've been `authentication_token`, maybe, and doesn't make
  any sense now.
- Have the datepicker appear inline
 2016-04-28 22:28:36 +05:30
Timothy Andrew 051324e12a Refactor `authenticate_user_from_private_token!` 
- No need to use `if`s when we have a `presence` check already.
 2016-04-28 22:28:36 +05:30
Timothy Andrew ade40fdcd2 Authenticate non-API requests with personal access tokens. 
- Rename the `authenticate_user_from_token!` filter to
  `authenticate_user_from_private_token!`
- Add a new `authenticate_user_from_personal_access_token!` filter
- Add tests for both.
 2016-04-28 22:28:36 +05:30
James Lopez acf297955a gitlab import UI - icon, file selector, etc... Also updated font-awesome and modified import source settings. 2016-04-22 17:44:59 +02:00
Robert Speicher f583129767 Add Sentry program context even without a current user 2016-04-14 13:56:30 -04:00
Stan Hu e450892f56 Include GonHelper separately and remove created_at in factory 2016-04-14 07:25:27 -07:00
Stan Hu c7e384aab2 Add spec for deletion of authorized OAuth2 application 
Closes #14370

Move gon function into its own helper
 2016-04-14 07:24:58 -07:00
Robert Speicher 2378ec0d63 Add a `program` tag to Sentry Raven context 
This will let us filter errors by the program environment in which they
were encountered.

Source: http://stackoverflow.com/a/28370539/223897

Closes #15092
 2016-04-09 19:57:27 -04:00
Douwe Maan ae7b2ef62c Merge branch 'master' into issue_12658 
# Conflicts:
#	app/models/issue.rb
#	app/views/projects/_home_panel.html.haml
#	app/views/shared/projects/_project.html.haml
#	db/schema.rb
#	spec/models/project_spec.rb
 2016-03-21 23:22:21 +01:00
Douwe Maan 8db1292139 Tweaks, refactoring, and specs 2016-03-20 21:04:07 +01:00
Robert Speicher 085538c2bd Use the configured Kaminari "per page" default 2016-03-19 17:37:54 -04:00
Jacob Vosmaer e7df3f51c9 Move method to User 2016-03-10 12:37:14 +01:00
Jacob Vosmaer cda0b7e1b1 Rename ExpiringLock to ExclusiveLease 2016-03-10 10:41:16 +01:00
Jacob Vosmaer acd9bc0213 Acquire lock before LDAP sync 2016-03-09 19:11:24 +01:00
Rubén Dávila b8295fc323 Fix build and add specs 2016-02-19 13:14:53 -05:00
Robert Speicher ae13389b0b Provide explicit html format when rendering git_not_found page 
Prior, if the request format was, for example, .zip, we'd get an
`ActionView::MissingTemplate` error.
 2016-02-15 16:38:27 -05:00
Robert Speicher 012c75d1b0 Properly render the `errors/git_not_found` page 2016-02-15 15:52:39 -05:00
Josh Frye 2ad094132d Various filter fixes 2016-02-04 13:03:41 -05:00
Josh Frye 7522ac0b3c Paginate + ajax filter dashboard projects 2016-02-04 11:40:19 -05:00
Stan Hu 7aa739ddc7 Support download access by PRIVATE-TOKEN header 
Currently there is no way to download a raw file without embedding
the token in the URL, which exposes the token in the URL. There
should be an way of sending this information via the header as the
API does.

Closes https://github.com/gitlabhq/gitlabhq/issues/8137
 2016-02-03 15:42:24 +01:00
Rubén Dávila c3c92c7317 Make default sorting preference work for Issues and MRs. 2016-01-22 18:43:21 -05:00
Rubén Dávila 9ef468922c Merge branch 'master' into issue_5546 2016-01-22 17:54:37 -05:00
Rubén Dávila 7c520c7803 Make sorting preference reusable for all projects. 2016-01-22 17:00:35 -05:00
Rubén Dávila eccaa099d1 Make cookie suffix more simpler. 2016-01-21 15:06:07 -05:00
Rubén Dávila 0f79620ccb Little refactor plus some specs. 2016-01-21 12:54:10 -05:00
Rubén Dávila 4d345bc400 Remember last sort option used. 2016-01-20 17:29:53 -05:00
Douwe Maan 7d347ae564 Merge branch 'master' into issue_3945 2016-01-20 20:04:15 +01:00
Douwe Maan 0ad6b44a27 Send user context to Sentry 2016-01-20 16:15:19 +01:00
Douwe Maan c23ca0b0b5 Merge branch 'master' into issue_3945 2016-01-20 14:53:41 +01:00
Rubén Dávila c8db25c37c Merge branch 'master' into issue_3945 2016-01-14 17:28:44 -05:00
Rubén Dávila df8776f480 Consider that URL can end with '/' before redirecting. #7975 2016-01-13 17:03:24 -05:00
Rubén Dávila 21b602c60a Change strategy to highlight diffs. #3945 
Now we apply syntax highlighting to the whole old and new files.
This basically help us to highlight adequately multiline content.
 2016-01-07 22:37:01 -05:00
Yorick Peterse 9dacc3bc56 Sort by ID when sorting using "Recently created" 
Sorting by "id" has the same effect as sorting by created_at while
performing far better and without the need of an extra index (in case
one wanted to speed up sorting by "created_at").

Sorting by "Recently updated" still uses the physical "updated_at"
column as there's no way to use the "id" column for this instead.
 2016-01-07 14:53:02 +01:00
Gabriel Mazetto 1249289f89 Fixed codestyle and added 2FA documentation 2015-12-24 19:01:30 -02:00
Gabriel Mazetto b61a5bc20c specs for forced two-factor authentication and grace period 
simplified code and fixed stuffs
 2015-12-24 19:01:30 -02:00
Gabriel Mazetto 31fb2b7702 Grace period support for TFA 2015-12-24 19:01:30 -02:00
Gabriel Mazetto 33964469b3 WIP require two factor authentication 2015-12-24 19:00:18 -02:00
tduehr 8e3f1fa629 add CAS authentication support 2015-12-14 21:43:41 -06:00
Jeroen van Baarsen 2dec5ec990 Only redirect to homepage url when its not the root url 
It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.

This fix makes sure this redirect is not possible.

Fixes !1020

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
 2015-11-02 15:42:30 +01:00
Robert Speicher 7924dd5c9f Merge branch 'project-path-case-sensitivity' into 'master' 
Prefer project with exact path to differently cased one when both exist.

Fixes #3113.

See merge request !1649
 2015-10-22 13:03:04 +00:00
Douwe Maan e17e5a5ce4 Move case sensitivity check to find_with_namespace. 2015-10-21 10:09:32 +02:00
Stan Hu 9bfc531ec6 Redirect to a default path if HTTP_REFERER is not set 
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.

Closes #3122

Closes https://github.com/gitlabhq/gitlabhq/issues/9731
 2015-10-20 07:45:48 -07:00
Douwe Maan 2f7fc7e9f7 Prefer project with exact path to differently cased one when both exist. 2015-10-20 16:16:08 +02:00
Douwe Maan c993481d99 Merge branch 'master' into git-archive-golang 2015-10-15 11:47:36 +02:00
Jacob Vosmaer a74915a4ad Always return HTML in git_not_found 
This allows us to give a nice 404 for e.g. archive.zip.
 2015-10-14 15:22:03 +02:00
Valery Sizov 8346dde052 Only render 404 page from /public 2015-10-13 20:12:34 +03:00
Francesco Levorato 1bbcc29687 Redirect case sensitive project path to the normalized one 2015-09-18 16:37:21 +02:00
Dmitriy Zaporozhets 0b5d627cd4 Merge branch 'master' into ci-and-ce-sitting-in-a-tree-k-i-s-s-i-n-g 2015-09-09 14:56:02 +02:00
Dmitriy Zaporozhets 90c338a495 Move helpers back to original directory 2015-09-09 14:37:34 +02:00
Jared Szechy e156f42079 FogBugz project import 2015-09-08 20:23:01 -04:00
Douwe Maan 30555c1d24 Merge branch 'rs-remove-user-color-scheme-class' into 'master' 
Apply syntax highlighting to fenced code blocks client-side

Instead of applying the syntax highlighting scheme class to these blocks
server-side, we use Javascript and Gon to apply the user's color scheme
(or the default) client-side.

This will make it easier to cache these blocks in the future because
they're no longer state-dependent.

See merge request !1203
 2015-08-27 16:24:51 +00:00
Douwe Maan 843694f902 Merge branch 'master' into ci-and-ce-sitting-in-a-tree-k-i-s-s-i-n-g 2015-08-26 17:53:31 -07:00
Stan Hu c1fe98e0b9 Prevent too many redirects error when home page URL set to external_urll 
Many users naively set the home page URL setting to external_url
(e.g. https://mydomain.com). When an unauthenticated user signs in, this
causes endless redirections. For example, this is occuring:

1. Unauthenticated user attempts to access https://mydomain.com/dashboard
2. Application redirects to the home page URL: https://mydomain.com
3. Repeat step 2

In step 3, ApplicationController should have redirected the user to
https://mydomain.com/users/sign_in. Disabling the redirection if home
page URL is the same as external_url prevents users from messing up.

Closes https://github.com/gitlabhq/gitlabhq/issues/8843
Closes #2057
 2015-08-26 07:38:33 -07:00
Douwe Maan 046b283127 Groundwork for merging CI into CE 2015-08-25 18:42:46 -07:00
Robert Speicher 2c3e42e4a4 Remove user_color_scheme_class 
Instead of rendering this value server-side, we use Javascript and Gon
to apply the user's color scheme (or the default) to any syntax
highlighted code blocks.

This will make it easier to cache these blocks in the future because
they're no longer state-dependent.
 2015-08-25 15:32:38 -07:00
Artem Sidorenko e238a8dad5 Import sources: show only enabled sources 2015-08-20 12:13:22 +02:00
Douwe Maan 70a3c165a9 Allow custom label to be set for authentication providers. 2015-07-23 15:20:12 +02:00
Stan Hu f4f216db67 Only enable HSTS header for HTTPS and port 443 
Closes https://github.com/gitlabhq/gitlabhq/issues/9449
 2015-07-12 21:37:10 -07:00
Robert Speicher 335749d754 Ensure `@sort` is set by set_filters_params 
Closes #1750
 2015-07-08 18:17:13 -04:00
Daniel Gerhardt bee3979a4a Fix redirection to home page URL for unauthorized users 
Redirection to the home page URL was broken by changing the target for
`root_url` from `DashboardController` to `RootController` in
94d3c1433d. This regression was introduced
in the 7.12.0 release.

Fixes #1916.
 2015-07-03 00:22:20 +02:00
Stan Hu 07efb17e10 Fix 403 Access Denied error messages when accessing Labels section in a project that has MRs disabled but issues enabled 
Closes #1813
 2015-06-18 03:15:05 -07:00
Alex Lossent 60225a067d Allow to configure a URL to show after sign out 2015-05-29 18:20:15 +02:00
Douwe Maan 45e4727f97 Set milestone on new issue when creating issue from index with milestone filter active. 2015-05-27 14:22:11 +02:00
Robert Speicher e512f770cd Fix Devise parameter sanitizer for otp_attempt 2015-05-09 17:31:40 -04:00
Dmitriy Zaporozhets de9e1c3bad Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported 2015-05-09 17:31:10 -04:00
Dmitriy Zaporozhets e097812f57 Merge pull request #9234 from dsander/group-milestones-by-title 
Group milestones by title in the dashboard and all other issue views
 2015-05-03 14:29:31 +03:00
Douwe Maan 92fd3ccee0 Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 10:39:16 +02:00
Dominik Sander 8d17e79d1d Removed unused ApplicationController#set_filter_values method 
The instance variables assigned in `set_filter_values` are not used by
anything anymore.
 2015-05-01 00:18:40 +02:00
Robert Speicher aa9435cddb Remove duplicate settings for default_url_options 
Closes internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2269
 2015-04-25 19:46:04 -04:00
Dmitriy Zaporozhets d4fb062d97 Merge branch 'sign-out-to-sign-in' into 'master' 
Redirect to sign in page after signing out.

Addresses internal issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2125.

See merge request !541
 2015-04-23 12:38:11 +00:00
Jeroen van Baarsen 5a4ebfb47a Fixed the Rails/ActionFilter cop 
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
 2015-04-20 15:39:37 +02:00
Douwe Maan 80657c818c Redirect to sign in page after signing out. 2015-04-18 12:06:50 +02:00
Douwe Maan 36b54fc04f Don't crash when project repository doesn't exist. 2015-04-14 23:26:53 +02:00
Douwe Maan 0ece6bd828 Use `\A` and `\z` in regexes instead of `^` and `$`. 2015-04-10 18:31:07 +02:00
Stan Hu dfd256f29e Support configurable attachment size via Application Settings 
Fix bug where error messages from Dropzone would not be displayed on the issues page

Closes #1258
 2015-04-02 00:04:08 -07:00
Stan Hu 8173ef976f Set Application controller default URL options to ensure all url_for calls are consistent 
Closes #1249
 2015-03-25 12:27:10 -07:00
Dmitriy Zaporozhets f0cbbd70bb Use same constant for amount of items per page 2015-03-12 15:37:00 -07:00
Dmitriy Zaporozhets 6de4e4a622 Include route helper shortcut in controller 2015-02-26 09:34:20 -08:00
Douwe Maan 448817c4de Load public key in initializer. 2015-02-24 15:07:24 +01:00
Vinnie Okada 76aad9b76e Upgrade to Rails 4.1.9 
Make the following changes to deal with new behavior in Rails 4.1.2:

* Use nested resources to avoid slashes in arguments to path helpers.
 2015-02-14 11:09:23 -07:00
Dmitriy Zaporozhets bbca6a0abd Refactor sorting in project 2015-02-05 19:15:05 -08:00
Marin Jankovski 537cd66d7e Add gitlab internal issue tracker service. 2015-01-28 09:28:17 -08:00
Steven Burgart 5c80160218 Fix various typos 
signe-in -> signed-in
go_to_gihub_for_permissions -> go_to_github_for_permissions
descendand -> descendant
behavour -> behaviour
recepient_email -> recipient_email
generate_fingerpint -> generate_fingerprint
dependes -> depends
Cant't -> Can't
wisit -> visit
notifcation -> notification
sufficent_scope -> sufficient_scope?
levet -> level
 2015-01-18 10:29:37 -05:00
Dmitriy Zaporozhets f2eb234c06 Fix passign args to original authenticate_user! 2015-01-16 18:12:15 -08:00
Dmitriy Zaporozhets 41d7be3ce1 Allow to specify home page for non logged-in users 2015-01-16 16:01:15 -08:00
Dmitriy Zaporozhets 57a65ede77 Improve application settings and write tests 2015-01-08 09:53:35 -08:00
Dmitriy Zaporozhets 465f186954
Show assigned issues/mr be default on dashboard 
This was default before but now it fixed with providing assignee_id
parameter making url shareble and dont reset when other filters users.

Also this commit removes old methods that are not used any more.

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-12-26 18:33:53 +02:00
Dmitriy Zaporozhets 97d7c06f78
Fix scroll problems and disable authorized_only filter 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-12-24 12:56:03 +02:00
Dmitriy Zaporozhets 7b792af872
Improvements to issues/mr filters: 
* use filter_params variable when set filter values
* fix project issues spinach tests

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-12-24 11:39:03 +02:00
Dmitriy Zaporozhets 016981c009
Refactor issuable list pages 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-12-24 11:04:33 +02:00
Dmitriy Zaporozhets 47634e392f
Refactor issues and merge requests lists 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-12-23 18:49:39 +02:00
Dmitriy Zaporozhets beabf5db8c Merge pull request #8091 from cirosantilli/factor-ability-abilities 
Factor abilities methods
 2014-10-28 12:09:55 +02:00
Dmitriy Zaporozhets 1657750a6a Merge pull request #8028 from cirosantilli/rm-dev-tools 
Remove unused dev_tools helper.
 2014-10-21 11:55:36 +03:00
Dmitriy Zaporozhets 8ad9a75f88 Merge pull request #8030 from cirosantilli/factor-authorize 
Factor authorize_push! and authorize_code_access!
 2014-10-21 11:43:12 +03:00
Ciro Santilli 9e1b97ad99 Use @project on controllers, don't call method 
Also memoize the method to ensure that other methods in
ApplicationController that rely on it can call it efficiently.
 2014-10-19 23:36:23 +02:00
Ciro Santilli b66a152735 Factor abilities methods 
in app controller, user model and services.
 2014-10-19 11:12:39 +02:00
Ciro Santilli 4d0d5e79ba Factor authorize_push! and authorize_code_access! 
with existing method_missing. Pattern already used extensively,
so let's be consistent and use it everywhere.
 2014-10-13 21:31:49 +02:00
Ciro Santilli c278520f9b Remove unused dev_tools helper. 2014-10-13 21:21:58 +02:00
Dmitriy Zaporozhets f815115de6
Protect from forgery with exception 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-10-06 16:18:25 +03:00
Ciro Santilli 2e9f5de868 Add parenthesis to function def with arguments. 2014-10-03 09:18:46 +02:00
Jacob Vosmaer 669682686e Move LDAP timeout code to Gitlab::LDAP::Access 2014-08-06 18:03:01 +02:00
Marin Jankovski 07b9d80604 Use devise stored_location to redirect after signing for both public and private pages. 2014-07-11 19:53:10 +02:00
Marin Jankovski 55efb2d9f2 Revert "Merge branch 'redirect_after_login' into 'master'" 
This reverts commit 5aaa35656e, reversing
changes made to 5b8c176767.
 2014-07-11 19:53:10 +02:00
Marin Jankovski 60cc1d8e92 Override strong params for sign up. 2014-07-10 19:31:05 +02:00
Marin Jankovski 108be8a666 Update to accomodate devise deprecations and backward incompatible changes. 2014-07-10 13:56:35 +02:00
Marin Jankovski 1e3fce1a82 Check for the correct param for token. 2014-07-10 13:10:37 +02:00
Marin Jankovski 4024aa8e81 Try to keep token authenticable compatibility 2014-07-09 14:42:25 +02:00
Marin Jankovski 26d1bd7c2a Set return url as param. 2014-06-19 14:20:25 +02:00
Marin Jankovski a1eb1ad168 Redirect back to current page after sign in. 2014-06-19 11:24:59 +02:00
Dmitriy Zaporozhets ae564c97d4
Dont expose user email via API 
To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-13 17:46:48 +03:00
Dmitriy Zaporozhets a7be3dfa30
Remove set of thread variables 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-10 17:51:49 +03:00
Dmitriy Zaporozhets d95d56f0b9
Add current_user_id to gon vars 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-04 18:07:15 +03:00
Drew Blessing 5f25cdfe19 Implement Merge Request Labels 2014-05-13 06:41:36 -05:00
Dmitriy Zaporozhets 84d17f7965
Skip require email for devise controllers 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-04-07 14:32:59 +03:00
Dmitriy Zaporozhets a73df4f72d
Allow oauth signup without email 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-04-07 14:09:29 +03:00
Jacob Vosmaer 48e9054056 Open/close LDAP in ApplicationController 
By opening the LDAP connection at the controller level we can reuse it
for all LDAP queries during the request.
 2014-03-14 09:03:49 +01:00
Dmitriy Zaporozhets c6d39a14d6
Add User#requires_ldap_check? method 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-11 10:24:07 +02:00
Dmitriy Zaporozhets e57e1e04e3
Remove non-exist method from ldap security check 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-11 09:15:04 +02:00
Dmitriy Zaporozhets b1ff8e31b1
Add ldap check in application_controller and internal api 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-10 17:10:23 +02:00
Dmitriy Zaporozhets a9280de11f
Better redirect for edit blod from MergeRequest 
If you cancel edit you will be redirected back to merge request
If you submit changes you will be redirected back to merge request

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-26 14:06:31 +02:00
Dmitriy Zaporozhets 2171bbcd6e
Update rack profiler 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-25 17:41:56 +02:00
Ciro Santillli 439a61783d User can leave group from group page. 2014-02-12 15:52:53 +01:00
Dmitriy Zaporozhets 348e44ef06
Dont use avatars for user select if avatar is disabled 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-11 15:49:39 +02:00
Dmitriy Zaporozhets 0c637acb69
Add login and remember_me to devise permit list 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-01-14 20:28:41 +02:00
Marin Jankovski 8a0bfa4998 Do not include subtomains in STS header. 2014-01-03 16:02:57 +01:00
Marin Jankovski 94c96cd445 HTTP headers protect against MIME-sniffing, force https if enabled. 2013-12-30 09:41:05 +01:00
xyb 498ec08da3 Force IE use latest engine to render. 2013-12-27 19:38:29 +08:00
Dmitriy Zaporozhets f088c867a4
Fix signup for rails4 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-12-10 13:35:10 +02:00
Dmitriy Zaporozhets b3c1d0d8df Added allow_blank to model validations 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-12-10 12:11:27 +02:00
Jason Hollingsworth c099074fcc Fix 404 on project page for unauthenticated user 
Eliminate a 404 error when user is not logged in and attempts to visit
a project page.

The 404 page will still show up when user is logged in and the project
doesn’t exist or the user doesn’t have access.
 2013-12-04 13:10:20 -06:00
Dmitriy Zaporozhets da10cad1da
Drop rjs from Issues#index 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-11-29 15:05:32 +02:00
Dmitriy Zaporozhets 33aea41708
Drop rjs from Infinite scrolling 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-11-28 11:38:20 +02:00
Jason Hollingsworth d9bb4230cc Adding authenticated public mode (internal). 
Added visibility_level icons to project view (rather than just text).
Added public projects to search results.
Added ability to restrict visibility levels standard users can set.
 2013-11-26 22:22:07 -06:00
Angus MacArthur aefe2e952f Fixing unsafe use of Thread.current variable :current_user 2013-10-16 01:20:53 -04:00
Dmitriy Zaporozhets 3cbfb1ee7c Remove .git from project url end redirect 
Ex. redirect from
  localhost/group/project.git
to
  localhost/group/project

It used to prevent 404 error when follow submodule http link
like http://localhost/group/project.git
 2013-10-14 13:27:39 +03:00
Izaak Alpert ca1b67ce38 Don't show users password change page if ldap users 2013-09-17 22:38:08 -04:00
Dmitriy Zaporozhets 17af835387 Add event filter for group and project show pages 2013-08-26 16:30:03 +03:00
Dmitriy Zaporozhets fb492386c5 Fix accidentally removed class name 2013-08-21 12:33:12 +03:00
Dmitriy Zaporozhets fd1661468f Remove can_create_team code from user 2013-08-21 12:31:47 +03:00
Dmitriy Zaporozhets 9ea5766c35 Improve permissions on tags/branches 2013-07-17 08:26:00 +03:00
Dmitriy Zaporozhets b3ef63a0a5 Migrate global project taks. Removed more teams related functionality 2013-06-19 19:48:48 +03:00
Dmitriy Zaporozhets fbf6989903 Force admin to change password after first sign-in 2013-06-13 20:06:33 +03:00
Dmitriy Zaporozhets 94be732026 Add password_expires_at to users table 2013-06-13 20:01:35 +03:00
Dmitriy Zaporozhets 5b40780290 Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 19:53:04 +03:00
Dmitriy Zaporozhets 993af5d0d2 cattr_accessor is not threadsafe! 2013-06-11 18:15:18 +03:00
Jean-Luc Geering 57497e9f25 enforce secure gravatar urls when Gitlab.config.gitlab.https is set 2013-05-31 10:30:21 +02:00
Peter LeFanu Lumsdaine 6b4602a733 Grammar fix in error message for blocked login (in "application_controller.rb") 2013-05-28 14:48:51 -03:00
Dmitriy Zaporozhets 233eb1c693 Rename repo feature 2013-05-25 00:07:19 +03:00
Dmitriy Zaporozhets 634cbd7138 Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 15:33:31 +03:00
Dmitriy Zaporozhets 2fc236177f Merge pull request #3801 from holdtotherod/feature/internally-public-projects 
Internally public projects
 2013-05-03 00:00:48 -07:00
Stephen Lottermoser 4c44c5ef9a Internally public projects 
Public projects listed in the public section will be linked to the
actual project's page. Public projects now give any user Guest
permissions to the project, allowing them to download the code, read
and create issues, and view anything else in the project's pages.

Ample access tests have been added to the project_access_spec to
verify correct permissions and behavior on public projects.
- Visitors to the site who are not logged in still cannot view the
  project's pages.
- Logged-in users visiting a public project where they are not a team
  member can create issues, but not snippets. They can view the projects
  code, issues, merge requests, etc, just as if they were a Guest member
  of the project.
- Since this is a public project, the user is also granted :download_code
  permissions, a permission normally reserved for Reporters, since they
  can clone the repo anyways and browse commits and branches locally.
 2013-05-02 00:06:59 -07:00
Christian Simon 529376bb0b [BUGFIX] User suggest at team_members/new not working with relative_url_root 
* Closing #3540
* Closing #3704
 2013-04-24 19:40:09 +02:00
Dmitriy Zaporozhets ef05423f47 Finish select2-ajax for users. Added Select2Helper for tests 2013-03-14 10:16:27 +02:00
Dmitriy Zaporozhets 10f14136f5 fix setting gon.api_token 2013-03-13 23:45:47 +02:00
Dmitriy Zaporozhets bf17d976a7 add api users filter and integrate users select2 2013-03-13 23:19:09 +02:00
Andrew8xx8 0d9a6fe7b1 User's blocked field refactored to use state machine 2013-03-04 18:52:30 +04:00
Andrew8xx8 bca72eac74 Default issue tracker name added to gon variables 2013-02-28 16:11:14 +04:00
Dmitriy Zaporozhets 27d9ac0fe8 Make gitlab works with gitlab-shell 2013-02-04 15:07:56 +02:00
Dmitriy Zaporozhets 85de55a120 Dont allow gitlab be loaded in iframe 2013-02-02 20:32:13 +02:00
Dmitriy Zaporozhets 3ddd9f753c Fix mass-assignment. Dont allow users w/o access to create team 2013-01-25 15:42:41 +02:00
Andrey Kumanyaev 18bd1c9d30 update all teams code. refactoring and some corrections 2013-01-24 22:31:25 +02:00
Dmitriy Zaporozhets 39ba934c0a REpostiry, Team models 2013-01-03 21:09:18 +02:00
Dmitriy Zaporozhets cc0295b789 Only owner can remove project 2012-12-05 06:14:05 +03:00
Dmitriy Zaporozhets c177593e2c Merge pull request #2059 from dolanor/feature-rewording-blocked-users 
Rewording for the account being blocked
 2012-11-30 12:50:06 -08:00
Dmitriy Zaporozhets eb1004f789 Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces 2012-11-29 12:39:03 +02:00
Tanguy Herrmann 70ef433e09 Rewording for the account being blocked 
When signing in with SSO, if the default behaviour of gitlab is to block SSO user, the only message the people will get is 'Your account was blocked'

They should get the idea this might be only temporary and not because of a technical problem
 2012-11-24 18:21:57 +01:00
Dmitriy Zaporozhets f37fa968b2 add ability to change namespace from project edit page 2012-11-24 22:00:30 +02:00
Dmitriy Zaporozhets c50ec72b52 Deprecate code for Project. Use title and path 2012-11-23 21:11:09 +03:00