8da0fac362
Add latest changes from gitlab-org/gitlab@master
2024-04-12 18:16:02 +00:00
808b8561f4
Add latest changes from gitlab-org/gitlab@master
2024-01-04 21:07:37 +00:00
5f6fe673fa
Add latest changes from gitlab-org/gitlab@master
2023-12-11 09:15:23 +00:00
a283b2d9d0
Add latest changes from gitlab-org/gitlab@master
2023-08-30 18:10:26 +00:00
3849f5bb99
Add latest changes from gitlab-org/gitlab@master
2023-08-08 18:10:59 +00:00
6c3503cc3b
Add latest changes from gitlab-org/gitlab@master
2023-07-31 18:08:41 +00:00
3b28c7e3b2
Add latest changes from gitlab-org/gitlab@master
2023-06-30 15:10:49 +00:00
e9a3e8b891
Add latest changes from gitlab-org/gitlab@master
2023-06-28 06:10:32 +00:00
afd8f58f2d
Add latest changes from gitlab-org/gitlab@master
2023-06-15 00:07:23 +00:00
638e2f1c5f
Add latest changes from gitlab-org/gitlab@master
2023-06-06 15:09:27 +00:00
22ecb1e3fc
Add latest changes from gitlab-org/gitlab@master
2023-02-28 12:14:07 +00:00
4e7abe540d
Add latest changes from gitlab-org/gitlab@master
2023-02-23 21:10:28 +00:00
99f4b14cb0
Add latest changes from gitlab-org/gitlab@master
2023-02-17 15:09:22 +00:00
453634293e
Add latest changes from gitlab-org/gitlab@master
2023-02-09 18:07:44 +00:00
2fdee6d838
Add latest changes from gitlab-org/gitlab@master
2022-11-30 00:09:01 +00:00
cc626f1411
Add latest changes from gitlab-org/gitlab@master
2022-11-17 00:09:56 +00:00
4612d16c2d
Add latest changes from gitlab-org/gitlab@master
2022-08-26 18:12:09 +00:00
14771dc276
Add latest changes from gitlab-org/gitlab@master
2022-08-15 12:11:43 +00:00
948023c9c9
Add latest changes from gitlab-org/gitlab@master
2022-06-10 12:09:36 +00:00
842ac3526c
Add latest changes from gitlab-org/gitlab@master
2022-04-08 18:08:29 +00:00
13f6669657
Add latest changes from gitlab-org/gitlab@master
2021-12-20 18:13:27 +00:00
1c7411c597
Add latest changes from gitlab-org/gitlab@master
2021-11-11 12:10:41 +00:00
a10d237d37
Add latest changes from gitlab-org/gitlab@master
2021-03-30 12:10:51 +00:00
1fdc1d34e8
Add latest changes from gitlab-org/gitlab@master
2021-02-19 12:11:06 +00:00
15714832c8
Add latest changes from gitlab-org/gitlab@master
2021-02-18 15:09:43 +00:00
5231344d99
Add latest changes from gitlab-org/gitlab@master
2021-02-11 15:09:11 +00:00
9f5ac379c7
Add latest changes from gitlab-org/gitlab@master
2021-02-11 12:08:52 +00:00
b5944525b0
Add latest changes from gitlab-org/gitlab@master
2021-02-09 21:09:19 +00:00
f1500a385a
Add latest changes from gitlab-org/gitlab@master
2021-02-04 12:09:25 +00:00
9b09561f47
Add latest changes from gitlab-org/gitlab@master
2020-12-09 18:09:48 +00:00
feb61d56e7
Add latest changes from gitlab-org/gitlab@master
2020-11-13 18:09:11 +00:00
2368893df7
Add latest changes from gitlab-org/gitlab@master
2020-08-31 15:10:41 +00:00
bdca097916
Add latest changes from gitlab-org/gitlab@master
2020-08-11 03:11:00 +00:00
d5cf5cf4f7
Add latest changes from gitlab-org/gitlab@master
2020-07-17 00:09:37 +00:00
8b0ef13236
Add latest changes from gitlab-org/gitlab@master
2020-06-03 18:08:28 +00:00
c9d79ef3b5
Add latest changes from gitlab-org/gitlab@master
2020-05-26 15:08:17 +00:00
1219a9dce9
Add latest changes from gitlab-org/gitlab@master
2020-04-01 15:07:45 +00:00
db24ab2b72
Add latest changes from gitlab-org/gitlab@master
2020-01-28 12:08:44 +00:00
7f3bff1556
Add latest changes from gitlab-org/gitlab@master
2019-11-19 03:06:07 +00:00
29c01c6c91
Add latest changes from gitlab-org/gitlab@master
2019-11-14 03:06:25 +00:00
b3e4ec8e8a
Add latest changes from gitlab-org/gitlab@master
2019-10-23 09:06:03 +00:00
25989ab7ef
Add latest changes from gitlab-org/gitlab@master
2019-10-18 11:11:44 +00:00
21b5239a00
Merge branch 'security-2853-prevent-comments-on-private-mrs' into 'master'
...
Ensure only authorised users can create notes on merge requests and issues
See merge request gitlab/gitlabhq!3137
2019-08-29 21:34:27 +00:00
926bf71e51
Improve specs for Issues and Notes controllers
...
This adds test that Todos are completed.
https://gitlab.com/gitlab-org/gitlab-ce/issues/63372
2019-08-21 11:39:41 +12:00
d30a90a354
Prevent unauthorised comments on merge requests
...
* Prevent creating notes on inaccessible MRs
This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.
* Prevent creating notes in inaccessible Issues
without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.
* Add CHANGELOG entry
2019-08-07 03:04:33 +01:00
0e99daae4a
Use NotesFinder in IssuableActions module
...
Remove project from NotesFinder constructor
Add project parameter to specs
Also look for methods in private scope
Fix specs to match new NotesFinder constructor
2019-08-01 10:42:42 +02:00
7b87ed1499
Cleanup usages of `JSON.parse` in specs
...
Prefer `json_response` where applicable.
2019-07-16 08:03:49 +00:00
12d7b3937f
Correctly check permissions when creating snippet notes
...
In the Snippets::NotesController the noteable was resolved and
authorized through the :snippet_id, so by passing a :target_id for a
different snippet it was possible to create a note on a snippet
where the user would be unauthorized to do so otherwise.
This fixes the problem by ignoring the :target_id and :target_type from
the request, and using the same noteable for creation and authorization.
2019-06-06 09:32:18 +02:00
93a44e135b
Add some frozen string to spec/**/*.rb
...
Adds frozen string to the following:
* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb
xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
2019-04-15 10:17:05 +00:00
3d85406734
Only return `commands_changes` used in frontend
...
When executing quick actions, this limits the `commands_changes`
response to only those used by the frontend
2019-03-18 13:28:35 -05:00
GitLab Bot
GitLab Release Tools Bot
Luke Duncalfe
Alex Kalderimis
Patrick Derichs
Peter Leitzen
Markus Koller
gfyoung
Heinrich Lee Yu