root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
80,536 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

61 Commits

Author SHA1 Message Date
Lin Jen-Shin 4ee08b77bc Updates from `rubocop -a` 2018-07-09 21:13:08 +08:00
blackst0ne 350e26b8a6 [Rails5] Use `safe_params` instead of `params` in `url_for` helpers 
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
 2018-04-28 21:35:16 +11:00
Bob Van Landuyt 12dd2b0cc0 Share collaboration check between view and presenter 2018-04-11 10:51:15 +02:00
Bob Van Landuyt 8ad9c4e873 Rename `create_merge_request` permissions 
So we can distinguish between the permissions on the source and the
target project.

- `create_merge_request_from` indicates a user can create a merge
  request with the project as a source_project
- `create_merge_request_in` indicates a user can create a merge
  request with the project as a target_project
 2018-04-11 10:51:15 +02:00
Bob Van Landuyt ec43e36444 Prevent new merge requests for archived projects 
This prevents creating merge requests targeting archived projects.

This could happen when a project was already forked, but then the
source was archived.
 2018-04-11 10:51:14 +02:00
Bob Van Landuyt e74879280f Allow maintainers to edit directly in a fork 2018-03-07 16:55:34 +01:00
Christiaan Van den Poel 66ebb206b0 disables the shortcut to the issue boards when issues are disabled 2018-01-08 09:06:25 +00:00
Jen-Shin Lin bd46c8abfd Merge branch 'security-10-1' into '10-1-stable' 
Security fixes for 10.1 RC

See merge request gitlab/gitlabhq!2209
 2017-10-17 15:58:58 -07:00
Zeger-Jan van de Weg 04cd47dd5a
Don't show references to Pages when not available 
In this instance its subgroups, and given we can't deploy it, we
shouldn't allow it to be shown.

Fixes gitlab-org/gitlab-ce#34864
 2017-08-31 09:27:42 +02:00
Nick Thomas e4391c7190 Backport changes from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2328 2017-07-21 18:45:12 +01:00
Douwe Maan fe13f11041 Create and use project path helpers that only need a project, no namespace 2017-07-05 11:11:59 -05:00
Nick Thomas 8e5bf9d8dc Use the new check_project_feature_available! method in project controllers 2017-06-21 10:56:45 +01:00
Nick Thomas 03228cb5b6 Backport check_project_feature_available! from EE 2017-06-21 10:56:45 +01:00
Kamil Trzcinski 25b99a5b3b Update tests and application 2017-06-13 16:05:38 +02:00
Michael Kozono 49697bc8df Refactor to more robust implementation 
In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change:

When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.
 2017-05-19 09:13:27 -07:00
Kamil Trzciński 6ad3814e1b Merge branch 'feature/gb/manual-actions-protected-branches-permissions' into 'master' 
Check access to a branch when user triggers manual action

Closes #20261

See merge request !10494
 2017-05-06 17:17:02 +00:00
Michael Kozono e1c245af51 Resolve discussions 2017-05-05 12:12:51 -07:00
Michael Kozono f05469f99b Resolve discussions 2017-05-05 12:12:50 -07:00
Michael Kozono 9e48f02ea8 Dry up routable lookups. Fixes #30317 
Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.
 2017-05-05 12:12:50 -07:00
Michael Kozono 7d02bcd2e0 Redirect from redirect routes to canonical routes 2017-05-05 12:11:57 -07:00
Grzegorz Bizon 61dd92aaff Authorize build update on per object basis 2017-05-05 14:04:45 +02:00
Mark Fletcher 3ce95e7c16 Disable navigation to Pages config if Pages is disabled 
* Regards project-level pages config
- Nav link is now shown only if Pages is enabled for instance
- Navigation to following controllers denied if Pages disabled:
  * projects/pages_controller
  * projects/pages_domains_controller
- 'disabled' partial removed
+ Test for pages_controller introduced
 2017-05-04 14:11:40 +08:00
Douwe Maan d170133bde Refactor changing files in web UI 2017-04-20 00:37:44 +00:00
Jacopo 7b04b63eeb New directory from interface on existing branch 
The user can create a new directory on a different branch than the
source branch when the branch already exists.
 2017-03-21 11:51:53 +01:00
Sam Rose 3c4dc43384 Dispatch needed JS when creating a new MR in diff view 2017-02-14 13:39:42 -05:00
Sean McGivern b7685ad113 Merge branch 'git_to_html_redirection' into 'master' 
Redirect http://someproject.git to http://someproject

Closes #26275

See merge request !8951
 2017-02-03 21:06:02 +00:00
blackst0ne 63dac85385 Fixed redirection from http://someproject.git to http://someproject 2017-02-04 00:00:26 +11:00
Adam Pahlevi a0586dbc16 replace `find_with_namespace` with `find_by_full_path` 
add complete changelog for !8949
 2017-02-03 07:14:04 +07:00
Felipe Artur 892dea6771 Project tools visibility level 2016-09-01 11:47:59 -03:00
Ruben Davila 22ce76d447 Refactor to mark Changes tab as active on new MR page. 2016-08-18 07:33:27 -05:00
Paco Guzman 208b18c956 Unify check branch name exist 2016-06-20 21:44:21 +02:00
Zeger-Jan van de Weg be613de2cf Project#show on projects pending deletion will 404 
fixes #17508
 2016-05-28 03:14:43 -07:00
Robert Speicher 8530ce4c6f Clarify that the diff view setting always comes from the cookie 
This invalidates one test, which we've removed.
 2016-04-19 17:47:58 -04:00
Stan Hu 924e4b3700 Return status code 303 after a branch DELETE operation to avoid project deletion 
Closes #14994
 2016-04-06 21:11:10 -07:00
Douwe Maan 31266c5be4 Address feedback 2016-03-22 00:09:20 +01:00
Douwe Maan 7c51d5efec Fix some specs 2016-03-20 22:55:08 +01:00
Douwe Maan 8db1292139 Tweaks, refactoring, and specs 2016-03-20 21:04:07 +01:00
Rémy Coutable f6d816f9fe Add a controller test for the new 'diff_view' cookie 2016-02-05 15:40:44 +01:00
kkm cf1349adb7 Remember user's inline/tabular diff view preference in a cookie 2016-02-05 15:40:44 +01:00
Kamil Trzcinski e80e3f5372 Migrate CI::Project to Project 2015-12-11 18:02:09 +01:00
Robert Speicher e6668f8e34 Merge branch 'edit-in-patch-branch' into 'master' 
Default target branch to patch-n when editing file in protected branch

Fixes #3441

See merge request !2021
 2015-12-08 22:04:52 +00:00
Douwe Maan 57d71520bd Make tooltip less confusing 2015-12-08 22:30:40 +01:00
Douwe Maan 86a09cfaf1 `builds_enabled` rather than `ci_enabled` 2015-12-08 13:06:53 +01:00
Kamil Trzcinski 6384c757b7 Expose CI enable option in project features 
- Enable CI by default for all new projects
 2015-11-13 10:52:50 +01:00
Dmitriy Zaporozhets 87240e989b
Move CI project settings page to CE project settings area 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2015-09-29 16:07:44 +02:00
Dmitriy Zaporozhets 037defc7de
Move CI variables page to project settings 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2015-09-28 17:19:20 +02:00
Dmitriy Zaporozhets 50cff3e400
Check for CI enabled in correct place 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2015-09-24 09:47:52 +02:00
Dmitriy Zaporozhets 64e12d5853
Add header for ci graphs and check that it is enabled 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2015-09-24 09:44:38 +02:00
Douwe Maan 26ad250989 Add a page title to every page. 2015-04-30 19:12:15 +02:00
Jeroen van Baarsen 5a4ebfb47a Fixed the Rails/ActionFilter cop 
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
 2015-04-20 15:39:37 +02:00