LDAP Sync blocked user edgecases
Allow GitLab admins to block otherwise valid GitLab LDAP users
(https://gitlab.com/gitlab-org/gitlab-ce/issues/3462)
Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other.
Expected behavior:
- [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?`
- [x] "ldap_blocked" users can't be unblocked by the Admin UI
- [x] "ldap_blocked" users can't be unblocked by the API
- [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked"
- [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization
- [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked`
Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users:
There will be another MR for the EE version.
See merge request !2242
Show referenced MRs & Issues only when the current viewer can access them
This addresses both issues identified in #6066.
## The private MR by user `remy2` with a note referencing to a public issue
---
## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** before the fix
---
## The public issue viewed by user `remy` **who doesn't have access to `remy2/private-project`** with the fix
---
## The public issue viewed by user `remy2` with the fix (no change)
See merge request !2405
* 8-4-stable: (280 commits)
Add Changelog entry for build traces data integrity fix
Update doc_styleguide.md [ci skip]
Added hint that you can search users by name, username, or email.
Add changelog
Version 8.4.0.rc1
Randomize metrics sample intervals
Make the metrics sampler interval configurable
Don't automatically require awesome_print
Disable colorization if STDOUT is not a tty
Block the reported user before destroying the record
changes `$quote-gray` to `$secondary-text`
makes message plural for multiple MRs and removes from loop. Duh.
Prepare Installation and Update docs for 8.4 RC1
Mention channel/key bug in irkerd docs
Revert "Remove the `:coffee` and `:coffeescript` Haml filters"
gets merge request discussion working again
adds back in discussion.haml.html for issues commenting and closing/reopening properly.
removing last chunk of MR ajax changes, rest will be in another MR
reverting more MR ajax files, will appear in different commit
reverting MR ajax changes, which will be in a different MR
...
* 8-4-stable: (285 commits)
Add Changelog entry for build traces data integrity fix
Update doc_styleguide.md [ci skip]
Added hint that you can search users by name, username, or email.
Add changelog
Version 8.4.0.rc1
Randomize metrics sample intervals
Make the metrics sampler interval configurable
Don't automatically require awesome_print
Disable colorization if STDOUT is not a tty
Block the reported user before destroying the record
changes `$quote-gray` to `$secondary-text`
makes message plural for multiple MRs and removes from loop. Duh.
Prepare Installation and Update docs for 8.4 RC1
Mention channel/key bug in irkerd docs
Revert "Remove the `:coffee` and `:coffeescript` Haml filters"
gets merge request discussion working again
adds back in discussion.haml.html for issues commenting and closing/reopening properly.
removing last chunk of MR ajax changes, rest will be in another MR
reverting more MR ajax files, will appear in different commit
reverting MR ajax changes, which will be in a different MR
...
* master: (76 commits)
Add Changelog entry for build traces data integrity fix
Update doc_styleguide.md [ci skip]
Added hint that you can search users by name, username, or email.
Add changelog
Randomize metrics sample intervals
Make the metrics sampler interval configurable
Don't automatically require awesome_print
Disable colorization if STDOUT is not a tty
Block the reported user before destroying the record
changes `$quote-gray` to `$secondary-text`
makes message plural for multiple MRs and removes from loop. Duh.
Prepare Installation and Update docs for 8.4 RC1
Mention channel/key bug in irkerd docs
Revert "Remove the `:coffee` and `:coffeescript` Haml filters"
gets merge request discussion working again
adds back in discussion.haml.html for issues commenting and closing/reopening properly.
removing last chunk of MR ajax changes, rest will be in another MR
reverting more MR ajax files, will appear in different commit
reverting MR ajax changes, which will be in a different MR
reverting _mr_title.html.haml
...
Sampling data at a fixed interval means we can potentially miss data
from events occurring between sampling intervals. For example, say we
sample data every 15 seconds but Unicorn workers get killed after 10
seconds. In this particular case it's possible to miss interesting data
as the sampler will never get to actually submitting data.
To work around this (at least for the most part) the sampling interval
is randomized as following:
1. Take the user specified sampling interval (15 seconds by default)
2. Divide it by 2 (referred to as "half" below)
3. Generate a range (using a step of 0.1) from -"half" to "half"
4. Every time the sampler goes to sleep we'll grab the user provided
interval and add a randomly chosen "adjustment" to it while making
sure we don't pick the same value twice in a row.
For a specified timeout of 15 this means the actual intervals can be
anywhere between 7.5 and 22.5, but never can the same interval be used
twice in a row.
The rationale behind this change is that on dev.gitlab.org I'm sometimes
seeing certain Gitlab::Git/Rugged objects being retained, but only for a
few minutes every 24 hours. Knowing the code of Gitlab and how much
memory it uses/leaks I suspect we're missing data due to workers getting
terminated before the sampler can write its data to InfluxDB.
Block the reported user before destroying the record
This is intended to prevent the user from creating new objects while the
transaction that removes them is being run, resulting in objects with
nil authors which can then not be edited.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/7117
See merge request !2402
Make sure time_ago_with_tooltip is using a Time object
Somehow this test existed on EE but not in CE, so it started failing
after a bad CE-to-EE merge.
See merge request !2398
This is intended to prevent the user from creating new objects while the
transaction that removes them is being run, resulting in objects with
nil authors which can then not be edited.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/7117
Where a vew is called from doesn't matter as much. We already know what
action they belong to and this is more than enough information. By
removing the file/line number from the list of tags we should also be
able to reduce the number of series stored in InfluxDB.
This gives a very rough estimate of how much memory is allocated during
a transaction. This only works reliably when using a single-threaded
application server and a Ruby implementation with a GIL as otherwise
memory allocated by other threads might skew the statistics. Sadly
there's no way around this as Ruby doesn't provide a reliable way of
gathering accurate object sizes upon allocation on a per-thread basis.
Without this it's impossible to find out what methods/views/queries are
executed by a certain controller or Sidekiq worker. While this will
increase the total number of series it should stay within reasonable
limits due to the amount of "actions" being small enough.
Improve performance of getting issues on group level
For testing I used the URL http://localhost:3000/groups/gitlab-org/issues?milestone_title=8.1. Prior to these changes said URL would take about 10-12 seconds to load. By applying these changes the loading time has been reduced to roughly 2-3 seconds.
There's still some stuff going on in some views that I have to look at, resolving those changes might reduce the loading time a bit more. I also still have to check if I didn't break too many tests.
Fixes: gitlab-org/gitlab-ce#3707 gitlab-org/gitlab-ce#4071
See merge request !2318
* master: (143 commits)
Only load autocomplete data when actually needed
Check for current user
Add pencil icon to edit group settings
Issue #5817 wording of the web hooks updated on issue and merge events
use JavaScript instead of CoffeeScript in Views, the reason #9819
Before project save ensure that a runners_token exists
Fix Error 500 when visiting build page of project with nil runners_token
Remove outdated gitlab-git-http-server reference from Install doc
Fix typo in build page of projects
Update docs for shared runner default settings
Disable "Already Blocked" button in admin abuse report page
Add CHANGELOG entry for reply-by-email fix
Use WOFF versions of SourceSansPro
Clean up document on adding users to a project
Refactor ZenMode
Fix caching issue where build status was not updating in project dashboard
Add a CHANGELOG entry for The Most Important Feature of All Time(TM)
changes verb `references` to noun `reference`.
fixes new branch button positioning, when visible and not visible container
DRY up upload and download services
...
Refactor ZenMode
- No longer depends on the "hidden checkbox".
- No longer depends on manually storing/restoring the scroll position.
Instead, we take advantage of jquery.scrollTo.
- Event-based.
- Simplifies the state-based styling.
See merge request !2354
- No longer depends on the "hidden checkbox".
- No longer depends on manually storing/restoring the scroll position.
Instead, we take advantage of jquery.scrollTo.
- Event-based.
- Simplifies the state-based styling.
Suppress e-mails on failed builds if allow_failure is set
Every time I push to GitLab, I get > 2 emails saying a spec failed when I don't care about the benchmarks and others that have `allow_failure` set to `true`.
@ayufan mentioned creating a summary e-mail to prevent getting one e-mail per build, but the latter might actually be desirable. For example, I do want to know if Rubocop errors fail right away.
See merge request !2178
Fix problem with projects ending with .keys #3076Closes#3076
Move route `:username.keys` below project's routes. This allow project's to handle names ending with `.keys`
See merge request !1883
Every time I push to GitLab, I get > 2 emails saying a spec failed when
I don't care about benchmarks and other specs that have `allow_failure` set to `true`.
Since filtering by these values is very rare (they're mostly just
displayed as-is) we don't need to waste any index space by saving them
as tags. By storing them as values we also greatly reduce the number of
series in InfluxDB.
This reverts commit 7549102bb7.
Apparently I was wrong about
ActiveSupport::Notifications::Event#duration returning the duration in
seconds, instead it returns it in milliseconds already.
This fixes an issue where the user_id is not included in the data for
user_add_to_team and user_remove_from_team system hooks. The documentation
already states that the user_id should be included.
* master: (75 commits)
Fix grammar
Clarify the key generation step
Remove misleading `ssh-dsa`
markdown fixes
markdown fixes
Add `AbuseReport#notify`
Make AbuseReportMailer responsible for knowing if it should deliver
Redirect back to user profile page after abuse report
Redesign the AbuseReports index
Don't notify users twice if they are both project watchers and subscribers
Restructure logo JS to use `setInterval`
Decrease the logo sweep delay
Correct the logo ID names
Update CHANGELOG
Merge pull request GH-9938 from huacnlee/hotfix/note_mail_with_notification
Remove jquery.blockUI.js plugin
rempves tests for "you have master access" text
Revert "Merge branch 'rs-remove-jquery-blockui' into 'master'
"
removes footer message about access to project
remove public field from namespace and refactoring
...
Adds settings menu to the top for editting and leaving projects
@creamzy @skyruler @dzaporozhets
Menu contents depends on user's rights.
Fixes#4221
See merge request !2195
Tuning of metrics data to store
This removes data we don't really need, as well as making sure we don't overload any cache stores or databases.
See merge request !2265
Added system hooks messages for renaming and transferring a project
This is work in progress but I wanted to get some feedback on it in case there is something I've missed or a better way to do it.
As the title says when a project is renamed or transferred to another group a system hook message is generated.
Currently adds a couple of extra properties to the standard project system hooks messages.
old_path_with_namespace - The old path of the project so we can see what has been renamed / transferred
changed_at - The time that change took place
My main concern is if there is a better way of doing this than passing the extra_data variable into the system hook. Would it be better to extend the project model with these 2 items as transient properties as I doubt they would need to be saved to the database? The other
I've also seen, but can't find, someone talking about the emails sent when a project is renamed or transferred doesn't reference the original project path so if you have similarly named projects then you might not know what has been moved. I think the extra_data (or however it is best to implement this) would allow the extra information to be sent in emails.
Closes [System hooks for project transfer and repository rename](http://feedback.gitlab.com/forums/176466-general/suggestions/6006233-system-hooks-for-project-transfer-and-repository-r)
See merge request !611
This will be used to store/increment the total query/view rendering
timings on a per transaction basis. This in turn can greatly reduce the
amount of metrics stored.
Attempting to use the /projects/:id API by specifying :id in
"namespace/project" format would always result in a 404 if the namespace
contained a dot.
The reason? From http://guides.rubyonrails.org/routing.html#specifying-constraints:
"By default the :id parameter doesn't accept dots - this is because the dot is
used as a separator for formatted routes. If you need to use a dot within an
:id add a constraint which overrides this - for example id: /[^\/]+/ allows
anything except a slash."
Closes https://github.com/gitlabhq/gitlabhq/issues/9573
* upstream/master: (307 commits)
Update CHANGELOG
spinach fix
Updated allocations Gem to version 1.0.3
Removed various default metrics tags
Update CHANGELOG
Fix "I see current user as the first user" step
Swap Author and Assignee Selectors on issuable index view
Update CHANGELOG
Make sure that is no pending migrations in Gitlab::CurrentSettings
Added additional config environmental variables to help Debian packaging
We don't use whenever anymore. Lets remove the schedule file
Fix project transfer e-mail sending incorrect paths in e-mail notification
Update CHANGELOG
Use Gitlab::CurrentSettings for InfluxDB
Write to InfluxDB directly via UDP
Strip newlines from obfuscated SQL
Add hotfix that allows to access build artifacts created before 8.3
note votes methids implementation
When reCAPTCHA is disabled, allow registrations to go through without a code
Downcased user or email search for avatar_icon.
...
This particular setup had 3 problems:
1. Storing SQL queries as tags is very inefficient as InfluxDB ends up
indexing every query (and they can get pretty large). Storing these
as values instead means we can't always display the SQL as easily.
2. We already instrument ActiveRecord query methods, thus we already
have timing information about database queries.
3. SQL obfuscation is difficult to get right and I'd rather not expose
sensitive data by accident.
Nokogiri produces inefficient XPath expressions when given CSS
expressions such as "a.gfm". Luckily these expressions can be optimized
quite easily while still achieving the same results.
In the two cases where this optimization is applied the run time has
been reduced from around 170 ms to around 15 ms.
While it's useful to keep track of the different versions (Ruby, GitLab,
etc) doing so for every point wastes disk space and possibly also RAM
(which InfluxDB is all to eager to gobble up). If we want to see the
performance differences between different GitLab versions simply looking
at the performance since the last release date should suffice.
* master: (108 commits)
Fix project transfer e-mail sending incorrect paths in e-mail notification
Update CHANGELOG
Use Gitlab::CurrentSettings for InfluxDB
Write to InfluxDB directly via UDP
Strip newlines from obfuscated SQL
Add hotfix that allows to access build artifacts created before 8.3
note votes methids implementation
When reCAPTCHA is disabled, allow registrations to go through without a code
Downcased user or email search for avatar_icon.
Handle missing settings table for metrics
Fix broken link in permissions page [ci skip]
reCAPTCHA is configurable through Admin Settings, no reload needed.
Fixed syntax in gitlab.yml.example
Move InfluxDB settings to ApplicationSetting
Fix spelling mistake, thanks Connor.
Restart settings are moved too.
Hotfix for builds trace data integrity
add issue weight to contributing
Added host option for InfluxDB
Fixed styling of MetricsWorker specs
...
* origin/master:
Use lazy reference extractor to get issue's MRs
Banzai::XFilter -> Banzai::Filter::XFilter
Move Markdown/reference logic from Gitlab::Markdown to Banzai
This removes the need for Sidekiq and any overhead/problems introduced
by TCP. There are a few things to take into account:
1. When writing data to InfluxDB you may still get an error if the
server becomes unavailable during the write. Because of this we're
catching all exceptions and just ignore them (for now).
2. Writing via UDP apparently requires the timestamp to be in
nanoseconds. Without this data either isn't written properly.
3. Due to the restrictions on UDP buffer sizes we're writing metrics one
by one, instead of writing all of them at once.
Storing of application metrics in InfluxDB
This adds support for tracking metrics in InfluxDB, which in turn can be visualized using Grafana. For more information see #2936.
See merge request !2042
Revert vote buttons back to issue and MR pages
https://gitlab.com/gitlab-org/gitlab-ce/issues/3672
/cc @dzaporozhets @JobV
See merge request !2206
Douwe Maan
Tomasz Maczukin
Rémy Coutable
Gabriel Mazetto
Robert Speicher
Yorick Peterse
Dmitriy Zaporozhets
Rubén Dávila
Jacob Schatz
Robert Speicher
Grzegorz Bizon
Stan Hu
Zeger-Jan van de Weg
Drew Blessing
Robert Schilling
Tommy Beadle
Jacob Vosmaer
Jose Corcuera
Douglas Barbosa Alexandre
Douwe Maan
Valery Sizov
Steve Norman
Mike Wyatt
Valery Sizov
Rubén Dávila
Sytse Sijbrandij