root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
12,304 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

130 Commits

Author SHA1 Message Date
Dmitriy Zaporozhets 1657750a6a Merge pull request #8028 from cirosantilli/rm-dev-tools 
Remove unused dev_tools helper.
 2014-10-21 11:55:36 +03:00
Dmitriy Zaporozhets 8ad9a75f88 Merge pull request #8030 from cirosantilli/factor-authorize 
Factor authorize_push! and authorize_code_access!
 2014-10-21 11:43:12 +03:00
Ciro Santilli 9e1b97ad99 Use @project on controllers, don't call method 
Also memoize the method to ensure that other methods in
ApplicationController that rely on it can call it efficiently.
 2014-10-19 23:36:23 +02:00
Ciro Santilli 4d0d5e79ba Factor authorize_push! and authorize_code_access! 
with existing method_missing. Pattern already used extensively,
so let's be consistent and use it everywhere.
 2014-10-13 21:31:49 +02:00
Ciro Santilli c278520f9b Remove unused dev_tools helper. 2014-10-13 21:21:58 +02:00
Dmitriy Zaporozhets f815115de6
Protect from forgery with exception 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-10-06 16:18:25 +03:00
Ciro Santilli 2e9f5de868 Add parenthesis to function def with arguments. 2014-10-03 09:18:46 +02:00
Jacob Vosmaer 669682686e Move LDAP timeout code to Gitlab::LDAP::Access 2014-08-06 18:03:01 +02:00
Marin Jankovski 07b9d80604 Use devise stored_location to redirect after signing for both public and private pages. 2014-07-11 19:53:10 +02:00
Marin Jankovski 55efb2d9f2 Revert "Merge branch 'redirect_after_login' into 'master'" 
This reverts commit 5aaa35656e, reversing
changes made to 5b8c176767.
 2014-07-11 19:53:10 +02:00
Marin Jankovski 60cc1d8e92 Override strong params for sign up. 2014-07-10 19:31:05 +02:00
Marin Jankovski 108be8a666 Update to accomodate devise deprecations and backward incompatible changes. 2014-07-10 13:56:35 +02:00
Marin Jankovski 1e3fce1a82 Check for the correct param for token. 2014-07-10 13:10:37 +02:00
Marin Jankovski 4024aa8e81 Try to keep token authenticable compatibility 2014-07-09 14:42:25 +02:00
Marin Jankovski 26d1bd7c2a Set return url as param. 2014-06-19 14:20:25 +02:00
Marin Jankovski a1eb1ad168 Redirect back to current page after sign in. 2014-06-19 11:24:59 +02:00
Dmitriy Zaporozhets ae564c97d4
Dont expose user email via API 
To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-13 17:46:48 +03:00
Dmitriy Zaporozhets a7be3dfa30
Remove set of thread variables 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-10 17:51:49 +03:00
Dmitriy Zaporozhets d95d56f0b9
Add current_user_id to gon vars 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-04 18:07:15 +03:00
Drew Blessing 5f25cdfe19 Implement Merge Request Labels 2014-05-13 06:41:36 -05:00
Dmitriy Zaporozhets 84d17f7965
Skip require email for devise controllers 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-04-07 14:32:59 +03:00
Dmitriy Zaporozhets a73df4f72d
Allow oauth signup without email 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-04-07 14:09:29 +03:00
Jacob Vosmaer 48e9054056 Open/close LDAP in ApplicationController 
By opening the LDAP connection at the controller level we can reuse it
for all LDAP queries during the request.
 2014-03-14 09:03:49 +01:00
Dmitriy Zaporozhets c6d39a14d6
Add User#requires_ldap_check? method 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-11 10:24:07 +02:00
Dmitriy Zaporozhets e57e1e04e3
Remove non-exist method from ldap security check 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-11 09:15:04 +02:00
Dmitriy Zaporozhets b1ff8e31b1
Add ldap check in application_controller and internal api 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-10 17:10:23 +02:00
Dmitriy Zaporozhets a9280de11f
Better redirect for edit blod from MergeRequest 
If you cancel edit you will be redirected back to merge request
If you submit changes you will be redirected back to merge request

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-26 14:06:31 +02:00
Dmitriy Zaporozhets 2171bbcd6e
Update rack profiler 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-25 17:41:56 +02:00
Ciro Santillli 439a61783d User can leave group from group page. 2014-02-12 15:52:53 +01:00
Dmitriy Zaporozhets 348e44ef06
Dont use avatars for user select if avatar is disabled 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-02-11 15:49:39 +02:00
Dmitriy Zaporozhets 0c637acb69
Add login and remember_me to devise permit list 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-01-14 20:28:41 +02:00
Marin Jankovski 8a0bfa4998 Do not include subtomains in STS header. 2014-01-03 16:02:57 +01:00
Marin Jankovski 94c96cd445 HTTP headers protect against MIME-sniffing, force https if enabled. 2013-12-30 09:41:05 +01:00
xyb 498ec08da3 Force IE use latest engine to render. 2013-12-27 19:38:29 +08:00
Dmitriy Zaporozhets f088c867a4
Fix signup for rails4 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-12-10 13:35:10 +02:00
Dmitriy Zaporozhets b3c1d0d8df Added allow_blank to model validations 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-12-10 12:11:27 +02:00
Jason Hollingsworth c099074fcc Fix 404 on project page for unauthenticated user 
Eliminate a 404 error when user is not logged in and attempts to visit
a project page.

The 404 page will still show up when user is logged in and the project
doesn’t exist or the user doesn’t have access.
 2013-12-04 13:10:20 -06:00
Dmitriy Zaporozhets da10cad1da
Drop rjs from Issues#index 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-11-29 15:05:32 +02:00
Dmitriy Zaporozhets 33aea41708
Drop rjs from Infinite scrolling 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-11-28 11:38:20 +02:00
Jason Hollingsworth d9bb4230cc Adding authenticated public mode (internal). 
Added visibility_level icons to project view (rather than just text).
Added public projects to search results.
Added ability to restrict visibility levels standard users can set.
 2013-11-26 22:22:07 -06:00
Angus MacArthur aefe2e952f Fixing unsafe use of Thread.current variable :current_user 2013-10-16 01:20:53 -04:00
Dmitriy Zaporozhets 3cbfb1ee7c Remove .git from project url end redirect 
Ex. redirect from
  localhost/group/project.git
to
  localhost/group/project

It used to prevent 404 error when follow submodule http link
like http://localhost/group/project.git
 2013-10-14 13:27:39 +03:00
Izaak Alpert ca1b67ce38 Don't show users password change page if ldap users 2013-09-17 22:38:08 -04:00
Dmitriy Zaporozhets 17af835387 Add event filter for group and project show pages 2013-08-26 16:30:03 +03:00
Dmitriy Zaporozhets fb492386c5 Fix accidentally removed class name 2013-08-21 12:33:12 +03:00
Dmitriy Zaporozhets fd1661468f Remove can_create_team code from user 2013-08-21 12:31:47 +03:00
Dmitriy Zaporozhets 9ea5766c35 Improve permissions on tags/branches 2013-07-17 08:26:00 +03:00
Dmitriy Zaporozhets b3ef63a0a5 Migrate global project taks. Removed more teams related functionality 2013-06-19 19:48:48 +03:00
Dmitriy Zaporozhets fbf6989903 Force admin to change password after first sign-in 2013-06-13 20:06:33 +03:00
Dmitriy Zaporozhets 94be732026 Add password_expires_at to users table 2013-06-13 20:01:35 +03:00