root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
65,072 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

222 Commits

Author SHA1 Message Date
Tomasz Maczukin 97f966c445
Introduce :read_namespace access policy for namespace and group 2017-11-23 17:44:05 +01:00
Tomasz Maczukin dfbfd3c7d7
Allow request namespace by ID or path 2017-11-23 17:44:05 +01:00
Francisco Lopez 1436598e49 Moved Exceptions to Gitlab::Auth 2017-11-17 10:02:11 +01:00
Francisco Lopez aa84ef1e1a Moving exceptions to UserAuthFinders 2017-11-17 10:02:11 +01:00
Travis Miller 1162d89ac4 Add administrative endpoint to list all pages domains 2017-11-13 16:05:44 +00:00
Markus Koller 6902848a9c
Support custom attributes on projects 2017-11-06 10:51:46 +01:00
Douwe Maan b7c8f7d76d Update specs for sudo behavior 2017-11-02 11:39:03 +01:00
Douwe Maan 3f24f9ed18 Add sudo API scope 2017-11-02 11:39:03 +01:00
Travis Miller 8d1ab256bf Add pages domains API implementation 2017-10-22 08:04:43 -05:00
Douwe Maan 025c6eeaa1 Move all API authentication code to APIGuard 2017-10-12 11:13:37 +02:00
Alejandro Rodríguez 60a35e4230 Send API parameters as extra data for sentry errors 2017-10-05 18:31:34 -03:00
Rémy Coutable 3040b994df
Ensure no exception is raised when Raven tries to get the current user in API context 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-09-29 18:57:22 +02:00
Douwe Maan b6c5a73c0b Make sure API responds with 401 when invalid authentication info is provided 2017-09-28 14:17:52 +02:00
Ruben Davila 62bb6235c2 Make Members with Owner and Master roles always able to create subgroups 2017-09-07 13:47:58 -05:00
Grzegorz Bizon 8ed0a05107 Merge branch 'wiki_api' into 'master' 
Add API support for wiki pages

Closes #12747

See merge request !13372
 2017-09-07 10:38:03 +00:00
blackst0ne 2915bb2707 Add API support for wiki pages 2017-09-07 09:21:52 +11:00
Grzegorz Bizon c922fb4b68 Respond with a bad request if artifact path is invalid 2017-09-06 11:31:08 +02:00
Grzegorz Bizon 80b3dcc777 Extract job artifacts API code to a separate file 2017-09-06 11:20:12 +02:00
Grzegorz Bizon dfb8fcbb65 Use API helper to send artifact file through Workhorse 2017-09-05 11:16:49 +02:00
Sean McGivern b9d8946395 Don't use public_send in destroy_conditionally! helper 
As we only override in two places, we could just ask for the value rather than
the method name.
 2017-08-30 14:32:02 +01:00
Robert Schilling dcd4ea473c Update remaining endpoints 2017-08-28 17:10:30 +02:00
Robert Schilling e80313f9ee Conditionally destroy a ressource 2017-08-28 16:40:25 +02:00
Robert Schilling 998afa5f74 API: Respect the 'If-Unmodified-Since' for delete endpoints 2017-08-28 16:40:25 +02:00
Zeger-Jan van de Weg dc8e1676cd
Upgrade grape to 1.0 
Main feature was the deprication of the Hashie stuff, so the access by
calling keys as method is gone now.
 2017-08-16 22:06:31 +02:00
Lin Jen-Shin 4f0fa13eb8 Show error message for API 500 error in tests, and 
document have_gitlab_http_status
 2017-08-11 20:50:35 +08:00
Douwe Maan 14644d40e0 Do not validate CSRF token in API unless needed 2017-08-02 18:20:31 +02:00
Douwe Maan dcf4a2e83c Rescue only from ActionController::InvalidAuthenticityToken 2017-07-26 11:25:10 +02:00
blackst0ne cc3a82bc8b Add `rescue false`. 2017-07-26 11:05:44 +02:00
blackst0ne 8ce8b21f67 Refactor CSRF protection 2017-07-26 11:05:44 +02:00
blackst0ne 2902235099 Add CSRF token verification to API 2017-07-26 11:05:44 +02:00
Felipe Artur c5c9dce270 Add group milestones API endpoint 2017-07-21 11:00:00 -03:00
vanadium23 8d44d5142a Add user projects API 2017-07-06 08:04:54 +03:00
Timothy Andrew 4dbfa14e16 Implement review comments from @dbalexandre for !12300. 2017-06-28 07:17:13 +00:00
Timothy Andrew d774825f98 When verifying scopes, manually include scopes from `API::API`. 
- They are not included automatically since `API::Users` does not inherit from
  `API::API`, as I initially assumed.

- Scopes declared in `API::API` are considered global (to the API), and need to
  be included in all cases.
 2017-06-28 07:17:13 +00:00
Timothy Andrew 80c1ebaa83 Allow API scope declarations to be applied conditionally. 
- Scope declarations of the form:

    allow_access_with_scope :read_user, if: -> (request) { request.get? }

  will only apply for `GET` requests

- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
  test for this case in the `AccessTokenValidationService` unit tests.
 2017-06-28 07:17:13 +00:00
Timothy Andrew 6f1922500b Initial attempt at refactoring API scope declarations. 
- Declaring an endpoint's scopes in a `before` block has proved to be
  unreliable. For example, if we're accessing the `API::Users` endpoint - code
  in a `before` block in `API::API` wouldn't be able to see the scopes set in
  `API::Users` since the `API::API` `before` block runs first.

- This commit moves these declarations to the class level, since they don't need
  to change once set.
 2017-06-28 07:17:13 +00:00
Rémy Coutable 4cfa5ce4a9
Enable the Style/PreferredHashMethods cop 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-02 19:11:26 +02:00
Kamil Trzcinski 6185d12c18 Add missing specs 2017-06-01 16:34:48 +02:00
Toon Claes db679788e4 Add :owned param to ProjectFinder 
And use it in the API.
 2017-05-30 22:45:59 +02:00
Toon Claes 0f0b9a8466 Use helper to construct Finder params 
The ProjectsFinder and GroupFinder both support the same set of params. And the
`/api/v4/projects` and `/api/v4/group/:id/projects` also support the same set of
params. But they do not match the Finder params. So use a helper method to
transform them.
 2017-05-30 22:45:59 +02:00
Toon Claes a1deed629e Use ProjectFinder to filter the projects 
Instead of trying to do the heavy lifting in the API itself, use the existing
features of the ProjectFinder.
 2017-05-30 22:45:59 +02:00
Toon Claes 07fc79e7c5 Handle `membership` in ProjectFinder 
The ProjectFinder supports the `non_public` parameter. This can be used to find
only projects the user is member of.
 2017-05-30 22:45:59 +02:00
Robert Speicher cb2f739d48 Merge branch '27144-enforce-rubocop-trailing_commas-no_comma-style' into 'master' 
Resolve "Use consistent style for trailing commas"

Closes #27144

See merge request !11063
 2017-05-10 21:43:34 +00:00
Rémy Coutable 3db37e0562 Enable the Style/TrailingCommaInArguments cop 
Use the EnforcedStyleForMultiline: no_comma option.

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-05-10 18:25:45 +02:00
Bob Van Landuyt ebd8b7f60f Use new SnippetsFinder signature in API 2017-05-10 16:48:18 +02:00
Timothy Andrew 4dfdef2ddf Allow admins to sudo to blocked users. 
- Currently, (for example) admins can't delete snippets for blocked users, which
  is an unexpected limitation.

- We modify `authenticate!` to conduct the `access_api` policy check against the
  `initial_current_user`, instead of the user being impersonated.

- Update CHANGELOG for !10842
 2017-04-26 08:00:19 +00:00
blackst0ne 11aff97d88 Remove the User#is_admin? method 2017-04-09 13:20:57 +11:00
Toon Claes add5cd996f API: Make the /notes endpoint work with noteable iid instead of id 
In API V4 all endpoints were changed so Merge Requests and Issues
should be referred by iid, instead of id. Except the /notes endpoint
was forgotten. So change the endpoints from:

- /projects/:id/issues/:issue_id/notes
- /projects/:id/merge_requests/:merge_request_id/notes

To:

- /projects/:id/issues/:issue_iid/notes
- /projects/:id/merge_requests/:merge_request_iid/notes

For Project Snippets nothing changes.
 2017-03-27 15:29:37 +02:00
http://jneen.net/ 0ea04cc5bf use the policy stack to protect logins 2017-03-09 11:49:52 -08:00
http://jneen.net/ 846e581732 use a magic default :global symbol instead of nil 
to make sure we mean the global permissions
 2017-03-09 11:49:52 -08:00