root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
114,628 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

102 Commits

Author SHA1 Message Date
Brian Neel 9770c57fab Re-enable SqlInjection and CommandInjection 2017-08-08 10:50:54 -04:00
Dmitriy Zaporozhets 6b8ad689da
Update grape gem 
New version of the gem returns 200 status code on delete with content
instead of 204 so we explicitly set status code to keep existing
behavior

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2017-07-20 16:33:18 +03:00
Grzegorz Bizon 0430b76441 Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
blackst0ne 11aff97d88 Remove the User#is_admin? method 2017-04-09 13:20:57 +11:00
Toon Claes add5cd996f API: Make the /notes endpoint work with noteable iid instead of id 
In API V4 all endpoints were changed so Merge Requests and Issues
should be referred by iid, instead of id. Except the /notes endpoint
was forgotten. So change the endpoints from:

- /projects/:id/issues/:issue_id/notes
- /projects/:id/merge_requests/:merge_request_id/notes

To:

- /projects/:id/issues/:issue_iid/notes
- /projects/:id/merge_requests/:merge_request_iid/notes

For Project Snippets nothing changes.
 2017-03-27 15:29:37 +02:00
Rémy Coutable 63360adeae
Add `requirements: { id: %r{[^/]+} }` for all projects and groups namespaced API routes 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-03-16 18:00:24 +01:00
Robert Schilling 86c58687b2 Return 204 for delete endpoints 2017-02-28 08:32:38 +01:00
Douwe Maan 1fe7501b49 Revert "Prefer leading style for Style/DotPosition" 
This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
 2017-02-23 09:33:05 -06:00
Douwe Maan 206953a430 Prefer leading style for Style/DotPosition 2017-02-23 09:32:22 -06:00
Douwe Maan 7ea641b6d0 Enable Style/ColonMethodCall 2017-02-23 09:31:57 -06:00
Douwe Maan b7d8df503c Enable Style/MutableConstant 2017-02-23 09:31:56 -06:00
dixpac 0dacf3c169 Fix inconsistent naming for services that delete things 
* Changed name of delete_user_service and worker to destroy
* Move and change delete_group_service to Groups::DestroyService
* Rename Notes::DeleteService to Notes::DestroyService
 2017-02-08 09:16:43 +01:00
Robert Speicher a1f959430b Merge branch 'fix-guest-access-posting-to-notes' into 'security' 
Prevent users from creating notes on resources they can't access

See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2054
 2017-01-23 13:54:52 -05:00
Robert Schilling 2ac92662ea Parameter already enforced via grape 2016-12-28 12:40:39 +01:00
Robert Schilling 74c8669b0a Use the pagination helper in the API 2016-12-04 18:11:19 +01:00
Robert Schilling 5703d6afee Grapify the notes API 2016-11-15 16:28:11 +01:00
Z.J. van de Weg cf00fbecc5 Fix API notes endpoint when posting only emoji 2016-09-16 16:28:53 +02:00
Z.J. van de Weg 34558315d9 Sort API endpoints and implement feedback 2016-06-17 20:08:16 +02:00
Felipe Artur 5bf49bb63d Move note helper method to notes entity file 2016-05-17 21:41:53 -05:00
Felipe Artur c9be74e247 Fix single note api request 2016-05-16 16:43:19 -03:00
Felipe Artur 93ca5c9964 Fix notes API calls symbol convertions 2016-05-10 16:06:02 -03:00
Felipe Artur e56e3cdc62 Fix api leaking notes when user is not authorized to read noteable 2016-05-09 19:35:37 -03:00
Michael Greene c1467f5d97 Allow back dating notes on creation 2016-04-13 12:04:09 -05:00
Robert Schilling dc39c8372d Adapt tests to new testing guidelines 2016-04-12 15:43:29 +02:00
Robert Schilling 9aefaa41ab Fix code review issues 2016-04-12 14:24:05 +02:00
Robert Schilling ba21c00f01 Delete notes via API 2016-04-12 14:24:05 +02:00
Rémy Coutable 0c10aee596 Ensure the API doesn't return notes that the current user shouldn't see 2016-01-13 19:42:36 +01:00
Douwe Maan 36bd6c8494 Show who last edited a comment if it wasn't the original author 2015-07-30 14:45:54 +02:00
Marin Jankovski cd0aed3d54 Add a message when unable to save an object through api. 2015-01-07 10:46:00 +01:00
Marin Jankovski 7240150c89 Forward the messages in api response. 2014-12-30 15:17:46 +01:00
uran 1fbc010241 Implemented notes (body) patching in API. 2014-12-25 14:28:40 +02:00
Dmitriy Zaporozhets 85333f093b
Fix notes creation via API 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-18 09:26:04 +03:00
Dmitriy Zaporozhets 1355ede49d
Wipe wall notes feature 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-13 14:24:54 +03:00
Dmitriy Zaporozhets f8ea52c3a0
Remove thread vars usage from API notes and mr's 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-06-10 17:56:35 +03:00
Angus MacArthur aefe2e952f Fixing unsafe use of Thread.current variable :current_user 2013-10-16 01:20:53 -04:00
Dmitriy Zaporozhets 634cbd7138 Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 15:33:31 +03:00
Dmitriy Zaporozhets 4d378f3c9a load notes for wall via api 2013-03-19 12:35:55 +02:00
Sebastian Ziebell d269d107d8 API: fixed adding a note 
Now the correct attribute is checked if it's available or not. Also fixed a test.
 2013-02-27 18:12:02 +01:00
Sebastian Ziebell 7499f65014 API: extracted helper method to validate required parameters, code clean up 
Added a helper method to check if required parameters are given in an API call. Can be used
to return a `400 Bad Request` return code if a required attribute is missing.
Code clean up and fixed tests.
 2013-02-27 17:50:30 +01:00
Sebastian Ziebell 33c1463645 API: fixes return codes for notes, documentation updated 
The notes API documentation updated with return codes. API now returns `400 Bad Request` if
required attributes are not present. Return codes are documented now, also tested in added tests.
The documentation now reflects the current state of the API.
 2013-02-20 22:17:05 +01:00
Sebastian Ziebell 6fc3263e15 API: extracted helper method to provide 400 bad request error with description 
Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of
the missing attribute is used to show which one was missing from the request. It is used to
give an appropriate message in the json response.
 2013-02-13 15:48:52 +01:00
Sebastian Ziebell 8045a81bcf Merge branch 'master' into fixes/api 2013-02-08 10:32:42 +01:00
Sebastian Ziebell bb24275f8d Status code 400 is returned if body is missing on note creation. 
If a note is created with a POST request via API (`/projects/:id/notes`) status
code 400 is returned instead of 404. The resource itself exists but the request
is incomplete. Specs added to check different status codes when accessing, creating
and updating notes.
 2013-02-06 17:11:00 +01:00
Micah Huff 1694dc8fe2 Expose MergeRequest object as a notable in the API to allow for easy retrieval of comments 2013-01-29 21:15:13 -08:00
Dmitriy Zaporozhets afbdbb0c95 Rspec fixes 2013-01-04 18:50:31 +02:00
Riyad Preukschas 8f01190eb5 Remove all references tp the project code parameter from the API 2012-12-21 18:47:04 +01:00
Nihad Abbasov 270a43370a API: get a single wall note 2012-12-01 02:20:45 -08:00
Nihad Abbasov ee6187bd55 API: ability to create a wall note 2012-11-29 15:52:56 -08:00
Nihad Abbasov c946bf886c API: create new notes 2012-11-29 12:11:00 -08:00
Nihad Abbasov 1c5aa848ce API: get a single note 2012-11-29 12:11:00 -08:00
Nihad Abbasov 9a4974b760 correct example 2012-11-29 12:11:00 -08:00
Nihad Abbasov 01eab583d0 API: list wall, snippet and issue notes 2012-11-29 12:11:00 -08:00