940f900f1c
Change response for /ci/api/v1/builds/register.json from 404 to 204
2016-09-13 17:44:18 +02:00
2bdcef4d67
use a nil subject when we want to check global abilities
2016-08-30 11:39:22 -07:00
5853c96b49
remove Ability.abilities
2016-08-30 11:35:06 -07:00
99ee86206e
remove six, and use a Set instead
2016-08-30 11:32:55 -07:00
170885edd6
Add Sentry logging to API calls
...
Closes #21043
2016-08-24 12:09:51 -07:00
7c1b33b48f
Restore back-compatibility for current members API endpoints
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-08-10 19:07:05 +02:00
29850364ec
New AccessRequests API endpoints for Group & Project
...
Also, mutualize AccessRequests and Members endpoints for Group &
Project.
New API documentation for the AccessRequests endpoints.
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-08-10 19:07:05 +02:00
839aec1a61
Replace parse_boolean with to_boolean
2016-07-20 08:55:44 +02:00
54d26c89f6
API: Expose 'developers_can_push' for branches
2016-07-19 11:11:56 +02:00
2cf7f09b1e
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master'
""
...
This reverts commit 530f5158e2!4892 .
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-07-18 10:16:56 +02:00
530f5158e2
Revert "Merge branch '18193-developers-can-merge' into 'master'
"
...
This reverts commit 9ca633eb4cfb229bbf79
2016-07-13 13:57:30 -05:00
60245bbe22
Refactor `Gitlab::GitAccess`
...
1. Don't use case statements for dispatch anymore. This leads to a lot
of duplication, and makes the logic harder to follow.
2. Remove duplicated logic.
- For example, the `can_push_to_branch?` exists, but we also have a
different way of checking the same condition within `change_access_check`.
- This kind of duplication is removed, and the `can_push_to_branch?`
method is used in both places.
3. Move checks returning true/false to `UserAccess`.
- All public methods in `GitAccess` now return an instance of
`GitAccessStatus`. Previously, some methods would return
true/false as well, which was confusing.
- It makes sense for these kinds of checks to be at the level of a
user, so the `UserAccess` class was repurposed for this. The prior
`UserAccess.allowed?` classmethod is converted into an instance
method.
- All external uses of these checks have been migrated to use the
`UserAccess` class
4. Move the "change_access_check" into a separate class.
- Create the `GitAccess::ChangeAccessCheck` class to run these
checks, which are quite substantial.
- `ChangeAccessCheck` returns an instance of `GitAccessStatus` as
well.
5. Break out the boolean logic in `ChangeAccessCheck` into `if/else`
chains - this seems more readable.
6. I can understand that this might look like overkill for !4892 , but I
think this is a good opportunity to clean it up.
- http://martinfowler.com/bliki/OpportunisticRefactoring.html
2016-07-13 13:24:56 +05:30
7ee0898a9e
Implement @DouweM's feedback.
...
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
single "authenticate_from_private_token" method, both in the
application and API. Move relevant logic to
`User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
separate constant for personal access tokens since the param is the
same as for private tokens.
2016-06-16 08:24:13 +05:30
d0bcba1105
Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens
2016-06-14 09:06:53 +05:30
a85dde9182
Fix Error 500 when using closes_issues API with an external issue tracker
...
Closes #18484
2016-06-11 19:50:08 -07:00
701e2df7e5
Satisfy Rubocop
2016-06-10 12:29:15 +02:00
8c3ba8d6c9
Add workhorse controller and API helpers
2016-06-06 13:16:30 +02:00
ae0d8222af
Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens
2016-06-03 09:31:16 +05:30
013bccbd93
Enable Style/DefWithParentheses cop and fix single offense
2016-05-23 13:06:36 -04:00
f5a0ac0fc1
Codestyle: make sure we have space around operators
2016-05-13 04:46:56 -03:00
0c22698bd4
Add API endpoints for un/subscribing from/to a label
...
Closes #15638
2016-05-12 22:48:09 +02:00
d915e7d5ca
Reuse the private token param and header for personal access tokens.
...
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_11626427
- Personal access tokens are still a separate entity as far as the
codebase is concerned - they just happen to use the same entry point
as private tokens.
- Update tests and documentation to reflect this change
2016-05-11 10:16:23 +05:30
2e9742997d
Merge remote-tracking branch 'origin/master' into 2979-personal-access-tokens
2016-05-11 09:52:58 +05:30
c4b9bd0413
API support for the 'since' and 'until' operators on commit requests
...
- Parameter validation as ISO8601 format
2016-04-29 09:26:52 +02:00
b22a47c62e
Combine `API::Helpers::Core` and `API::Helpers::Authentication` back into `API::Helpers`
...
- Makes the MR easier to read; this can go in a separate MR
- This is a (sort of) revert of 99bea01
2016-04-28 22:28:36 +05:30
e8314ccca5
Refactor `API::Helpers` into `API::Helpers::Core` and `API::Helpers::Authentication`
2016-04-28 22:28:36 +05:30
94e130cec3
Merge branch 'api-star-project' into 'master'
...
API: Star and unstar a project
Add two new endpoints `POST /projects/:id/star` and `POST /projects/:id/unstar` to star and unstar a project.
* Closes #12739
See merge request !3578
2016-04-13 15:05:21 +00:00
54231aa4e0
Styling changes to code and docs
2016-04-13 16:25:24 +02:00
ea2193aaeb
API: Star and unstar a project
2016-04-13 14:26:40 +02:00
b2f48d8c46
API: Return 404 if user does not have access to group
2016-04-13 11:11:09 +02:00
1d77822816
minor improvements and fixed specs
2016-03-19 21:24:05 +01:00
c41a8be8d2
Fix add_pagination_headers to keep request parameters in Link header
2016-02-02 15:26:29 +01:00
95d2f0fb51
Fix CI runner version not being properly updated when asking for a build
...
Due to broken implementation of attribute_for_keys the runner information was not updated correctly.
This MR adds test to check that such scenario will never happen again.
2016-01-27 12:04:54 +01:00
11797df1af
Change 'public' flag to more robust 'visibility' query.
2016-01-19 09:57:00 -05:00
10669097fa
Add public params to GET /projects api. Closes #3788
2016-01-19 09:57:00 -05:00
1b08cd811a
Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ce into add-pagination-headers-to-api
2016-01-14 14:23:42 +01:00
154b8ceba4
Refactor build artifacts upload API endpoint
2016-01-14 12:48:17 +01:00
3183092ca9
Add pagination headers to already paginated API resources
2016-01-14 12:10:27 +01:00
e80e3f5372
Migrate CI::Project to Project
2015-12-11 18:02:09 +01:00
db3213fc1c
Use normal file upload mechanism to upload artifacts
2015-11-10 12:51:51 +01:00
445cdb7579
Move tmp artifacts to shared/artifacts/tmp/. Check for GitLab-Workhorse now
2015-11-10 12:51:51 +01:00
d0e3e823a2
Implement Build Artifacts
...
- Offloads uploading to GitLab Workhorse
- Use /authorize request for fast uploading
- Added backup recipes for artifacts
- Support download acceleration using X-Sendfile
2015-11-10 12:51:50 +01:00
3d613fe1e8
Fix API::APIHelpers -> API::Helpers;
...
Rails Autoload find file to require is use , APIHelpers -> api_helpers.rb, not helpers.rb;
2015-10-23 11:42:57 +08:00
59d0263bc8
Fix rubocop warnings in lib
2015-10-03 01:29:58 -05:00
22bf844869
fix specs. Stage 3
2015-09-15 13:50:24 +03:00
910bf96ec3
fix specs. Stage 2
2015-09-14 18:14:17 +03:00
263abda3fd
Drone CI service
2015-09-02 05:52:16 +03:00
ed3298fc01
Allow to configure gitlab_shell_secret location
2015-05-16 21:46:06 +02:00
2c544d43c8
Query issues, merge requests and milestones with their IID through API
2015-05-02 10:44:52 +02:00
6ec8ff069c
Enable more rubocop style checks
2015-03-24 18:28:10 -07:00
ad0ca0499a
Merge branch 'master' into fix-restricted-visibility
...
Conflicts:
db/schema.rb
2015-03-14 10:49:11 -06:00
285c534185
Allow admins to override restricted visibility
...
Allow admins to use restricted visibility levels when creating or
updating projects.
2015-03-08 16:10:05 -06:00
9f089ac48c
use constant-time string compare for internal api authentication
...
Ruby str_equal uses memcmp internally to compare String.
Memcmp is vunerable to timing attacks because it returns early
on mismatch (on most x32 platforms memcmp uses a bytewise comparision).
Devise.secure_compare implements a constant time comparision instead.
2015-03-06 20:06:26 +01:00
558dd81197
Improve broadcast message API
2015-02-18 14:58:20 -08:00
b0dacc8eb0
Edit group members via API
...
Add an API endpoint to update the access level of an existing group
member.
2015-02-11 18:53:07 -07:00
bdfb349ff7
Refactor and improve sorting objects in API for projects, issues and merge requests
2015-02-05 22:00:54 -08:00
dc9bf32420
Merge pull request #8723 from jubianchi/api-groups-path
...
Access groups using path
2015-02-03 10:57:27 -08:00
4e97f26649
Acces groups with their path in API
2015-02-03 13:42:38 +01:00
e890582681
Rubocop enabled for: Use spaces inside hash literal braces
2015-02-02 20:36:54 -08:00
7fa80b5bd0
Update branch api not found messages to 'Branch not found'.
2014-12-30 13:37:14 +01:00
e41dadcb33
Doorkeeper integration
2014-12-24 15:38:07 +02:00
b5763e91cd
add gitlab-shell identification
2014-10-15 20:03:25 +03:00
2e9f5de868
Add parenthesis to function def with arguments.
2014-10-03 09:18:46 +02:00
998cd3cb63
Improve error reporting on users API
...
* users (#6878 , #3526 , #4209 ): Validation error messages are now exposed through 400 responses, 409 response are sent in case of duplicate email or username
* MRs (#5335 ): 409 responses are sent in case of duplicate merge request (source/target branches), 422 responses are sent when submiting MR fo/from unrelated forks
* issues
* labels
* projects
2014-09-16 01:25:24 +02:00
7ad93ab250
Improve labels validation and expose error messages
2014-08-20 12:09:19 +02:00
cbc90565b5
Do label validation for issues/merge requests API
2014-08-14 10:17:52 +02:00
37c4ba6f8d
Add an option to GET /projects in the GitLab API to exclude archived projects
2014-07-28 12:48:13 -04:00
8fee5a0572
Make app works with strong params
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-26 23:24:17 +03:00
a7be3dfa30
Remove set of thread variables
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-10 17:51:49 +03:00
02b85fd236
Check user access status in API for current_user
2014-05-15 10:22:59 +02:00
33a00ceeea
Create branch via API
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-01 10:39:53 +03:00
046fa9bdb1
Merge pull request #5469 from NARKOZ/api-pagination-headers
...
add 'Link' header for API response
2014-03-31 13:46:57 +03:00
a9f2903e86
Change project lookup order for api
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-14 15:58:52 +02:00
a3f645ef51
Remove deprecated finders
2014-01-19 23:39:56 +04:00
9d79d6e152
Make sure private_token for API is a string
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-11-08 18:49:38 +02:00
0678b8a426
add 'Link' header for API response
2013-10-29 13:41:20 +04:00
03dba1fd42
Merge pull request #5344 from amacarthur/thread-variable-fix
...
Fixing unsafe use of Thread.current variable :current_user
2013-10-16 23:30:44 -07:00
12420a2256
refactor by_username_or_id
2013-10-16 22:31:46 +05:00
e09cc195a7
fix variable name
2013-10-16 22:28:39 +05:00
aefe2e952f
Fixing unsafe use of Thread.current variable :current_user
2013-10-16 01:20:53 -04:00
836104b41a
Merge pull request #5213 from bladealslayer/feature/user_api_extended
...
Extended User API to expose admin and can_create_group for user creation...
2013-09-29 23:03:46 -07:00
726fa6c76a
Respect authorization in Repository API
...
* dont allow protect/unprotect branches for users without master permissions
* dont allow access to Repository api for guests
2013-09-29 16:04:57 +03:00
479631aafc
Extended User API to expose admin and can_create_group for user creation/updating.
...
Also, is_admin and can_create_group are exposed in the user information.
Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false).
2013-09-29 11:47:29 +03:00
7a56075efa
Some of the requested updates, rebase on master
...
Change-Id: I305266fe9acbbb5136adeeb52e7e4e1d6629a30a
2013-09-09 12:04:38 -04:00
e86e881832
API: admin users can sudo commands as other users
...
-Specifying a header of SUDO or adding a :sudo with either user id, or username of the user will set the current_user to be that user if your identifying private_token/PRIVATE_TOKEN is an administrator token
2013-09-09 12:04:38 -04:00
ea5a006f27
Additon of apis for fork administration.
...
Added ability to add and remove the forked from/to relatioinship
between existing repos.
2013-07-08 17:34:00 -04:00
634cbd7138
Refactor API classes. So api classes like Gitlab::Issues become API::Issues
2013-05-14 15:33:31 +03:00
7499f65014
API: extracted helper method to validate required parameters, code clean up
...
Added a helper method to check if required parameters are given in an API call. Can be used
to return a `400 Bad Request` return code if a required attribute is missing.
Code clean up and fixed tests.
2013-02-27 17:50:30 +01:00
6fc3263e15
API: extracted helper method to provide 400 bad request error with description
...
Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of
the missing attribute is used to show which one was missing from the request. It is used to
give an appropriate message in the json response.
2013-02-13 15:48:52 +01:00
439d03bbed
Fix namespace api autocomplete
2012-12-12 12:54:28 +02:00
c50ec72b52
Deprecate code for Project. Use title and path
2012-11-23 21:11:09 +03:00
e7608cd6f9
API: private token via header
2012-10-02 18:43:35 +03:00
2e1c3c52bc
#1606 Fixes
2012-10-02 18:08:04 +03:00
e9c356092b
#1606 API private token via the header
2012-10-02 18:02:21 +03:00
825081174a
#1585 Api for user creation: base implementation
2012-10-02 12:46:01 +03:00
10d3a30b25
APi for commits. Better api docs
2012-09-21 13:22:30 +03:00
b896880eb4
Method name changed
2012-09-16 20:08:57 +03:00
549c4c2202
API attributes refactored
2012-09-16 19:51:04 +03:00
a065557208
Common errors method added
2012-09-10 13:49:00 +03:00
915dac0055
Error throwing moved to api_helper
2012-09-10 10:41:46 +03:00
b565f33472
Auth for API
2012-09-10 09:06:11 +03:00
76e4d94d43
add pagination to API
2012-09-03 04:46:29 -07:00
cb32e0320a
return 404 if project not found
2012-07-25 05:24:28 -07:00
1b95c8bff3
API: ability to get project by id
2012-07-25 02:18:30 -07:00
0f604e62fb
refactor projects API
2012-07-06 06:36:43 -07:00
1d2c981860
return errors in json format
2012-06-29 03:52:20 -07:00
4ad91d3c11
add users API
2012-06-28 03:43:41 -07:00
Tomasz Maczukin
http://jneen.net/
Stan Hu
Rémy Coutable
Robert Schilling
Robert Speicher
Timothy Andrew
Douwe Maan
Gabriel Mazetto
Ahmad Sherif
Paco Guzman
Zeger-Jan van de Weg
Michi302
Kamil Trzcinski
Josh Frye
Grzegorz Bizon
Jason Lee
Guilherme Garnier
Valery Sizov
Kirilll Zaitsev
Jakub Jirutka
jubianchi
Dmitriy Zaporozhets
Vinnie Okada
Jörg Thalheim
Marin Jankovski
Valery Sizov
Ciro Santilli
Sasha Joseph
Jacob Vosmaer
skv
Nihad Abbasov
Angus MacArthur
Boyan Tabakov
Izaak Alpert
Izaak Alpert
Sebastian Ziebell
Dmitriy Zaporozhets
Alex Denisov