Public projects listed in the public section will be linked to the
actual project's page. Public projects now give any user Guest
permissions to the project, allowing them to download the code, read
and create issues, and view anything else in the project's pages.
Ample access tests have been added to the project_access_spec to
verify correct permissions and behavior on public projects.
- Visitors to the site who are not logged in still cannot view the
project's pages.
- Logged-in users visiting a public project where they are not a team
member can create issues, but not snippets. They can view the projects
code, issues, merge requests, etc, just as if they were a Guest member
of the project.
- Since this is a public project, the user is also granted :download_code
permissions, a permission normally reserved for Reporters, since they
can clone the repo anyways and browse commits and branches locally.
When signing in with SSO, if the default behaviour of gitlab is to block SSO user, the only message the people will get is 'Your account was blocked'
They should get the idea this might be only temporary and not because of a technical problem
* Move is_assigned? and is_being_xx? methods to IssueCommonality
This is behavior merge requests have in common with issues. Moved
methods to IssueCommonality role. Put specs directly into
merge_request_spec because setup differs for issues and MRs
specifically in the "closed" factory to use.
* Add MergeRequestObserver. Parallels IssueObserver in almost every way.
Ripe for refactoring.
* Rename MailerObserver to NoteObserver
With merge request observing moved out of MailerObserver, all that
was left was Note logic. Renamed to NoteObserver, added tests and
updated application config for new observer names. Refactored
NoteObserver to use the note's author and not rely on current_user.
* Set current_user for MergeRequestObserver
IssueObserver and MergeRequestObserver are the only observers that
need a reference to the current_user that they cannot look up on
the objects they are observing.
Because of the way ExtractPaths works, `params[:format]` wouldn't
necessarily be available at the time this filter was running, and so it
would erroneously redirect to `new_user_session_path`
Dmitriy Zaporozhets
Jean-Luc Geering
Peter LeFanu Lumsdaine
Stephen Lottermoser
Christian Simon
Andrew8xx8
Andrey Kumanyaev
Tanguy Herrmann
Riyad Preukschas
Robb Kidd
Cyril
Robert Speicher
Nihad Abbasov