diff --git a/CHANGELOG b/CHANGELOG index 2718a5d268b..72f2642727a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,7 @@ v 6.8.0 - Fix popen bug in `rake gitlab:satellites:create` - Disable connection reaping for MySQL - Allow oauth signup without email for twitter and github + - Fix faulty namespace names that caused 500 on user creation - Option to disable standard login v 6.7.3 diff --git a/Procfile b/Procfile index 18df7e78f9b..7ca70960502 100644 --- a/Procfile +++ b/Procfile @@ -1,2 +1,2 @@ -web: bundle exec unicorn_rails -p $PORT -E development -c config/unicorn_development.rb +web: bundle exec unicorn_rails -p ${PORT} -E ${RAILS_ENV} -c ${UNICORN_CONFIG:="config/unicorn.rb"} worker: bundle exec sidekiq -q post_receive,mailer,system_hook,project_web_hook,common,default,gitlab_shell diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index d6402dd217d..872b9500130 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -216,7 +216,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController end def allowed_to_merge? - allowed_to_push_code?(project) + allowed_to_push_code?(project, @merge_request.target_branch) end def invalid_mr @@ -225,17 +225,17 @@ class Projects::MergeRequestsController < Projects::ApplicationController end def allowed_to_remove_source_branch? - allowed_to_push_code?(@merge_request.source_project) && + allowed_to_push_code?(@merge_request.source_project, @merge_request.source_branch) && !@merge_request.disallow_source_branch_removal? end - def allowed_to_push_code?(project) - action = if project.protected_branch?(@merge_request.target_branch) + def allowed_to_push_code?(project, branch) + action = if project.protected_branch?(branch) :push_code_to_protected_branches else :push_code end - can?(current_user, action, @project) + can?(current_user, action, project) end end diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 0decc7782ee..1ec76dbd39a 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -210,7 +210,7 @@ class MergeRequest < ActiveRecord::Base end def disallow_source_branch_removal? - (source_project.root_ref? source_branch) || for_fork? + source_project.root_ref?(source_branch) || source_project.protected_branches.include?(source_branch) end def project diff --git a/app/views/devise/sessions/_oauth_providers.html.haml b/app/views/devise/sessions/_oauth_providers.html.haml index f4556eea4a2..935bc6af505 100644 --- a/app/views/devise/sessions/_oauth_providers.html.haml +++ b/app/views/devise/sessions/_oauth_providers.html.haml @@ -2,7 +2,7 @@ - if providers.present? %hr %div{:'data-no-turbolink' => 'data-no-turbolink'} - %span Sign in with*:   + %span Sign in with:   - providers.each do |provider| %span - if default_providers.include?(provider) diff --git a/app/views/projects/notes/_discussion.html.haml b/app/views/projects/notes/_discussion.html.haml index 9b1f4d77587..78793eb860f 100644 --- a/app/views/projects/notes/_discussion.html.haml +++ b/app/views/projects/notes/_discussion.html.haml @@ -1,13 +1,10 @@ - note = discussion_notes.first -.discussion.js-details-container.js-toggler-container.open{ class: note.discussion_id } +.discussion.js-toggle-container{ class: note.discussion_id } .discussion-header .discussion-actions - = link_to "javascript:;", class: "js-details-target turn-on js-toggler-target" do - %i.icon-eye-close - Hide discussion - = link_to "javascript:;", class: "js-details-target turn-off js-toggler-target" do - %i.icon-eye-open - Show discussion + = link_to "#", class: "js-toggle-button" do + %i.icon-chevron-up + Show/hide discussion = image_tag avatar_icon(note.author_email), class: "avatar s32" %div = link_to_member(@project, note.author, avatar: false) @@ -33,7 +30,7 @@ = link_to_member(@project, last_note.author, avatar: false) %span.discussion-last-update #{time_ago_with_tooltip(last_note.updated_at, 'bottom', 'discussion_updated_ago')} - .discussion-body + .discussion-body.js-toggle-content - if note.for_diff_line? - if note.active? = render "projects/notes/discussion_diff", discussion_notes: discussion_notes, note: note @@ -47,11 +44,3 @@ .notes{ rel: discussion_notes.first.discussion_id } = render discussion_notes = render "projects/notes/discussion_reply_button", note: discussion_notes.first - - -# will be shown when the other one is hidden - .discussion-hidden.content.hide - .note - %em Hidden discussion. - = link_to "javascript:;", class: "js-details-target js-toggler-target" do - %i.icon-eye-open - Show diff --git a/db/migrate/20140407135544_fix_namespaces.rb b/db/migrate/20140407135544_fix_namespaces.rb new file mode 100644 index 00000000000..8c4f2b0f6b1 --- /dev/null +++ b/db/migrate/20140407135544_fix_namespaces.rb @@ -0,0 +1,10 @@ +class FixNamespaces < ActiveRecord::Migration + def up + Namespace.where('name <> path and type is null').each do |namespace| + namespace.update_attribute(:name, namespace.path) + end + end + + def down + end +end \ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index d8a9d1863fc..9033aa92ac9 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20140313092127) do +ActiveRecord::Schema.define(version: 20140407135544) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 5bff362da0e..f64c8d5883c 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -42,6 +42,10 @@ server { # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { + # If you use https make sure you disable gzip compression + # to be safe against BREACH attack + # gzip off; + proxy_read_timeout 300; # Some requests take more than 30 seconds. proxy_connect_timeout 300; # Some requests take more than 30 seconds. proxy_redirect off; @@ -63,5 +67,4 @@ server { } error_page 502 /502.html; -} - +} \ No newline at end of file