- Refactored cycle analytics class to extract DB logic
- Reuse logic in new events fetcher
- Started adding cycle analytics events class and spec (still not functional)
fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes#22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them.
See merge request !7428
Fix issue where "Without projects" filter admin area shows 0 users incorrectly. Before this fix, if any outstanding group or project invitations exist the count show as 0.
Fixes#3367
See merge request !6611
Allow commit note to be visible if repo is visible
## What does this MR do?
It enforces the `:download_code` permission in `Event#visible_to_user?` for commit notes.
Closes#23824
See merge request !7504
Stopped multiple requests with dropdowns
## What does this MR do?
Fixes an issue where the user dropdown would send 2 requests when the user opens the dropdown.
## What are the relevant issue numbers?
Closes#24131
See merge request !7505
Fixed issue boards counter border when unauthorized
## What does this MR do?
When the user is unauthorized & view issue boards, the border on the counter will not be the whole way around. This fixes that.
## Screenshots (if relevant)
![Screen_Shot_2016-11-16_at_13.03.36](/uploads/54d97f7f4114044aad3bdc78961a31c8/Screen_Shot_2016-11-16_at_13.03.36.png)
## What are the relevant issue numbers?
Closes#23664
See merge request !7501
Defer saving project services to the database if there are no user changes
## What does this MR do?
It defers saving project services to the database as long as it is possible. It creates a project service when creating a project only if this project service has an active template. After that project services are saved on the first edit.
## Are there points in the code the reviewer needs to double check?
- tests that used `build_missing_services` before the change
- number of queries executed
## Why was this MR needed?
Motivation in #22281
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
Fixes#22281
See merge request !6958
Disable the "request access" functionality by default for new groups and projects
Currently this feature is enabled by default, and additional action is required to disable it.
Closes#21992Closes!7011
See merge request !7425
gitlab-shell v3.6.6 would give project paths like so:
* namespace/project
gitlab-shell v4.0.0 can give project paths like so:
* /namespace1/namespace2/project
* /namespace/project
* /path/to/repository/storage/namespace1/namespace2/project
* /path/to/repository/storage/namespace/project
Fix UX Guide link on Contributing.md
Current link on the CONTRIBUTING.md page was to the old UI Guide. This should be updated to the new link.
See merge request !7493
Move 'Search Snippets' Spinach feature to Rspec
## What does this MR do?
Moves the Spinach feature `features/snippet_search.feature` to an RSpec feature `spec/features/snippets/search_snippets_spec.rb`.
## Are there points in the code the reviewer needs to double check?
The search results page URL was being visited directly in the original Spinach test, using an encoded search query and specific parameters to trigger the snippet searches. I have changed the RSpect feature to fill in the search box on the snippets dashboard page to retrieve results to cover the missing test coverage on the search box and to avoid the feature test from relying on the implementation details of the search URL structure.
## Why was this MR needed?
As part of deprecating the Spinach test suite.
## Screenshots (if relevant)
## Does this MR meet the acceptance criteria?
- [-] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [-] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [-] API support added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
#23036
See merge request !7494
Improved redis sentinel documentation
## What does this MR do?
Updates Redis Sentinel documentation (most Omnibus stuff).
## Are there points in the code the reviewer needs to double check?
Grammar / Documentation
## Why was this MR needed?
After this https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1000 get merged, people will need to follow new instructions.
## Checklist
- Documentation follows Sentinel best-practices:
- [x] Suggests amount of sentinel nodes
- [x] Suggests amount of redis nodes
- [x] Suggests quorum value according to recomended amount of sentinel nodes
- [x] Describes how to define quorum according to best-practices
- [x] Lists ports and firewall checklist
- [x] Following Documentation bring us to a working environment
- [ ] Documentation is clear and have no gramatical issue
## What are the relevant issue numbers?
gitlab-org/omnibus-gitlab#1565
See merge request !6471
Prior, an administrator viewing a project's Labels page would see _all_
labels from every project they had access to, rather than only the
labels of that specific project (if any).
This was not an information disclosure, as admins have access to
everything, but it was a performance issue.