kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
82,477 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Jacopo 2f40dac352 Refactor `have_http_status` into `have_gitlab_http_status` in the specs 2017-10-20 10:13:18 +02:00
Robert Speicher a6ec5121f0 Correct RSpec/SingleLineHook cop offenses 2017-06-14 13:18:56 -05:00
Sean McGivern 6dc424c949 Merge branch '29903-remove-user-is-admin-flag-from-api' into 'master' 
Don't display the `is_admin?` flag for user API responses

Closes #29903

See merge request !10846
 2017-04-25 10:57:32 +00:00
Timothy Andrew 34b71e734b Don't display the `is_admin?` flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
 2017-04-25 09:46:05 +00:00
Jacopo ff76adb547 Unnecessary "include WaitForAjax" and "include ApiHelpers" 
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
 2017-04-21 22:32:02 +02:00
Livier eb4f15571d Changed API spec files to describe the correct class 
Restore changes for api spec files

Fix error in rspec Users

Delete extra space Repositories-spec
 2016-11-28 10:55:27 -07:00
tiagonbotelho 1d268a89de adds second batch of tests changed to active tense 2016-08-09 15:11:39 +01:00
Z.J. van de Weg abca19da8b Use HTTP matchers if possible 2016-06-27 20:10:42 +02:00
Artem V. Navrotskiy 8ec59bd18b Add API method for get user by ID of an SSH key 2015-09-03 15:47:22 +03:00