Commit graph

20 commits

Author SHA1 Message Date
blackst0ne
350e26b8a6 [Rails5] Use safe_params instead of params in url_for helpers
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
2018-04-28 21:35:16 +11:00
Sean McGivern
868cb4307f Fix subgroup issue and MR pages empty states and counts
Previously, these wouldn't count issues or MRs in subgroups - meaning that if
_this_ group had no issues or MRs, we'd show the empty state, which was wrong.
2018-02-27 10:32:29 +00:00
Bob Van Landuyt
148816cd67 Port read_cross_project ability from EE 2018-02-22 17:11:36 +01:00
Robert Speicher
4edfad9678 Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Michael Kozono
49697bc8df Refactor to more robust implementation
In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change:

When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.
2017-05-19 09:13:27 -07:00
Michael Kozono
f05469f99b Resolve discussions 2017-05-05 12:12:50 -07:00
Michael Kozono
9e48f02ea8 Dry up routable lookups. Fixes #30317
Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.
2017-05-05 12:12:50 -07:00
Michael Kozono
7d02bcd2e0 Redirect from redirect routes to canonical routes 2017-05-05 12:11:57 -07:00
Jacopo
b996a82ff4 ProjectsFinder should handle more options
Extended ProjectFinder in order to handle the following options:
 - current_user - which user use
 - project_ids_relation: int[] - project ids to use
 - params:
   -  trending: boolean
   -  non_public: boolean
   -  starred: boolean
   -  sort: string
   -  visibility_level: int
   -  tags: string[]
   -  personal: boolean
   -  search: string
   -  non_archived: boolean

GroupProjectsFinder now inherits from ProjectsFinder.
Changed the code in order to use the new available options.
2017-04-06 07:11:37 +02:00
Luke "Jared" Bennett
7c5198219a MR empty state 2017-04-05 12:43:03 +00:00
Dmitriy Zaporozhets
83232be0e1
Add nested groups support on data level
* add parent_id field to namespaces table to store relation with nested groups
* create routes table to keep information about full path of every group and project
* project/group lookup by full path from routes table

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2016-12-08 11:47:16 +02:00
Douwe Maan
8db1292139 Tweaks, refactoring, and specs 2016-03-20 21:04:07 +01:00
Zeger-Jan van de Weg
b959ae553b Improve group visibility level feature 2016-03-18 16:58:04 -03:00
Dmitriy Zaporozhets
986695e136 Refactor global and group milestones logic
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2015-11-16 14:07:38 +01:00
Douwe Maan
0736f348a6 Use before_actions 2015-07-31 14:15:49 +02:00
Douwe Maan
92fd3ccee0 Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 10:39:16 +02:00
Douwe Maan
26ad250989 Add a page title to every page. 2015-04-30 19:12:15 +02:00
Douwe Maan
ff3caad4ca Rename manage_group ability to admin_group for consistency with project. 2015-04-14 12:05:49 +02:00
Douwe Maan
224187ffb9 Move group members index from /members to /group_members. 2015-03-15 13:51:11 +01:00
Valery Sizov
0b38c3e041 group controller refactoring 2015-03-12 17:08:48 +02:00