Commit graph

9 commits

Author SHA1 Message Date
GitLab Bot
98d7cc758f Add latest changes from gitlab-org/gitlab@master 2020-10-30 18:08:56 +00:00
GitLab Bot
0bc6d00165 Add latest changes from gitlab-org/gitlab@master 2020-07-10 18:09:45 +00:00
GitLab Bot
b7dfe2ae40 Add latest changes from gitlab-org/gitlab@master 2019-09-13 13:26:31 +00:00
Alex Kalderimis
d30a90a354 Prevent unauthorised comments on merge requests
* Prevent creating notes on inaccessible MRs

This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.

* Prevent creating notes in inaccessible Issues

without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.

* Add CHANGELOG entry
2019-08-07 03:04:33 +01:00
Jan Beckmann
eba4b9404f Disallow reopening of locked merge requests
Fixes #56864
2019-03-08 08:34:20 +00:00
gfyoung
d5bf57a6af Enable frozen string in presenters and policies
Enable frozen string in:

* app/presenters
* app/policies

Partially addresses #47424.
2018-07-24 13:18:25 -07:00
Sean McGivern
e7b1d201dd Fix N+1 in MergeRequestParser
read_project can be prevented by a very expensive condition, which we want to
avoid, while still not writing manual SQL queries. read_project_for_iids is used
by read_issue_iid and read_merge_request_iid to satisfy both of those
constraints, and allow the declarative policy runner to use its normal caching
strategy.
2018-04-05 13:59:05 +01:00
Bob Van Landuyt
148816cd67 Port read_cross_project ability from EE 2018-02-22 17:11:36 +01:00
http://jneen.net/
0928610930 add and use MergeRequestPolicy 2016-08-30 11:39:22 -07:00