kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
54456 commits 1 branch 0 tags 899 MiB
Commit graph

7 commits

Author SHA1 Message Date
Sean McGivern
6dc424c949 Merge branch '29903-remove-user-is-admin-flag-from-api' into 'master' 
Don't display the `is_admin?` flag for user API responses

Closes #29903

See merge request !10846
 2017-04-25 10:57:32 +00:00
Timothy Andrew
34b71e734b Don't display the is_admin? flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
 2017-04-25 09:46:05 +00:00
Jacopo
ff76adb547 Unnecessary "include WaitForAjax" and "include ApiHelpers" 
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
 2017-04-21 22:32:02 +02:00
George Andrinopoulos
7c74a0209b Implement new service for creating user 2017-03-27 09:37:24 +00:00
Robert Schilling
0b402e11e3 Remove deprecated upvotes and downvotes from the notes API 2017-02-22 13:07:49 +01:00
Robert Schilling
8f690604a5 API: Use POST to (un)block a user 2017-02-20 15:18:40 +01:00
Robert Schilling
ce54a801fe Backport API to v3 2017-02-17 09:05:24 +01:00