Commit graph

10 commits

Author SHA1 Message Date
Douwe Maan
6d37fe952b Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'
Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x]  app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x]  app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030
2016-11-28 21:25:46 -03:00
James Lopez
2b37f040b6 Ignore deployment for statistics in Cycle Analytics, except in staging and production stages
Also, updated specs and docs.
2016-10-12 12:32:25 +02:00
Timothy Andrew
918e589c2b Implement a second round of review comments from @DouweM.
- Don't use `TableReferences` - using `.arel_table` is shorter!
- Move some database-related code to `Gitlab::Database`
- Remove the `MergeRequest#issues_closed` and
  `Issue#closed_by_merge_requests`  associations. They were either
  shadowing or were too similar to existing methods. They are not being
  used anywhere, so it's better to remove them to reduce confusion.
- Use Rails 3-style validations
- Index for `MergeRequest::Metrics#first_deployed_to_production_at`
- Only include `CycleAnalyticsHelpers::TestGeneration` for specs that
  need it.
- Other minor refactorings.
2016-09-21 00:47:37 +05:30
Timothy Andrew
d0e101e997 Fix all cycle analytics specs.
A number of failures were introduced due to performance
improvements (like pre-calculating metrics).
2016-09-20 13:23:14 +05:30
Timothy Andrew
f77c952ae7 Test the code cycle analytics phase.
- Move the "data belongs to other project" test case into the generated
  tests, and remove the explicit tests from the `code` and `plan` phases.
2016-09-07 10:39:46 +05:30
Timothy Andrew
98c9d12077 Refactor cycle analytics specs.
1. Generalise the specs that will be common across all cycle analytics
   phases.

2. Rewrite specs `issue` and `plan` to use this abstracted testing
   strategy.

3. Specs that are specific to a given phase, or unwieldy to test in an
   abstracted manner, are added to each phase's spec.
2016-09-02 17:43:03 +05:30
Timothy Andrew
0f74860594 Add tests for the plan cycle analytics phase.
Clean up the `issue` tests as well
2016-09-02 12:19:40 +05:30
Timothy Andrew
331080bca6 Fetch cycle analytics data for a specific date range.
1. Supported date ranges are 30 / 90 days ago. The default is 90 days
   ago.

2. All issues created before "x days ago" are filtered out, even if they
   have other related data (test runs, merge requests) within the filter
   range.
2016-08-26 16:28:20 +05:30
Timothy Andrew
df6c9c33b6 Scope Cycle Analytics queries to a project 2016-08-26 16:28:20 +05:30
Timothy Andrew
a81de9ab4f Add a spec for the CycleAnalytics#issue method. 2016-08-26 16:28:20 +05:30