Commit graph

22 commits

Author SHA1 Message Date
Jarka Košanová
b1c3955385 Rename GroupHierarchy into ObjectHierarchy
- we now use the hierarchy class also for epics
- also rename supports_nested_groups? into supports_nested_objects?
  - move it to a concern
2018-12-19 15:24:29 +01:00
Douglas Barbosa Alexandre
01d8c1f6f0
Whitelist none method from ActiveRecord::Querying 2018-10-31 15:46:36 -03:00
Stan Hu
32b96bfd81 Merge branch 'frozen-string-app-finders-graphql' into 'master'
Enable frozen string in app/graphql + app/finders

See merge request gitlab-org/gitlab-ce!21681
2018-09-13 19:44:31 +00:00
gfyoung
47b3038434 Enable frozen string in app/graphql + app/finders
Partially addresses #47424.
2018-09-11 12:15:23 -07:00
Yorick Peterse
2039c8280d
Disable existing offenses for the CodeReuse cops
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
2018-09-11 17:32:00 +02:00
Marko, Peter
9cdf4292c5 Add min_access_level filter to groups API
Signed-off-by: Marko, Peter <peter.marko@siemens.com>
2018-07-23 20:57:50 +02:00
Roger Rüttimann
bc7877e8c1 show only groups an admin is a member of in dashboards/grops 2018-05-01 09:24:21 +00:00
Markus Koller
1f773a8ef5
Support custom attributes on groups 2017-11-06 10:51:50 +01:00
Nick Thomas
47cf3b4b61 Fix the groups API endpoint to handle ?owned=true correctly 2017-09-19 12:59:05 +01:00
Nick Thomas
2adff699ce Refactor complicated API group finding rules into GroupsFinder 2017-08-24 11:33:09 +01:00
Toon Claes
aeaf58609b Make the GroupFinder specs more strict
Ensure the results match exactly and project authorizations do allow access to
sibling groups/projects deeper down.

Also apply WHERE scopes before running the UNION, to increase performance.
2017-06-15 08:46:34 +02:00
Toon Claes
ef1811f4bc Subgroups page should show groups authorized through inheritance
When a user is authorized to a group, they are also authorized to see all the
ancestor groups and descendant groups.

When a user is authorized to a project, they are authorized to see all the
ancestor groups too.

Closes #32135

See merge request !11764
2017-06-15 08:46:34 +02:00
Douwe Maan
ea4eb46047 Merge branch 'tc-fix-private-subgroups-shown' into 'security'
Use GroupsFinder to find subgroups the user has access to

See merge request !2096
2017-05-10 16:48:18 +02:00
Dmitriy Zaporozhets
2989192d1a
Store group and project full name and full path in routes table
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2017-02-08 19:14:29 +02:00
Douwe Maan
8db1292139 Tweaks, refactoring, and specs 2016-03-20 21:04:07 +01:00
Felipe Artur
0a7f716119 Code fixes 2016-03-17 19:42:46 -03:00
Felipe Artur
5551ccd720 Code improvements 2016-03-10 10:38:36 -03:00
Felipe Artur
f2a9ee258e Add permission level to groups 2016-03-10 10:38:36 -03:00
Valery Sizov
8b18449125 remove public field from namespace and refactoring 2016-01-04 16:00:29 +02:00
Yorick Peterse
2110247f83 Refactoed GroupsFinder into two separate classes
In the previous setup the GroupsFinder class had two distinct tasks:

1. Finding the projects user A could see
2. Finding the projects of user A that user B could see

Task two was actually handled outside of the GroupsFinder (in the
UsersController) by restricting the returned list of groups to those the
viewed user was a member of. Moving all this logic into a single finder
proved to be far too complex and confusing, hence there are now two
finders:

* GroupsFinder: for finding groups a user can see
* JoinedGroupsFinder: for finding groups that user A is a member of,
  restricted to either public groups or groups user B can also see.
2015-11-18 13:05:45 +01:00
Valery Sizov
6051c28fc0 Allow groups to appear in the search results if the group owner allows it 2015-11-05 13:18:51 +02:00
Dmitriy Zaporozhets
4ca6ebf017
Add GroupFinder for collection all groups user has access to
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-05 20:36:59 +03:00