Robert Speicher
fec9fb05a5
Merge branch 'security-10-4-todo-api-reveals-sensitive-information' into 'security-10-4'
...
Restrict Todo API mark_as_done endpoint to the user's todos only
2018-02-09 12:16:25 -06:00
Robert Schilling
6a2ee0968e
API: Use defined project requirements
2017-08-31 14:57:47 +02:00
Toon Claes
a723cba574
Avoid plucking Todo ids and use sub-queries instead
...
TodoService should not call `.select(&:id)` on todos, because this is
bad performance. So instead use sub-queries, which will result in a
single SQL query to the database.
https://docs.gitlab.com/ee/development/sql.html#plucking-ids
2017-08-03 16:31:05 +02:00
Stan Hu
303504df47
Revert "Merge branch 'tc-no-todo-service-select' into 'master'"
...
This reverts merge request !10845
2017-04-29 12:29:59 +00:00
Toon Claes
a204d14c67
Avoid plucking Todo ids and use sub-queries instead
...
TodoService should not call `.select(&:id)` on todos, because this is
bad performance. So instead use sub-queries, which will result in a
single SQL query to the database.
https://docs.gitlab.com/ee/development/sql.html#plucking-ids
2017-04-27 09:57:09 +02:00
Rémy Coutable
63360adeae
Add requirements: { id: %r{[^/]+} }
for all projects and groups namespaced API routes
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-03-16 18:00:24 +01:00
Timothy Andrew
9ccd8b8755
Migrate the Todos API to use issuable_iid
...
- Instead of `issuable_id`
2017-03-07 13:55:59 +05:30
Douwe Maan
b7d8df503c
Enable Style/MutableConstant
2017-02-23 09:31:56 -06:00
Robert Schilling
1ef911f0e0
API: Use POST requests to mark todos as done
2017-02-21 12:01:15 +01:00
Robert Speicher
3a5df1d8fc
Merge branch 'fix-api-mr-permissions' into 'security'
...
Ensure that only privileged users can access merge requests in the API
See merge request !2053
2017-01-23 13:54:35 -05:00
Robert Schilling
74c8669b0a
Use the pagination helper in the API
2016-12-04 18:11:19 +01:00
Robert Schilling
b927473c45
Grapify todos API
2016-10-14 09:22:50 +02:00
Paco Guzman
f8b53ba20b
Recover usage of Todos counter cache
...
We’re being kept up to date the counter data but we’re not using it.
The only thing which is not real if is the number of projects that the
user read changes the number of todos can be stale for some time.
The counters will be sync just after the user receives a new todo or mark any as done
2016-08-12 18:21:36 +02:00
Paco Guzman
1f2253545b
Use cache for todos counter calling TodoService
2016-08-12 17:40:03 +02:00
Robert Schilling
baa9ce8480
Return the number of marked todos
2016-07-19 13:09:57 +02:00
Robert Schilling
87ac9c9850
Support creating a todo on issuables via API
2016-07-01 14:52:04 +02:00
Robert Schilling
3942621329
Expose target, filter by state as string
2016-07-01 14:52:04 +02:00
Robert Schilling
fd9cd5ae8c
Add todos API documentation and changelog
2016-07-01 14:51:59 +02:00
Robert Schilling
40c685c510
pass paginated array when deleting notes
2016-07-01 10:49:34 +02:00
Robert Schilling
39e6f504fc
Move to helper, no instance variables
2016-07-01 10:49:34 +02:00
Douglas Barbosa Alexandre
a1f224d3f7
Add Todos API
2016-07-01 10:49:34 +02:00