Commit graph

16 commits

Author SHA1 Message Date
Douwe Maan
ad309f5d11 Merge branch 'snippets-finder-visibility' into 'security'
Refactor snippets finder & dont return internal snippets for external users

See merge request !2094
2017-05-10 16:48:18 +02:00
Rémy Coutable
63360adeae
Add requirements: { id: %r{[^/]+} } for all projects and groups namespaced API routes
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-03-16 18:00:24 +01:00
Toon Claes
a3fdd6acd2 Use string based visibility getter & setter
Add `visibility` & `visibility=` methods to the
`Gitlab::VisibilityLevel` module so the `visibility_level` can be
get/set with a string value.
2017-03-02 12:15:25 +01:00
Toon Claes
b2c2dfe545 Expose Project's & ProjectSnippet's VisibilityLevel as String
Instead of exposing the VisibilityLevel as Integer, expose it as
String `visibility` for Project and ProjectSnippet.

Filter queries also accept the `visibility` as String instead of
`visibility_level` as Integer.

Also remove the `public` boolean.
2017-03-02 09:33:24 +01:00
Oswaldo Ferreira
2ace39f242 Spam check and reCAPTCHA improvements 2017-02-21 13:32:49 -03:00
Sean McGivern
c63194ce6f Check public snippets for spam
Apply the same spam checks to public snippets (either personal snippets
that are public, or public snippets on public projects) as to issues on
public projects.
2017-02-02 10:23:51 +00:00
Robert Schilling
74c8669b0a Use the pagination helper in the API 2016-12-04 18:11:19 +01:00
Robert Schilling
b7bf1f3a9d Grapify the projects snippet API 2016-11-21 17:25:34 +01:00
Stan Hu
d5267dfd0d Prevent private snippets in public/internal projects from being leaked via API
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580
2016-04-25 12:02:06 -07:00
Dmitriy Zaporozhets
342d553709
Rename abilities to correspond contoller/model action names
write_ was renamed to create_
modify_  was renamed to update_

So now in update action we have next code

def create
  can?(current_user, :create_issue, @issue)
end

def update
  can?(current_user, :update_issue, @issue)
end

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2015-06-26 15:55:56 +02:00
Vinnie Okada
9623b71a39 More restricted visibility changes
Bug fixes and new tests for the restricted visibility changes.
2015-03-10 18:36:43 -06:00
Vinnie Okada
928fc94c3d Enforce restricted visibilities for snippets
Add new service classes to create and update project and personal
snippets.  These classes are responsible for enforcing restricted
visibility settings for non-admin users.
2015-03-08 17:57:08 -06:00
jubianchi
998cd3cb63 Improve error reporting on users API
* users (#6878, #3526, #4209): Validation error messages are now exposed through 400 responses, 409 response are sent in case of duplicate email or username
* MRs (#5335): 409 responses are sent in case of duplicate merge request (source/target branches), 422 responses are sent when submiting MR fo/from unrelated forks
* issues
* labels
* projects
2014-09-16 01:25:24 +02:00
Jeroen van Baarsen
ef404d8ea6 Dropped expiration date from the snippet API 2014-01-11 18:40:17 +01:00
Dmitriy Zaporozhets
883f465abe Fix snippet raw content being escaped 2013-06-06 16:10:24 +03:00
Dmitriy Zaporozhets
b05600f28b Split Project api on several parts: deploy_keys, hooks, snippets etc 2013-06-06 12:37:51 +03:00