Commit graph

14 commits

Author SHA1 Message Date
Robert Speicher
a6ec5121f0 Correct RSpec/SingleLineHook cop offenses 2017-06-14 13:18:56 -05:00
mhasbini
ccac05dd90 Fix 404 when upstream has disabled merge requests 2017-04-27 01:04:07 +03:00
Sean McGivern
29d8b4ee72 Merge branch '29364-private-projects-mr-fix'
Don’t show source project name when user does not have access

See merge request !2081
2017-04-05 21:06:02 -07:00
Robert Speicher
ca9a79f620 Use :empty_project where possible in service specs 2017-03-27 20:44:09 -04:00
Adam Niedzielski
cc25c4c06c Allow creating merge request even if target branch is not specified in query params
Closes #28890
2017-03-17 16:44:15 +01:00
Felipe Artur
31409030d6 Create compare object with default branch when target branch is missing 2017-02-21 17:11:52 -03:00
Douwe Maan
3bf34face4 Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security'
Replace issue access checks with use of IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

## Which fixes are in this MR?

⚠️ - Potentially untested  
💣 - No test coverage  
🚥 - Test coverage of some sort exists (a test failed when error raised)  
🚦 - Test coverage of return value (a test failed when nil used)  
 - Permissions check tested

### Issue lookup with access check

Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells).

- [x] 🚦 app/finders/notes_finder.rb:15 [`visible_to_user`]
- [x] 🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`]
- [x]  app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`]
- [x]  lib/api/issues.rb:112 [`visible_to_user`]
  - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone
- [x]  lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too?
- [x]  lib/gitlab/search_results.rb:53 [`visible_to_user`]

### Previous discussions
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87

See merge request !2031
2016-11-28 21:26:23 -03:00
Alex Sanford
3c2f40cd39 Add validation errors to Merge Request form
If source branch or target branch doesn't exist in the project, display
form validation errors. Previously, this caused a 500 error code.
2016-11-01 07:28:22 -03:00
Artem Sidorenko
6c1690fcc0 Allow empty merge requests 2016-10-11 10:50:49 +02:00
Luke Howell
0ee5efbd20 Prepend blank line to close message on merge request
- Added an extra new line to the prepend of the Close message

Fixes #21710
2016-09-01 14:06:45 -05:00
Paco Guzman
1d0c7b7492 Introduce Compare model in the codebase.
This object will manage Gitlab::Git::Compare instances
2016-08-03 07:00:20 +02:00
Sean McGivern
09209725ce Don't auto-set MR title for confidential issues 2016-05-06 12:24:37 +01:00
Sean McGivern
e76f339dcd Auto-set title for branches created from issues
If a branch starts with an issue's IID, followed by a hyphen, the
description will be updated to say that is closes the issue. This also
updates the title of the merge request to 'Resolves "$issue-title"', as
long as:
- There is more than one commit in the merge request (if there is only
  one commit, the commit's title will be used as before)
- The issue's IID is valid for the project
2016-05-06 12:24:37 +01:00
Sean McGivern
13d4d3c8b0 Add specs for MergeRequests::BuildService 2016-05-06 12:24:36 +01:00