Commit graph

20 commits

Author SHA1 Message Date
Douwe Maan
f23b1cb453 Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'
Replace MR access checks with use of MergeRequestsFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x] 💣  app/finders/notes_finder.rb:17
- [x] ⚠️  app/views/layouts/nav/_project.html.haml:80 [`.count`]
- [x] 💣  app/controllers/concerns/creates_commit.rb:84
- [x] 🚥  app/controllers/projects/commits_controller.rb:24
- [x] 🚥  app/controllers/projects/compare_controller.rb:56
- [x] 🚦  app/controllers/projects/discussions_controller.rb:29
- [x]   app/controllers/projects/todos_controller.rb:27
- [x] 🚦  app/models/commit.rb:268
- [x]  lib/gitlab/search_results.rb:71

- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)`
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`.
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use  of unchecked `merged_merge_request?`

See merge request !2033
2016-12-08 21:42:07 -03:00
Oswaldo Ferreira
f272ee6eba Add shorthand support to gitlab markdown references 2016-12-02 19:18:17 -02:00
winniehell
0d8352973b Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
Stan Hu
30aa64202b Fix note validation spec failures 2016-06-01 10:31:46 -07:00
Yorick Peterse
580d250166
Refactor Participable
There are several changes to this module:

1. The use of an explicit stack in Participable#participants
2. Proc behaviour has been changed
3. Batch permissions checking

== Explicit Stack

Participable#participants no longer uses recursion to process "self" and
all child objects, instead it uses an Array and processes objects in
breadth-first order. This allows us to for example create a single
Gitlab::ReferenceExtractor instance and pass this to any Procs. Re-using
a ReferenceExtractor removes the need for running potentially many SQL
queries every time a Proc is called on a new object.

== Proc Behaviour Changed

Previously a Proc in Participable was expected to return an Array of
User instances. This has been changed and instead it's now expected that
a Proc modifies the Gitlab::ReferenceExtractor passed to it. The return
value of the Proc is ignored.

== Permissions Checking

The method Participable#participants uses
Ability.users_that_can_read_project to check if the returned users have
access to the project of "self" _without_ running multiple SQL queries
for every user.
2016-06-01 16:22:35 +02:00
Yorick Peterse
309ca405fa
Don't modify arguments in CommitRange#initialize
This method used to call strip! on input strings which will mess with
the strings if they're re-used or frozen.
2016-05-26 13:58:01 +02:00
Douwe Maan
1e8d703a85 Tag model specs 2015-12-09 10:50:51 +01:00
Douwe Maan
62c14ba2ed Render commit reference using short sha, but include full sha in comment. 2015-12-01 12:58:45 +01:00
Douwe Maan
a7be01cd07 Render commit range reference with short shas, link to full shas. 2015-11-30 21:10:52 +01:00
Dmitriy Zaporozhets
f40b99d02e
Merge branch 'master' into rubocop-for-tests
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	spec/features/issues_spec.rb
	spec/models/forked_project_link_spec.rb
	spec/models/hooks/service_hook_spec.rb
	spec/models/hooks/web_hook_spec.rb
	spec/models/project_services/hipchat_service_spec.rb
	spec/requests/api/project_members_spec.rb
	spec/requests/api/projects_spec.rb
	spec/requests/api/system_hooks_spec.rb
	spec/services/archive_repository_service_spec.rb
	spec/support/matchers.rb
	spec/tasks/gitlab/backup_rake_spec.rb
2015-06-23 10:44:03 +02:00
Robert Speicher
94eff65569 Fix Style/SpaceInsideHashLiteralBraces cop violations
These fixes were performed automatically by Rubocop's `-a` flag.
2015-06-22 14:41:00 -04:00
Robert Speicher
0f627f1c60 Fix raise_error without an argument deprecation warnings 2015-06-22 12:13:47 +02:00
Robert Speicher
136ab73803 Update CommitRange#to_reference to use full SHAs
We only want them shortened by the filter, which calls to_s
2015-05-26 15:48:31 -04:00
Robert Speicher
c0faf91ff2 Add to_reference for models that support references
Now there is a single source of information for which attribute a model
uses to be referenced, and its special character.
2015-05-26 15:48:30 -04:00
Robert Speicher
165cacce16 Rename CommitRange#inclusive? to #exclude_start? 2015-04-25 14:58:49 -04:00
Robert Speicher
92c681a53c Remove CommitRange#to_a 2015-04-25 14:45:56 -04:00
Robert Speicher
2403a28b3f Include caret in CommitRange#reference_title 2015-04-25 14:41:06 -04:00
Robert Speicher
c11d3c5789 Remove param from CommitRange#to_s 2015-04-25 14:41:06 -04:00
Robert Speicher
81a21e5796 CommitRange improvements 2015-04-25 14:41:06 -04:00
Robert Speicher
a8e6656481 Add CommitRange class 2015-04-25 14:40:40 -04:00