kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/api
History
Robert Speicher 24f353edc4 Merge branch '17249-starred' into 'master' 
Restrict starred projects to viewable ones

`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

Closes #17249.

See merge request !4108
2016-05-11 12:49:29 +00:00
..
api.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
api_guard.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
branches.rb Changed the argument of not_found for 'unprotect' 2016-04-06 15:07:31 +05:30
builds.rb Fix API implementation 2016-02-19 18:30:43 +01:00
commit_statuses.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
commits.rb API support for the 'since' and 'until' operators on commit requests 2016-04-29 09:26:52 +02:00
deploy_keys.rb Fix failing tests due to updates on the return messages. 2015-01-07 11:39:20 +01:00
entities.rb Expose MergeRequest#user_notes_count in the API and use the method in issues list 2016-05-09 16:08:07 +02:00
files.rb WIP lazy blobs 2016-02-01 10:41:52 +01:00
group_members.rb Track who created a group or project member. 2015-04-14 12:06:42 +02:00
groups.rb Fix minor issues according development guidelines 2016-04-12 19:08:35 +02:00
helpers.rb API support for the 'since' and 'until' operators on commit requests 2016-04-29 09:26:52 +02:00
internal.rb Fix setting of "action" for Grape transactions 2016-04-20 22:42:52 +02:00
issues.rb Use ActionDispatch Remote IP for Akismet checking 2016-04-27 22:12:55 -07:00
keys.rb Add API method for get user by ID of an SSH key 2015-09-03 15:47:22 +03:00
labels.rb api - expose label description 2016-03-24 18:44:52 +00:00
licenses.rb Rename License entity to RepoLicense to avoid conflict with EE 2016-04-19 11:08:48 +02:00
merge_requests.rb Make subscription API more RESTful 2016-04-13 13:52:13 +02:00
milestones.rb Filter confidential issues from milestones API if user does not have access 2016-04-25 12:20:29 +02:00
namespaces.rb Make namespace API available to all users 2015-05-28 11:39:12 -07:00
notes.rb Allow back dating notes on creation 2016-04-13 12:04:09 -05:00
project_hooks.rb Prevent users from deleting Webhooks via API they do not own 2016-04-24 23:53:59 -07:00
project_members.rb Allow a project member to leave the projected through the API 2016-04-12 14:30:42 +02:00
project_snippets.rb Prevent private snippets in public/internal projects from being leaked via API 2016-04-25 12:02:06 -07:00
projects.rb Restrict starred projects to viewable ones 2016-05-10 18:13:52 +01:00
repositories.rb Move RepositoryArchiveCacheWorker to sidekiq-cron 2016-04-12 11:12:05 -04:00
runners.rb Move :runner_id param to POST body when enabling specific runner in project 2016-02-19 13:18:48 +01:00
services.rb Hide passwords to non-admin users in the services API 2015-10-12 15:24:00 +02:00
session.rb
settings.rb Add tests and improve logic 2015-07-06 16:47:19 +02:00
system_hooks.rb Added X-GitLab-Event header for web hooks 2015-05-08 16:49:03 +03:00
tags.rb API: Present an array of Gitlab::Git::Tag instead of array of rugged tags 2016-04-17 11:03:10 +02:00
triggers.rb Make the CI permission model simpler 2016-02-02 09:18:08 +01:00
users.rb Add changelog entry 2016-04-18 11:12:28 -03:00
variables.rb Make the CI permission model simpler 2016-02-02 09:18:08 +01:00