kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec
History
Timothy Andrew 34b71e734b Don't display the `is_admin?` flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
 		2017-04-25 09:46:05 +00:00
..
bin
config
controllers Merge branch 'dz-refactor-create-members' into 'master' 2017-04-20 14:36:21 +00:00
db/production
factories Don't delete a branch involved in an open merge request in "Delete all merged branches" service 2017-04-19 07:56:08 -07:00
features Merge branch 'dz-refactor-create-members' into 'master' 2017-04-20 14:36:21 +00:00
finders Merge branch 'update-droplab-to-webpack-version' into new-resolvable-discussion 2017-04-06 13:47:52 +01:00
fixtures Don't display the `is_admin?` flag for user API responses. 2017-04-25 09:46:05 +00:00
helpers Fix restricted visibility project setting 2017-04-17 13:57:09 +00:00
initializers
javascripts Merge branch '30637-replace-delete-buttons-get-fork-cancel-confirmation' into 'master' 2017-04-21 08:30:32 +00:00
lib Merge branch 'issuable-state-custom-links' into 'master' 2017-04-20 09:52:39 +00:00
mailers Merge branch 'update-droplab-to-webpack-version' into new-resolvable-discussion 2017-04-06 13:47:52 +01:00
migrations Add a post-deploy migration to migrate from former Redis activity to DB 2017-04-14 15:20:55 +02:00
models Merge branch 'uassign_on_member_removing' into 'master' 2017-04-20 12:42:41 +00:00
policies Merge branch 'siemens/gitlab-ce-fix/subgroup-hide-button' into 'master' 2017-04-12 09:26:16 +00:00
presenters Remove TriggerSchedulePresenter. This will go in another MR. 2017-04-06 23:46:59 +09:00
requests Don't display the `is_admin?` flag for user API responses. 2017-04-25 09:46:05 +00:00
routing Remove format from end of URL for URLs that take a ref or path 2017-04-17 19:03:21 -05:00
rubocop/cop Add remove_concurrent_index to database helper 2017-04-06 09:53:57 +11:00
serializers Review changes, used eq instead of match 2017-04-17 13:18:40 +01:00
services Merge branch 'uassign_on_member_removing' into 'master' 2017-04-20 12:42:41 +00:00
support Resolve "start discussion toggle clicking divider causes UI break" 2017-04-19 21:18:39 +00:00
tasks Expand components version specification format to allow branches 2017-04-13 17:32:00 -03:00
uploaders
views Fix container registry navigation menu highlights 2017-04-18 20:49:52 +00:00
workers Add new ScheduleUpdateUserActivityWorker and UpdateUserActivityWorker 2017-04-14 15:20:55 +02:00
factories_spec.rb
rails_helper.rb
rake_helper.rb
simplecov_env.rb
spec_helper.rb Allow to enable `rspec_profiling` for a branch on the CI 2017-04-13 14:24:35 +02:00