kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib
History
Robert Speicher 24f353edc4 Merge branch '17249-starred' into 'master' 
Restrict starred projects to viewable ones

`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

Closes #17249.

See merge request !4108
2016-05-11 12:49:29 +00:00
..
api Merge branch '17249-starred' into 'master' 2016-05-11 12:49:29 +00:00
assets
backup Make sure there is a connection before using ActiveRecord 2016-02-08 17:31:24 +01:00
banzai Merge branch 'fix/using-uploads-in-global-snippets' into 'master' 2016-05-10 17:07:10 +00:00
ci Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
gitlab Merge branch '17270-only-generate-email-on-push-once-for-all-recipients' into 'master' 2016-05-11 12:45:39 +00:00
omni_auth Fix signin with OmniAuth providers 2015-12-08 14:58:15 +01:00
rouge/formatters Remove custom Lexer. #3945 [ci skip] 2016-01-08 15:20:48 -05:00
support Replace gitlab-workhorse with GitLab Workhorse where appropriate 2016-04-28 17:36:50 +03:00
tasks Merge branch 'remove-annotate-gem' into 'master' 2016-05-10 09:08:30 +00:00
award_emoji.rb Removed usage of normilizeEmojiName method 2016-04-22 21:53:26 +01:00
banzai.rb Add a PreProcessPipeline 2016-03-02 22:19:36 -05:00
disable_email_interceptor.rb Add email interceptor to prevent mail sending if email sending is disabled. 2014-10-27 13:05:50 +01:00
event_filter.rb Fix rubocop warnings in lib 2015-10-03 01:29:58 -05:00
extracts_path.rb Only render 404 page from /public 2015-10-13 20:12:34 +03:00
file_size_validator.rb Get rid of more requires, which causes warnings when code is reloaded 2016-04-19 11:48:10 +02:00
file_streamer.rb Implement Build Artifacts 2015-11-10 12:51:50 +01:00
gitlab.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
gt_one_coercion.rb diff unfold 2014-08-14 15:48:14 +04:00
repository_cache.rb Store commit count in project table 2015-07-17 15:22:56 +02:00
static_model.rb
unfold_form.rb Gitlab Issue 707: Indent unfolded code 1 character 2015-07-22 09:58:17 -04:00
uploaded_file.rb Implement Build Artifacts 2015-11-10 12:51:50 +01:00
version_check.rb Update version check images to use SVG 2016-01-05 14:35:29 -05:00