gitlab-org--gitlab-foss/app/models/concerns
Douwe Maan 79d94b1679 Merge branch '22481-honour-issue-visibility-for-groups' into 'security'
Honour issue and merge request visibility in their respective finders

This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private".

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481

See merge request !2000
2016-11-09 12:24:13 +01:00
..
access_requestable.rb Re-add the AccessRequestable concern 2016-09-22 11:12:17 +02:00
awardable.rb Start Frontend work, fix routing problem 2016-09-19 19:50:40 +03:00
cache_markdown_field.rb Add markdown cache columns to the database, but don't use them yet 2016-10-07 02:54:25 +01:00
case_sensitivity.rb Revamp finding projects by namespaces 2015-10-08 14:35:32 +02:00
expirable.rb Differentiate the expire from leave event 2016-10-20 00:26:45 +00:00
faster_cache_keys.rb Added concern for a faster "cache_key" method 2016-08-08 16:49:22 +02:00
has_status.rb Move build order array to HasStatus module 2016-10-18 08:29:29 -05:00
importable.rb started refactoring some stuff based on MR feedback 2016-06-01 18:03:51 +02:00
internal_id.rb Use GitHub Issue/PR number as iid to keep references 2016-04-18 12:15:50 -03:00
issuable.rb Merge branch '22481-honour-issue-visibility-for-groups' into 'security' 2016-11-09 12:24:13 +01:00
mentionable.rb Simplify Mentionable concern instance methods 2016-10-04 10:45:48 +02:00
milestoneish.rb Use a better message when milestone is newly created 2016-04-29 10:15:49 +01:00
note_on_diff.rb Move #to_discussion to NoteOnDiff 2016-08-30 16:30:42 +01:00
participable.rb Use cattr_accessor instead duplicating code on NoteOnDiff concern 2016-07-15 13:49:16 -03:00
project_features_compatibility.rb Fix project features default values 2016-11-01 11:03:56 -02:00
protected_branch_access.rb Implement review comments from @DouweM. 2016-10-24 11:33:38 +05:30
referable.rb Fix RangeError exceptions when referring to issues or merge requests outside of max database values 2016-06-18 13:07:38 -07:00
sortable.rb Fix and improve Sortable.highest_label_priority 2016-10-27 21:26:56 -03:00
spammable.rb Also check if Akismet is enabled, before showing the Submit as spam button. 2016-08-22 21:36:04 -05:00
strip_attribute.rb Strip attributes for Milestone and Issuable. #3428 2015-11-26 10:16:50 -05:00
subscribable.rb Add API endpoints for un/subscribing from/to a label 2016-05-12 22:48:09 +02:00
taskable.rb add "x of y tasks completed" on issuable 2016-10-28 14:01:36 -02:00
token_authenticatable.rb Use separate email-friendly token for incoming email and let incoming 2016-11-07 15:55:42 +00:00