kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/controllers
History
Douwe Maan f23b1cb453 Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' 
Replace MR access checks with use of MergeRequestsFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x] 💣  app/finders/notes_finder.rb:17
- [x] ⚠️  app/views/layouts/nav/_project.html.haml:80 [`.count`]
- [x] 💣  app/controllers/concerns/creates_commit.rb:84
- [x] 🚥  app/controllers/projects/commits_controller.rb:24
- [x] 🚥  app/controllers/projects/compare_controller.rb:56
- [x] 🚦  app/controllers/projects/discussions_controller.rb:29
- [x]   app/controllers/projects/todos_controller.rb:27
- [x] 🚦  app/models/commit.rb:268
- [x]  lib/gitlab/search_results.rb:71

- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)`
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`.
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use  of unchecked `merged_merge_request?`

See merge request !2033
 		2016-12-08 21:42:07 -03:00
..
admin Allow admins to stop impersonating users without e-mail addresses 2016-11-17 23:28:39 -05:00
ci
groups
import
oauth
profiles
projects Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' 2016-12-08 21:42:07 -03:00
abuse_reports_controller_spec.rb
application_controller_spec.rb Add nested groups support to the routing 2016-11-23 14:08:36 +02:00
autocomplete_controller_spec.rb Do not raise error in AutocompleteController#users when not authorized 2016-11-30 10:09:14 +05:00
blob_controller_spec.rb
groups_controller_spec.rb
health_check_controller_spec.rb
help_controller_spec.rb Fix URL rewritting in the Help section 2016-12-01 16:40:48 +01:00
invites_controller_spec.rb
notification_settings_controller_spec.rb
projects_controller_spec.rb
registrations_controller_spec.rb
root_controller_spec.rb
sent_notifications_controller_spec.rb
sessions_controller_spec.rb fix: 24982- Remove'Signed in successfully' message 2016-12-07 20:30:28 +05:30
snippets_controller_spec.rb Ensure user is authenticated to create a new snippet 2016-11-28 16:57:49 +01:00
uploads_controller_spec.rb
users_controller_spec.rb