gitlab-org--gitlab-foss

History

Douwe Maan f23b1cb453 Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ⚠️ - Potentially untested 💣 - No test coverage 🚥 - Test coverage of some sort exists (a test failed when error raised) 🚦 - Test coverage of return value (a test failed when nil used) ✅ - Permissions check tested - [x] 💣 app/finders/notes_finder.rb:17 - [x] ⚠️ app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] 💣 app/controllers/concerns/creates_commit.rb:84 - [x] 🚥 app/controllers/projects/commits_controller.rb:24 - [x] 🚥 app/controllers/projects/compare_controller.rb:56 - [x] 🚦 app/controllers/projects/discussions_controller.rb:29 - [x] ✅ app/controllers/projects/todos_controller.rb:27 - [x] 🚦 app/models/commit.rb:268 - [x] ✅ lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033		2016-12-08 21:42:07 -03:00
..
admin	Allow admins to stop impersonating users without e-mail addresses	2016-11-17 23:28:39 -05:00
ci	Redirect to root path when visiting `/ci`	2016-03-29 08:04:17 +02:00
groups	Add toggle_subscription action to Groups::LabelsController	2016-11-17 15:10:13 -02:00
import	modify github import JS and controller so we can now specify a namespace and/or name for a project.	2016-09-20 10:14:39 +02:00
oauth	Use HTTP matchers if possible	2016-06-27 20:10:42 +02:00
profiles	fixes part1 of files to start using active tense	2016-08-09 15:06:23 +01:00
projects	Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'	2016-12-08 21:42:07 -03:00
abuse_reports_controller_spec.rb	Add `AbuseReport#notify`	2016-01-04 18:59:42 -05:00
application_controller_spec.rb	Add nested groups support to the routing	2016-11-23 14:08:36 +02:00
autocomplete_controller_spec.rb	Do not raise error in AutocompleteController#users when not authorized	2016-11-30 10:09:14 +05:00
blob_controller_spec.rb	Fix Error 500 when viewing a blob with binary characters after the 1024-byte mark	2016-06-12 07:36:25 -07:00
groups_controller_spec.rb	This fixes a long running tests due to changed Sidekiq state	2016-08-15 23:26:40 +02:00
health_check_controller_spec.rb	Use HTTP matchers if possible	2016-06-27 20:10:42 +02:00
help_controller_spec.rb	Fix URL rewritting in the Help section	2016-12-01 16:40:48 +01:00
invites_controller_spec.rb	Use HTTP matchers if possible	2016-06-27 20:10:42 +02:00
notification_settings_controller_spec.rb	Merge branch 'master' into issue_3359_3	2016-06-29 11:32:38 -03:00
projects_controller_spec.rb	Merge branch 'use-separate-token-for-incoming-email' into 'master'	2016-11-08 10:47:45 +00:00
registrations_controller_spec.rb	Assert against `ActionMailer::Base.deliveries` relatively.	2016-07-05 10:20:32 +05:30
root_controller_spec.rb	Implementing 'Groups View' and 'TODOs View' as options for dashboard preferences.	2016-03-24 19:59:54 +01:00
sent_notifications_controller_spec.rb	Remove default value for `project` argument on subscribable concern	2016-11-17 15:10:13 -02:00
sessions_controller_spec.rb	fix: 24982- Remove'Signed in successfully' message	2016-12-07 20:30:28 +05:30
snippets_controller_spec.rb	Ensure user is authenticated to create a new snippet	2016-11-28 16:57:49 +01:00
uploads_controller_spec.rb	Use HTTP matchers if possible	2016-06-27 20:10:42 +02:00
users_controller_spec.rb	Enforce the fork_project permission in Projects::CreateService	2016-09-27 13:17:56 +01:00