kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec
History
Timothy Andrew 20f679d620 Allow unauthenticated access to the /api/v4/users API. 
- The issue filtering frontend code needs access to this API for non-logged-in
  users + public projects. It uses the API to fetch information for a user by
  username.

- We don't authenticate this API anymore, but instead - if the `current_user` is
  not present:

  - Verify that the `username` parameter has been passed. This disallows an
    unauthenticated user from grabbing a list of all users on the instance. The
    `UsersFinder` class performs an exact match on the `username`, so we are
    guaranteed to get 0 or 1 users.
  - Verify that the resulting user (if any) is accessible to be viewed publicly
    by calling `can?(current_user, :read_user, user)`
2017-06-26 07:20:30 +00:00
..
bin
config
controllers Merge remote-tracking branch 'upstream/master' into 28717-additional-metrics-review-branch 2017-06-22 15:05:52 +02:00
db/production Handle case where GITLAB_PROMETHEUS_METRICS_ENABLED is non boolean value by defaulting to false 2017-06-06 13:16:55 +02:00
factories Merge remote-tracking branch 'upstream/master' into 28717-additional-metrics-review-branch 2017-06-22 15:05:52 +02:00
features Add feature spec for dashboard state filter tabs 2017-06-21 15:14:37 -05:00
finders Merge branch 'add-since-and-until-params-to-issuables' into 'master' 2017-06-19 12:13:27 +00:00
fixtures Merge remote-tracking branch 'upstream/master' into 28717-additional-metrics-review-branch 2017-06-22 15:05:52 +02:00
helpers Fix breadcrumb order 2017-06-22 13:38:29 -07:00
initializers Instrument MergeRequestDiff#load_commits 2017-06-14 12:01:38 +01:00
javascripts Make JavaScript tests fail for unhandled Promise rejections 2017-06-23 09:28:19 +00:00
lib Merge branch 'dm-requirements-txt-tilde' into 'master' 2017-06-23 21:17:21 +00:00
mailers Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
migrations Merge branch 'master' into fix/gb/improve-updating-column-in-batches-helper 2017-06-22 12:37:38 +02:00
models Add User#full_private_access? to check if user has Private access 2017-06-23 11:15:35 +02:00
policies Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
presenters Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
requests Allow unauthenticated access to the /api/v4/users API. 2017-06-26 07:20:30 +00:00
routing Correct RSpec/SingleLineHook cop offenses 2017-06-14 13:18:56 -05:00
rubocop/cop Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
serializers Correct RSpec/SingleLineHook cop offenses 2017-06-14 13:18:56 -05:00
services Merge branch '34008-fix-CI_ENVIRONMENT_URL-2' into 'master' 2017-06-21 14:16:08 +00:00
sidekiq/cron
support Merge remote-tracking branch 'upstream/master' into 28717-additional-metrics-review-branch 2017-06-22 15:05:52 +02:00
tasks Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
unicorn Increase unicorn test boot timeout to 5 minutes 2017-06-08 18:35:55 +02:00
uploaders Fix filename method of GitlabUploader to return always real filename 2017-06-13 00:37:12 +02:00
validators Rebuild the dynamic path before validating it 2017-06-21 16:09:35 +02:00
views Limit the width of commit & snippet comment sections 2017-06-23 10:45:08 +00:00
workers Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
factories_spec.rb Lint our factories creation in addition to their build 2017-06-02 19:06:50 +02:00
rails_helper.rb
rake_helper.rb
simplecov_env.rb
spec_helper.rb Include Devise::Test::IntegrationHelpers for all feature specs 2017-06-19 18:59:03 -05:00