kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/api
History
Robert Speicher 24f353edc4 Merge branch '17249-starred' into 'master' 
Restrict starred projects to viewable ones

`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

Closes #17249.

See merge request !4108
 		2016-05-11 12:49:29 +00:00
..
api.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
api_guard.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
branches.rb Changed the argument of not_found for 'unprotect' 2016-04-06 15:07:31 +05:30
builds.rb Fix API implementation 2016-02-19 18:30:43 +01:00
commit_statuses.rb Fix a few places where autoloading would fail 2016-05-10 11:51:19 +02:00
commits.rb API support for the 'since' and 'until' operators on commit requests 2016-04-29 09:26:52 +02:00
deploy_keys.rb
entities.rb Expose MergeRequest#user_notes_count in the API and use the method in issues list 2016-05-09 16:08:07 +02:00
files.rb
group_members.rb
groups.rb Fix minor issues according development guidelines 2016-04-12 19:08:35 +02:00
helpers.rb API support for the 'since' and 'until' operators on commit requests 2016-04-29 09:26:52 +02:00
internal.rb Fix setting of "action" for Grape transactions 2016-04-20 22:42:52 +02:00
issues.rb Use ActionDispatch Remote IP for Akismet checking 2016-04-27 22:12:55 -07:00
keys.rb
labels.rb api - expose label description 2016-03-24 18:44:52 +00:00
licenses.rb Rename License entity to RepoLicense to avoid conflict with EE 2016-04-19 11:08:48 +02:00
merge_requests.rb Make subscription API more RESTful 2016-04-13 13:52:13 +02:00
milestones.rb Filter confidential issues from milestones API if user does not have access 2016-04-25 12:20:29 +02:00
namespaces.rb
notes.rb Allow back dating notes on creation 2016-04-13 12:04:09 -05:00
project_hooks.rb Prevent users from deleting Webhooks via API they do not own 2016-04-24 23:53:59 -07:00
project_members.rb Allow a project member to leave the projected through the API 2016-04-12 14:30:42 +02:00
project_snippets.rb Prevent private snippets in public/internal projects from being leaked via API 2016-04-25 12:02:06 -07:00
projects.rb Restrict starred projects to viewable ones 2016-05-10 18:13:52 +01:00
repositories.rb Move RepositoryArchiveCacheWorker to sidekiq-cron 2016-04-12 11:12:05 -04:00
runners.rb Move :runner_id param to POST body when enabling specific runner in project 2016-02-19 13:18:48 +01:00
services.rb
session.rb
settings.rb
system_hooks.rb
tags.rb API: Present an array of Gitlab::Git::Tag instead of array of rugged tags 2016-04-17 11:03:10 +02:00
triggers.rb Make the CI permission model simpler 2016-02-02 09:18:08 +01:00
users.rb Add changelog entry 2016-04-18 11:12:28 -03:00
variables.rb Make the CI permission model simpler 2016-02-02 09:18:08 +01:00