1. 13 Sep, 2019 1 commit
  2. 01 Aug, 2019 1 commit
  3. 27 Jul, 2019 1 commit
  4. 26 Jul, 2019 1 commit
    • Patrick Derichs's avatar
      Use NotesFinder in module IssuableActions · 355a2df5
      Patrick Derichs authored
      Add spec for concern IssuableActions
      
      Add shared samples for discussions endpoint
      
      Add schema validations for discussions
      
      Fix rubocop style issue
      
      Make target assignable
      
      Use new possibility to provide target
      355a2df5
  5. 19 Jun, 2019 3 commits
    • Patrick Derichs's avatar
      Remove unneeded parentheses · 9079085f
      Patrick Derichs authored
      9079085f
    • Patrick Derichs's avatar
      b5b56588
    • Patrick Derichs's avatar
      Use NotesFinder to fetch notes on API and Controllers · 932a9a0c
      Patrick Derichs authored
      Fix missing iid query on NotesFinder
      
      Changed parameters of find_noteable, 
      so changes across a few files were needed.
      MergeRequest also requires iid instead of id query
      
      Make NotesFinder fail with RecordNotFound again
      
      Add specs for target_iid
      
      Using RSpec tablesyntax for target_iid specs
      
      Revert "Using RSpec tablesyntax for target_iid specs"
      
      This reverts commit ba45c7f5.
      
      Allow find_by! here
      
      Fix variable name
      
      Add readable check
      
      Revert "Add readable check"
      
      This reverts commit 9e3a1a7a.
      
      Remove unnecessary assignment
      
      Add required changes for EE
      
      Fix parameter count
      
      Reduce code duplication by extracting a noteable module method
      
      The call to find_noteable was redundant so
      multiple files and lines have changed in that
      commit to use the newly introduced module
      method `noteable`.
      
      Replace casecmp with include check
      
      Add parent_type parameter
      
      
      Revert "Reduce code duplication by extracting
      a noteable module method"
      
      This reverts commit 8c0923ba.
      
      Method is no longer needed
      
      Check whether noteable can be read by user
      932a9a0c
  6. 23 Oct, 2018 1 commit
  7. 11 Sep, 2018 2 commits
  8. 21 Jun, 2018 1 commit
  9. 05 Mar, 2018 1 commit
  10. 13 Feb, 2018 1 commit
  11. 24 Nov, 2017 1 commit
  12. 10 May, 2017 1 commit
  13. 02 May, 2017 1 commit
  14. 05 Apr, 2017 3 commits
  15. 13 Mar, 2017 4 commits
  16. 23 Feb, 2017 2 commits
  17. 15 Dec, 2016 1 commit
    • Douwe Maan's avatar
      Merge branch 'jej-note-search-uses-finder' into 'security' · 12db4cc0
      Douwe Maan authored
      Fix missing Note access checks in by moving Note#search to updated NoteFinder
      
      Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
      
      ## Which fixes are in this MR?
      
       - Potentially untested  
      💣 - No test coverage  
      🚥 - Test coverage of some sort exists (a test failed when error raised)  
      🚦 - Test coverage of return value (a test failed when nil used)  
       - Permissions check tested
      
      ### Note lookup without access check
      
      - [x]  app/finders/notes_finder.rb:13 :download_code check
      - [x]  app/finders/notes_finder.rb:19 `SnippetsFinder`
      - [x]  app/models/note.rb:121 [`Issue#visible_to_user`]
      - [x]  lib/gitlab/project_search_results.rb:113
        - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`.
        - It is only called from SearchController where `can?(current_user, :download_code, @Project)` is checked, so commit comments are not leaked.
      
      ### Previous discussions
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit
      - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used
        - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223
      
      ###  Acceptance criteria met?
      - [x] Tests added for new code
      - [x] TODO comments removed
      - [x] Squashed and removed skipped tests
      - [x] Changelog entry
      - [ ] State Gitlab versions affected and issue severity in description
      - [ ] Create technical debt issue for NotesFinder.
        - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two.
        - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)`
        - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes`
      
      See merge request !2035
      12db4cc0
  18. 09 Dec, 2016 1 commit
  19. 29 Nov, 2016 1 commit
  20. 16 Jun, 2016 2 commits
  21. 14 Jun, 2016 1 commit
  22. 03 Jun, 2016 2 commits
  23. 13 May, 2016 1 commit
  24. 06 May, 2016 1 commit
  25. 18 Nov, 2015 1 commit
  26. 06 Feb, 2015 2 commits
  27. 03 Feb, 2015 1 commit
  28. 02 Jul, 2014 1 commit