1. 05 Jul, 2017 23 commits
    • Sean McGivern's avatar
      Merge branch '2843-fix-transient-failure' into 'master' · 9f72556d
      Sean McGivern authored
      Use trigger(:click) instead of trigger to avoid a weird transient bug
      
      Closes #2843
      
      See merge request !2340
      9f72556d
    • Douwe Maan's avatar
      Merge branch '2302-environment-specific-variables' into 'master' · 9bfeff37
      Douwe Maan authored
      Environment-specific variables
      
      Closes #2302
      
      See merge request !2112
      9bfeff37
    • Douwe Maan's avatar
      Merge branch 'revert-eb2681a6' into 'master' · 0c2aa86f
      Douwe Maan authored
      Revert "Merge branch '18000-remember-me-for-oauth-login-ee' into 'master'"
      
      See merge request !2345
      0c2aa86f
    • Douwe Maan's avatar
      Merge branch 'bvl-license-check-group-webhooks' into 'master' · 784d472e
      Douwe Maan authored
      Add a license check for group-webhooks
      
      Closes #2576
      
      See merge request !2280
      784d472e
    • Sean McGivern's avatar
      Revert "Merge branch '18000-remember-me-for-oauth-login-ee' into 'master'" · 55e6292f
      Sean McGivern authored
      This reverts merge request !2175
      55e6292f
    • Sean McGivern's avatar
      Merge branch 'jej-fix-spec-failure-with-squashing' into 'master' · 2570140b
      Sean McGivern authored
      Fix spec failure for squash in progress error handling
      
      See merge request !2343
      2570140b
    • Annabel Dunstone Gray's avatar
      Merge branch 'new-admin-sidebar-missing-links' into 'master' · 65b23cb4
      Annabel Dunstone Gray authored
      Fixed admin sidebar not showing all options in new navigation
      
      See merge request !2334
      65b23cb4
    • Annabel Dunstone Gray's avatar
      Merge branch 'ee-32838-admin-panel-spacing' into 'master' · 8b9ca74c
      Annabel Dunstone Gray authored
      Port of 32838-admin-panel-spacing to EE
      
      See merge request !2264
      8b9ca74c
    • Annabel Dunstone Gray's avatar
      Merge branch 'sh-geo-node-show-loading-try2' into 'master' · 53d3f8bd
      Annabel Dunstone Gray authored
      Show loading icon when retrieving Geo node status
      
      Closes #1977
      
      See merge request !2309
      53d3f8bd
    • Douwe Maan's avatar
      Merge branch '33580-fix-api-scoping-ee' into 'master' · 4abaf43a
      Douwe Maan authored
      Resolve EE conflicts for "Fix API Scoping"
      
      See merge request !2338
      4abaf43a
    • Toon Claes's avatar
      Put EE group settings nav in separate file · 8b9dde86
      Toon Claes authored
      8b9dde86
    • Bob Van Landuyt's avatar
      Use `check_<feature>_available!` to trigger method missing · 2ef399a5
      Bob Van Landuyt authored
      Similar to how we check project features.
      2ef399a5
    • Bob Van Landuyt's avatar
    • Bob Van Landuyt's avatar
      Add license check for group webhooks · b68de6c7
      Bob Van Landuyt authored
      - Hide the `webhooks` link from the group-settings page
      - All group-webhooks-pages render a 404
      - Don't execute webhooks if the feature is disabled
      b68de6c7
    • Bob Van Landuyt's avatar
      Add `GroupWebhooks`-feature to License · 884117e1
      Bob Van Landuyt authored
      884117e1
    • Sean McGivern's avatar
      Merge branch '18000-remember-me-for-oauth-login-ee' into 'master' · eb2681a6
      Sean McGivern authored
      EE Port: Honor the "Remember me" parameter for OAuth-based login
      
      See merge request !2175
      eb2681a6
    • James Edwards-Jones's avatar
    • Rémy Coutable's avatar
    • Lin Jen-Shin's avatar
      Fix bad conflict resolution · 0bcafc97
      Lin Jen-Shin authored
      0bcafc97
    • Lin Jen-Shin's avatar
      Removed picked changelog entries · 66d9c51a
      Lin Jen-Shin authored
      66d9c51a
    • Lin Jen-Shin's avatar
      Merge remote-tracking branch 'ee/master' into 2302-environment-specific-variables · 236da91d
      Lin Jen-Shin authored
      * ee/master: (25 commits)
        Introduce namespace license checks for Push Rules (EES)
        Use a named subject in `models/ee/board_spec.rb`
        Hide the milestone variable on board when the feature is disabled
        Hide the milestone in the API when the feature is not available
        Don't update milestones on boards if the feature is not available
        Hide editing/creating milestones from the board UI
        Add `issue_board_milestone` feature to license
        Split Projects:Settings::RepositoryController into CE and EE sections
        Refactor Projects::CreateService and specs to make EE-only code clearer
        Fix EE conflicts for "Allow unauthenticated access to the `/api/v4/users` API"
        Introduce namespace license checks for merge request approvers (EES)
        Remove an unnecessary "included do ... end" block in app/models/concerns/approvable.rb
        Raise an error if an unknown feature is passed to stub_licensed_features
        Don't show Issue/MR template Setting if feature not available
        Only set MR description from template when feature available
        Only set issues template from setting if feature available
        Add Issuable Default Template feature to License
        Update CHANGELOG.md for 9.3.4
        Update CHANGELOG-EE.md for 9.3.4-ee
        Hide `Focus mode` on issue boards
        ...
      236da91d
    • Lin Jen-Shin's avatar
      f3c65bc7
    • Timothy Andrew's avatar
      Squashed commit representing changes in gitlab-ce!12300. · 6d0dad64
      Timothy Andrew authored
      - There were conflicting changes in `master` that were fixed in
        94258a65. This made rebasing the commits from gitlab-ce!12300
        problematic, due to conflicts.
      
      - Instead, I squashed all !12300 commits into a single commit, and
        cherry-picked that onto 33580-fix-api-scoping-ee, which resulted
        in this commit.
      
      Original commit messages below
      ==============================
      
      Initial attempt at refactoring API scope declarations.
      
      - Declaring an endpoint's scopes in a `before` block has proved to be
        unreliable. For example, if we're accessing the `API::Users` endpoint - code
        in a `before` block in `API::API` wouldn't be able to see the scopes set in
        `API::Users` since the `API::API` `before` block runs first.
      
      - This commit moves these declarations to the class level, since they don't need
        to change once set.
      
      Allow API scope declarations to be applied conditionally.
      
      - Scope declarations of the form:
      
          allow_access_with_scope :read_user, if: -> (request) { request.get? }
      
        will only apply for `GET` requests
      
      - Add a negative test to a `POST` endpoint in the `users` API to test this. Also
        test for this case in the `AccessTokenValidationService` unit tests.
      
      Test `/users` endpoints for the `read_user` scope.
      
      - Test `GET` endpoints to check that the scope is allowed.
      - Test `POST` endpoints to check that the scope is disallowed.
      - Test both `v3` and `v4` endpoints.
      
      When verifying scopes, manually include scopes from `API::API`.
      
      - They are not included automatically since `API::Users` does not inherit from
        `API::API`, as I initially assumed.
      
      - Scopes declared in `API::API` are considered global (to the API), and need to
        be included in all cases.
      
      Test OAuth token scope verification in the `API::Users` endpoint
      
      Add CHANGELOG entry for CE MR 12300
      
      Fix remaining spec failures for !12300.
      
      1. Get the spec for `lib/gitlab/auth.rb` passing.
      
        - Make the `request` argument to `AccessTokenValidationService` optional -
        `auth.rb` doesn't need to pass in a request.
      
        - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which
        is what `AccessTokenValidationService` now expects.
      
      2. Get the spec for `API::V3::Users` passing
      
      2. Get the spec for `AccessTokenValidationService` passing
      
      Implement review comments from @dbalexandre for !12300.
      
      Implement review comments from @DouweM for !12300.
      
      - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]`
      
      - Refactor the "remove scopes whose :if condition returns false" logic to use a
        `select` rather than a `reject`.
      
      Extract a `Gitlab::Scope` class.
      
      - To represent an authorization scope, such as `api` or `read_user`
      - This is a better abstraction than the hash we were previously using.
      
      `AccessTokenValidationService` accepts `String` or `API::Scope` scopes.
      
      - There's no need to use `API::Scope` for scopes that don't have `if`
        conditions, such as in `lib/gitlab/auth.rb`.
      
      Fix build for !12300.
      
      - The `/users` and `/users/:id` APIs are now accessible without
        authentication (!12445), and so scopes are not relevant for these endpoints.
      
      - Previously, we were testing our scope declaration against these two methods.
        This commit moves these tests to other `GET` user endpoints which still
        require authentication.
      6d0dad64
  2. 04 Jul, 2017 17 commits