delta/gitlab/gitlab-ce.git/app/controllers/dashboard, branch feature/github-edit-path gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'issue_18135' into 'master' 2016-08-19T23:06:30+00:00 Douwe Maan douwe@gitlab.com 2016-08-19T23:06:30+00:00 c620c4057593a726044f9dc1a907149831a54c28 Todos sorting dropdown Implements #18135 ![todos_sorting](/uploads/bff76827c421628134dfb8b864e47c74/todos_sorting.png) - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5691 

Todos sorting dropdown

Implements #18135 

![todos_sorting](/uploads/bff76827c421628134dfb8b864e47c74/todos_sorting.png)  


- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5691
 Todos sorting dropdown 2016-08-19T19:14:20+00:00 Felipe Artur felipefac@gmail.com 2016-07-26T21:21:20+00:00 37bf35f0bcba28e271789542fb8c81a6c77236b6 






Rename TodoService#mark_todos_as_done_by_id{,s}
2016-08-18T15:46:24+00:00

Ahmad Sherif
me@ahmadsherif.com

2016-08-17T19:54:31+00:00

4ad028aed4f792e9a57cc41539312de7ef99d537












Implement TodoService#mark_todos_as_done_by_id
2016-08-18T15:46:24+00:00

Ahmad Sherif
me@ahmadsherif.com

2016-08-16T20:10:37+00:00

548da42be51821951180eacf462d942c11c0c01b

Follow-up on 52b0c26





Follow-up on 52b0c26







Simplify SQL queries of marking a todo as done
2016-08-18T15:46:24+00:00

Ahmad Sherif
me@ahmadsherif.com

2016-08-16T16:55:02+00:00

30654fc9c1afc222ebae5c5367657bd8f6e615b2












Recover usage of Todos counter cache
2016-08-12T16:21:36+00:00

Paco Guzman
pacoguzmanp@gmail.com

2016-08-11T16:39:50+00:00

f8b53ba20b74181a46985b0c7dde742239bd54f8

We’re being kept up to date the counter data but we’re not using it.
The only thing which is not real if is the number of projects that the 
user read changes the number of todos can be stale for some time.

The counters will be sync just after the user receives a new todo or mark any as done




We’re being kept up to date the counter data but we’re not using it.
The only thing which is not real if is the number of projects that the 
user read changes the number of todos can be stale for some time.

The counters will be sync just after the user receives a new todo or mark any as done






Cache todos pending/done dashboard query counts
2016-07-12T16:57:52+00:00

Paco Guzman
pacoguzmanp@gmail.com

2016-07-11T06:10:04+00:00

244134f9c33dea0003dc2403dceace4b94a87d2e












Fix an information disclosure when requesting access to a group containing private projects
2016-06-24T10:01:48+00:00

Rémy Coutable
remy@rymai.me

2016-06-24T10:01:48+00:00

aec3475df94bc9681a723c344f3df05972ebe68c

The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.

Signed-off-by: Rémy Coutable <remy@rymai.me>





The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.

Signed-off-by: Rémy Coutable <remy@rymai.me>







Ensure Todos counters doesn't count Todos for projects pending delete
2016-06-17T19:17:43+00:00

Douglas Barbosa Alexandre
dbalexandre@gmail.com

2016-06-15T02:09:48+00:00

2878c990052f78fae3cde21a1d2cd90dd5a85461












Cache todo counters (pending/done)
2016-06-17T17:04:36+00:00

Paco Guzman
pacoguzmanp@gmail.com

2016-06-02T13:46:58+00:00

f6bfa46daae3a00ca6f74abb6e6eddc9eac96197

- As todos are created/updated inside the TodoService
we repopulate the cache just there for both pending/done todos
- Todos as mark as done from the TodosController we update cache
there too
- All the added methods are kept in the User class for cohesion




- As todos are created/updated inside the TodoService
we repopulate the cache just there for both pending/done todos
- Todos as mark as done from the TodosController we update cache
there too
- All the added methods are kept in the User class for cohesion